diff --git a/vault/config/config.sls b/vault/config/config.sls index 0c3e60e..a238964 100644 --- a/vault/config/config.sls +++ b/vault/config/config.sls @@ -14,4 +14,4 @@ vault-config-config-file-serialize: - mode: 640 - makedirs: True - watch_in: - - vault-service-init-service-running + - service: vault-service-init-service-running diff --git a/vault/defaults.yaml b/vault/defaults.yaml index 5292c68..6680566 100644 --- a/vault/defaults.yaml +++ b/vault/defaults.yaml @@ -9,9 +9,6 @@ vault: self_signed_cert: enabled: False config: - storage: - file: - path: /var/lib/vault/data listener: tcp: address: "0.0.0.0:8200" diff --git a/vault/map.jinja b/vault/map.jinja index d0199e2..8c84916 100644 --- a/vault/map.jinja +++ b/vault/map.jinja @@ -1,9 +1,9 @@ # -*- coding: utf-8 -*- # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent -{% import_yaml "vault/defaults.yaml" as defaults %} -{% import_yaml "vault/osfamilymap.yaml" as osfamilymap %} -{% import_yaml "vault/initfamilymap.yaml" as initfamilymap %} +{% import_yaml "vault/defaults.yaml" or {} as defaults %} +{% import_yaml "vault/osfamilymap.yaml" or {} as osfamilymap %} +{% import_yaml "vault/initfamilymap.yaml" or {} as initfamilymap %} {%- set merged_defaults = salt['grains.filter_by'](defaults, default='vault', diff --git a/vault/package/clean.sls b/vault/package/clean.sls index 9b35503..a31d808 100644 --- a/vault/package/clean.sls +++ b/vault/package/clean.sls @@ -3,6 +3,9 @@ {% from "vault/map.jinja" import vault with context %} +include: + - .gpg.clean + vault-package-clean-file-absent: file.absent: - name: /opt/vault @@ -11,10 +14,6 @@ vault-package-clean-file-absent-data: file.absent: - name: /var/lib/vault -vault-package-clean-cmd-run: - cmd.run: - - name: gpg --batch --yes --delete-key {{ vault.hashicorp_key_id }} - vault-package-clean-user-absent: user.absent: - name: vault diff --git a/vault/package/gpg.sls b/vault/package/gpg.sls deleted file mode 100644 index b34f104..0000000 --- a/vault/package/gpg.sls +++ /dev/null @@ -1,20 +0,0 @@ -# -*- coding: utf-8 -*- -# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent - -{% from "vault/map.jinja" import vault with context %} - -vault-package-gpg-file-managed: - file.managed: - - name: /opt/vault/hashicorp.asc - - contents: | - {{ vault.hashicorp_gpg_key | indent(8) }} - - makedirs: True - -vault-package-gpg-pkg-installed: - pkg.installed: - - name: {{ vault.gpg_pkg }} - -vault-package-gpg-cmd-run: - cmd.run: - - name: gpg --import /opt/vault/hashicorp.asc - - unless: gpg --list-keys {{ vault.hashicorp_key_id }} diff --git a/vault/package/signature.sls b/vault/package/gpg/init.sls similarity index 54% rename from vault/package/signature.sls rename to vault/package/gpg/init.sls index 47a0d17..e5b7000 100644 --- a/vault/package/signature.sls +++ b/vault/package/gpg/init.sls @@ -3,23 +3,39 @@ {% from "vault/map.jinja" import vault with context %} -vault-package-signature-file-managed-checksum: +vault-package-gpg-file-managed: + file.managed: + - name: /opt/vault/hashicorp.asc + - contents: | + {{ vault.hashicorp_gpg_key | indent(8) }} + - makedirs: True + +vault-package-gpg-pkg-installed: + pkg.installed: + - name: {{ vault.gpg_pkg }} + +vault-package-gpg-cmd-run-import: + cmd.run: + - name: gpg --import /opt/vault/hashicorp.asc + - unless: gpg --list-keys {{ vault.hashicorp_key_id }} + +vault-package-gpg-file-managed-checksum: file.managed: - name: /opt/vault/{{ vault.version }}_SHA256SUMS - source: https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS - skip_verify: True - makedirs: True -vault-package-signature-file-managed-signature: +vault-package-gpg-file-managed-signature: file.managed: - name: /opt/vault/{{ vault.version }}_SHA256SUMS.sig - source: https://releases.hashicorp.com/vault/{{ vault.version }}/vault_{{ vault.version }}_SHA256SUMS.sig - skip_verify: True - makedirs: True -vault-package-signature-cmd-run: +vault-package-gpg-cmd-run-verify: cmd.run: - name: gpg --verify /opt/vault/{{ vault.version }}_SHA256SUMS.sig /opt/vault/{{ vault.version }}_SHA256SUMS - onchanges: - - vault-package-signature-file-managed-checksum - - vault-package-signature-file-managed-signature + - file: vault-package-gpg-file-managed-checksum + - file: vault-package-gpg-file-managed-signature diff --git a/vault/package/init.sls b/vault/package/init.sls index 252c4c0..4e8caba 100644 --- a/vault/package/init.sls +++ b/vault/package/init.sls @@ -7,5 +7,4 @@ include: - .install {%- if vault.verify_download %} - .gpg - - .signature {%- endif %} diff --git a/vault/package/install.sls b/vault/package/install.sls index 9da4b8d..ae2e420 100644 --- a/vault/package/install.sls +++ b/vault/package/install.sls @@ -38,4 +38,4 @@ vault-package-install-cmd-run: cmd.run: - name: setcap cap_ipc_lock=+ep /opt/vault/bin/vault - onchanges: - - vault-package-install-archive-extracted + - archive: vault-package-install-archive-extracted diff --git a/vault/service/init.sls b/vault/service/init.sls index 9d95692..61e5835 100644 --- a/vault/service/init.sls +++ b/vault/service/init.sls @@ -14,5 +14,5 @@ vault-service-init-service-running: - name: vault - enable: true - watch: - - vault-package-install-archive-extracted - - vault-service-init-file-managed + - archive: vault-package-install-archive-extracted + - file: vault-service-init-file-managed