From da78e76d1927f11535fba41b0b7e133db2fe07c4 Mon Sep 17 00:00:00 2001
From: Kazuhiro MUSASHI <simoom634@yahoo.co.jp>
Date: Sun, 13 Mar 2022 14:35:31 +0900
Subject: [PATCH] Deploy `/etc/vault.d/vault.hcl`.

---
 cookbooks/vault/setup.rb                      |  9 ++++++
 .../vault/templates/etc/vault.d/vault.hcl     | 31 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 cookbooks/vault/setup.rb
 create mode 100644 cookbooks/vault/templates/etc/vault.d/vault.hcl

diff --git a/cookbooks/vault/setup.rb b/cookbooks/vault/setup.rb
new file mode 100644
index 0000000..5def717
--- /dev/null
+++ b/cookbooks/vault/setup.rb
@@ -0,0 +1,9 @@
+# Deploy `Vault` server config:
+template '/etc/vault.d/vault.hcl' do
+  owner 'vault'
+  group 'vault'
+  mode '644'
+
+  variables(HOSTNAME: node['vault']['hostname'],  IPADDR: node['vault']['ipaddr'], IPS: node['vault']['ips'])
+end
+
diff --git a/cookbooks/vault/templates/etc/vault.d/vault.hcl b/cookbooks/vault/templates/etc/vault.d/vault.hcl
new file mode 100644
index 0000000..eccbb78
--- /dev/null
+++ b/cookbooks/vault/templates/etc/vault.d/vault.hcl
@@ -0,0 +1,31 @@
+ui = true
+
+disable_mlock = true
+
+# service_registration "consul" {
+#   address = "127.0.0.1:8500"
+#   token = "19149728-ce09-2a72-26b6-d2fc3aeecdd8"
+# }
+
+storage "raft" {
+  path    = "/opt/vault/data"
+  node_id = "<%= @HOSTNAME %>"
+<% @IPS.each do |ip| %>
+  retry_join {
+    leader_api_addr = "http://<%= ip %>:8200"
+  }
+<% end %>
+}
+
+api_addr = "http://<%= @IPADDR %>:8200"
+cluster_addr = "http://<%= @IPADDR %>::8201"
+
+# HTTPS listener
+listener "tcp" {
+  address       = "0.0.0.0:8200"
+  cluster_address = "0.0.0.0:8201"
+
+  tls_disable = true
+  # tls_cert_file = "/opt/vault/tls/tls.crt"
+  # tls_key_file  = "/opt/vault/tls/tls.key"
+}