kazu634
/
itamae
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Deploy `/etc/vault.d/vault.hcl`.

This commit is contained in:
Kazuhiro MUSASHI 2022-03-13 14:35:31 +09:00
parent 7681522b6b
commit da78e76d19
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cookbooks/vault/setup.rb Normal file
View File

@ -0,0 +1,9 @@
# Deploy `Vault` server config:
template '/etc/vault.d/vault.hcl' do
owner 'vault'
group 'vault'
mode '644'
variables(HOSTNAME: node['vault']['hostname'], IPADDR: node['vault']['ipaddr'], IPS: node['vault']['ips'])
end

31
cookbooks/vault/templates/etc/vault.d/vault.hcl Normal file
View File

@ -0,0 +1,31 @@
ui = true
disable_mlock = true
# service_registration "consul" {
# address = "127.0.0.1:8500"
# token = "19149728-ce09-2a72-26b6-d2fc3aeecdd8"
# }
storage "raft" {
path = "/opt/vault/data"
node_id = "<%= @HOSTNAME %>"
<% @IPS.each do |ip| %>
retry_join {
leader_api_addr = "http://<%= ip %>:8200"
}
<% end %>
}
api_addr = "http://<%= @IPADDR %>:8200"
cluster_addr = "http://<%= @IPADDR %>::8201"
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "0.0.0.0:8201"
tls_disable = true
# tls_cert_file = "/opt/vault/tls/tls.crt"
# tls_key_file = "/opt/vault/tls/tls.key"
}