4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
# File 'manifests/install.pp', line 4
class vault::install {
assert_private()
$vault_bin = "${vault::bin_dir}/vault"
case $vault::install_method {
'archive': {
if $vault::manage_download_dir {
file { $vault::download_dir:
ensure => directory,
}
}
archive { "${vault::download_dir}/${vault::download_filename}":
ensure => present,
extract => true,
extract_path => $vault::bin_dir,
source => $vault::real_download_url,
cleanup => true,
creates => $vault_bin,
before => File['vault_binary'],
}
$_manage_file_capabilities = true
}
'repo': {
if $vault::manage_repo {
include hashi_stack::repo
Class['hashi_stack::repo'] -> Package[$vault::package_name]
}
package { $vault::package_name:
ensure => $vault::package_ensure,
}
$_manage_file_capabilities = false
}
default: {
fail("Installation method ${vault::install_method} not supported")
}
}
file { 'vault_binary':
path => $vault_bin,
owner => 'root',
group => 'root',
mode => '0755',
}
if !$vault::disable_mlock and pick($vault::manage_file_capabilities, $_manage_file_capabilities) {
file_capability { 'vault_binary_capability':
ensure => present,
file => $vault_bin,
capability => 'cap_ipc_lock=ep',
subscribe => File['vault_binary'],
}
if $vault::install_method == 'repo' {
Package['vault'] ~> File_capability['vault_binary_capability']
}
}
if $vault::manage_user {
user { $vault::user:
ensure => present,
}
if $vault::manage_group {
Group[$vault::group] -> User[$vault::user]
}
}
if $vault::manage_group {
group { $vault::group:
ensure => present,
}
}
}
|