From da78e76d1927f11535fba41b0b7e133db2fe07c4 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 13 Mar 2022 14:35:31 +0900 Subject: [PATCH] Deploy `/etc/vault.d/vault.hcl`. --- cookbooks/vault/setup.rb | 9 ++++++ .../vault/templates/etc/vault.d/vault.hcl | 31 +++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 cookbooks/vault/setup.rb create mode 100644 cookbooks/vault/templates/etc/vault.d/vault.hcl diff --git a/cookbooks/vault/setup.rb b/cookbooks/vault/setup.rb new file mode 100644 index 0000000..5def717 --- /dev/null +++ b/cookbooks/vault/setup.rb @@ -0,0 +1,9 @@ +# Deploy `Vault` server config: +template '/etc/vault.d/vault.hcl' do + owner 'vault' + group 'vault' + mode '644' + + variables(HOSTNAME: node['vault']['hostname'], IPADDR: node['vault']['ipaddr'], IPS: node['vault']['ips']) +end + diff --git a/cookbooks/vault/templates/etc/vault.d/vault.hcl b/cookbooks/vault/templates/etc/vault.d/vault.hcl new file mode 100644 index 0000000..eccbb78 --- /dev/null +++ b/cookbooks/vault/templates/etc/vault.d/vault.hcl @@ -0,0 +1,31 @@ +ui = true + +disable_mlock = true + +# service_registration "consul" { +# address = "127.0.0.1:8500" +# token = "19149728-ce09-2a72-26b6-d2fc3aeecdd8" +# } + +storage "raft" { + path = "/opt/vault/data" + node_id = "<%= @HOSTNAME %>" +<% @IPS.each do |ip| %> + retry_join { + leader_api_addr = "http://<%= ip %>:8200" + } +<% end %> +} + +api_addr = "http://<%= @IPADDR %>:8200" +cluster_addr = "http://<%= @IPADDR %>::8201" + +# HTTPS listener +listener "tcp" { + address = "0.0.0.0:8200" + cluster_address = "0.0.0.0:8201" + + tls_disable = true + # tls_cert_file = "/opt/vault/tls/tls.crt" + # tls_key_file = "/opt/vault/tls/tls.key" +}