Puppet Class: vault

Inherits:
vault::params
Defined in:
manifests/init.pp

Summary

install hashicorp vault

Overview

Parameters:

  • user (Any) (defaults to: 'vault')

    Customise the user vault runs as, will also create the user unless ‘manage_user` is false.

  • manage_user (Any) (defaults to: true)

    Whether or not the module should create the user.

  • group (Any) (defaults to: 'vault')

    Customise the group vault runs as, will also create the user unless ‘manage_group` is false.

  • manage_group (Any) (defaults to: true)

    Whether or not the module should create the group.

  • bin_dir (Any) (defaults to: $vault::params::bin_dir)

    Directory the vault executable will be installed in.

  • config_dir (Any) (defaults to: if $install_method == 'repo' and $manage_repo { '/etc/vault.d' } else { '/etc/vault')

    Directory the vault configuration will be kept in.

  • config_mode (Any) (defaults to: '0750')

    Mode of the configuration file (config.json). Defaults to ‘0750’

  • purge_config_dir (Any) (defaults to: true)

    Whether the ‘config_dir` should be purged before installing the generated config.

  • download_url (Any) (defaults to: undef)

    Manual URL to download the vault zip distribution from.

  • download_url_base (Any) (defaults to: 'https://releases.hashicorp.com/vault/')

    Hashicorp base URL to download vault zip distribution from.

  • download_extension (Any) (defaults to: 'zip')

    The extension of the vault download

  • service_name (Any) (defaults to: 'vault')

    Customise the name of the system service

  • service_provider (Any) (defaults to: $facts['service_provider'])

    Customise the name of the system service provider; this also controls the init configuration files that are installed.

  • service_options (Any) (defaults to: '')

    Extra argument to pass to ‘vault server`, as per: `vault server –help`

  • manage_repo (Boolean) (defaults to: $vault::params::manage_repo)

    Configure the upstream HashiCorp repository. Only relevant when $nomad::install_method = ‘repo’.

  • manage_service (Any) (defaults to: true)

    Instruct puppet to manage service or not

  • num_procs (Any) (defaults to: $facts['processors']['count'])

    Sets the GOMAXPROCS environment variable, to determine how many CPUs Vault can use. The official Vault Terraform install.sh script sets this to the output of “nprocs“, with the comment, “Make sure to use all our CPUs, because Vault can block a scheduler thread”. Default: number of CPUs on the system, retrieved from the “processorcount“ Fact.

  • api_addr (Optional[String]) (defaults to: undef)

    Specifies the address (full URL) to advertise to other Vault servers in the cluster for client redirection. This value is also used for plugin backends. This can also be provided via the environment variable VAULT_API_ADDR. In general this should be set as a full URL that points to the value of the listener address

  • version (Any) (defaults to: '1.12.0')

    The version of Vault to install

  • extra_config (Hash) (defaults to: {})
  • enable_ui (Optional[Boolean]) (defaults to: undef)
  • arch (Any) (defaults to: $vault::params::arch)
  • os (Any) (defaults to: downcase($facts['kernel']))
  • manage_download_dir (Any) (defaults to: false)
  • download_dir (Any) (defaults to: '/tmp')
  • package_ensure (Any) (defaults to: 'installed')
  • package_name (Any) (defaults to: 'vault')
  • install_method (Any) (defaults to: $vault::params::install_method)
  • manage_file_capabilities (Any) (defaults to: undef)
  • disable_mlock (Any) (defaults to: undef)
  • max_lease_ttl (Optional[String]) (defaults to: undef)
  • default_lease_ttl (Optional[String]) (defaults to: undef)
  • telemetry (Optional[Hash]) (defaults to: undef)
  • disable_cache (Optional[Boolean]) (defaults to: undef)
  • seal (Optional[Hash]) (defaults to: undef)
  • ha_storage (Optional[Hash]) (defaults to: undef)
  • listener (Variant[Hash, Array[Hash]]) (defaults to: { 'tcp' => { 'address' => '127.0.0.1:8200', 'tls_disable' => 1 }, })
  • manage_storage_dir (Any) (defaults to: false)
  • storage (Hash) (defaults to: { 'file' => { 'path' => '/var/lib/vault' } })
  • manage_service_file (Optional[Boolean]) (defaults to: $vault::params::manage_service_file)
  • service_ensure (Any) (defaults to: 'running')
  • service_enable (Any) (defaults to: true)
  • manage_config_file (Any) (defaults to: true)
  • download_filename (Any) (defaults to: 'vault.zip')
  • manage_config_dir (Boolean) (defaults to: $install_method == 'archive')

    enable/disable the directory management. not required for package based installations



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
 
# File 'manifests/init.pp', line 79

class vault (
  $user                                = 'vault',
  $manage_user                         = true,
  $group                               = 'vault',
  $manage_group                        = true,
  $bin_dir                             = $vault::params::bin_dir,
  $manage_config_file                  = true,
  $config_mode                         = '0750',
  $purge_config_dir                    = true,
  $download_url                        = undef,
  $download_url_base                   = 'https://releases.hashicorp.com/vault/',
  $download_extension                  = 'zip',
  $service_name                        = 'vault',
  $service_enable                      = true,
  $service_ensure                      = 'running',
  $service_provider                    = $facts['service_provider'],
  Boolean $manage_repo                 = $vault::params::manage_repo,
  $manage_service                      = true,
  Optional[Boolean] $manage_service_file = $vault::params::manage_service_file,
  Hash $storage                        = { 'file' => { 'path' => '/var/lib/vault' } },
  $manage_storage_dir                  = false,
  Variant[Hash, Array[Hash]] $listener = { 'tcp' => { 'address' => '127.0.0.1:8200', 'tls_disable' => 1 }, },
  Optional[Hash] $ha_storage           = undef,
  Optional[Hash] $seal                 = undef,
  Optional[Boolean] $disable_cache     = undef,
  Optional[Hash] $telemetry            = undef,
  Optional[String] $default_lease_ttl  = undef,
  Optional[String] $max_lease_ttl      = undef,
  $disable_mlock                       = undef,
  $manage_file_capabilities            = undef,
  $service_options                     = '',
  $num_procs                           = $facts['processors']['count'],
  $install_method                      = $vault::params::install_method,
  $config_dir                          = if $install_method == 'repo' and $manage_repo { '/etc/vault.d' } else { '/etc/vault' },
  $package_name                        = 'vault',
  $package_ensure                      = 'installed',
  $download_dir                        = '/tmp',
  $manage_download_dir                 = false,
  $download_filename                   = 'vault.zip',
  $version                             = '1.12.0',
  $os                                  = downcase($facts['kernel']),
  $arch                                = $vault::params::arch,
  Optional[Boolean] $enable_ui         = undef,
  Optional[String] $api_addr           = undef,
  Hash $extra_config                   = {},
  Boolean $manage_config_dir           = $install_method == 'archive',
) inherits vault::params {
  # lint:ignore:140chars
  $real_download_url = pick($download_url, "${download_url_base}${version}/${package_name}_${version}_${os}_${arch}.${download_extension}")
  # lint:endignore

  contain vault::install
  contain vault::config
  contain vault::service

  Class['vault::install'] -> Class['vault::config']
  Class['vault::config'] ~> Class['vault::service']
}