Skip to content

Commit

Permalink
feat: allow install_from_repo
Browse files Browse the repository at this point in the history
Vault debian repo added as an option
  • Loading branch information
Adrien "ze" Urban committed Apr 8, 2022
1 parent c917cca commit 75eafc1
Show file tree
Hide file tree
Showing 10 changed files with 62 additions and 4 deletions.
6 changes: 6 additions & 0 deletions pillar.example
Original file line number Diff line number Diff line change
Expand Up @@ -143,3 +143,9 @@ vault:
ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg==
=7pIB
-----END PGP PUBLIC KEY BLOCK-----
install_from_repo: false # Set to True to install package rather than extract archive
repo: ... # Might specify a specific repo, if not present in map
repo_key: https://... # Where to find repository key
package: vault # If package would have any other name on your repo
repo_configfile: '/etc/vault.d/vault.hcl' # If using non-default config file
2 changes: 2 additions & 0 deletions vault/config/clean.sls
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
{% from "vault/map.jinja" import vault with context %}

{% if not vault.install_from_repo %}
vault-config-clean-file-absent:
file.absent:
- name: {{ vault.config_path }}/vault
{% endif %}
7 changes: 6 additions & 1 deletion vault/config/config.sls
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,15 @@
# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent

{% from "vault/map.jinja" import vault with context -%}
{% if not vault.install_from_repo %}
{% set configfile = vault.config_path ~ '/vault/conf.d/config.json' %}
{% else %}
{% set configfile = vault.repo_configfile %}
{% endif %}

vault-config-config-file-serialize:
file.serialize:
- name: {{ vault.config_path }}/vault/conf.d/config.json
- name: {{ configfile }}
- encoding: utf-8
- formatter: json
- dataset: {{ vault.config | json }}
Expand Down
3 changes: 3 additions & 0 deletions vault/defaults.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -144,3 +144,6 @@ vault:
ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg==
=7pIB
-----END PGP PUBLIC KEY BLOCK-----
install_from_repo: false
package: vault
4 changes: 4 additions & 0 deletions vault/osfamilymap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
---
Debian:
setcap_pkg: libcap2-bin
repo: "deb [arch={{ grains['osarch'] }}] https://apt.releases.hashicorp.com {{
grains['oscodename'] }} main"
repo_key: "https://apt.releases.hashicorp.com/gpg"
repo_configfile: '/etc/vault.d/vault.hcl'

Suse:
gpg_pkg: gpg2
Expand Down
10 changes: 10 additions & 0 deletions vault/package/clean.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

{% from "vault/map.jinja" import vault with context %}

{% if not vault.install_from_repo %}
include:
- .gpg.clean

Expand All @@ -25,3 +26,12 @@ vault-package-clean-user-absent:
vault-package-clean-group-absent:
group.absent:
- name: vault
{% else %}
vault-package-clean-pkg:
pkg.removed:
- name: {{ vault.package }}

valut-package-clean-repository:
pkgrepo.absent:
- name: {{ vault.repo }}
{% endif %}
2 changes: 1 addition & 1 deletion vault/package/init.sls
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@

include:
- .install
{%- if vault.verify_download %}
{%- if vault.verify_download and not vault.install_from_repo %}
- .gpg
{%- endif %}
21 changes: 20 additions & 1 deletion vault/package/install.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

{% from "vault/map.jinja" import vault with context %}

{% if not vault.install_from_repo %}
vault-package-install-group-present:
group.present:
- name: vault
Expand Down Expand Up @@ -65,7 +66,7 @@ vault-package-install-cmd-run:
- pkg: vault-package-install-pkg-installed
- onchanges:
- archive: vault-package-install-archive-extracted
{% else %}
{% else %}{# FreeBSD #}
vault-package-install-login-file:
file.replace:
- name: /etc/login.conf
Expand All @@ -83,3 +84,21 @@ vault-package-install-cmd-run:
- onchanges:
- file: vault-package-install-login-file
{% endif %}
{% else %}{# From repo #}
vault-package-repository:
pkgrepo.managed:
- name: {{ vault.repo }}
- key_url: {{ vault.repo_key }}
- file: /etc/apt/sources.list.d/vault.list

vault-package-installed:
{% if vault.version == 'latest' %}
pkg.latest:
- name: {{ vault.package }}
{% else %}
pkg.installed:
- pkgs:
- {{ vault.package }}{% if vault.version %}: {{ vault.version }}{% endif %}
{% endif %}

{% endif %}
2 changes: 2 additions & 0 deletions vault/service/clean.sls
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ vault-service-clean-service-dead:
- name: vault
- enable: False

{% if not vault.install_from_repo %}
vault-service-clean-file-absent:
file.absent:
- name: {{ vault.service.path }}
{% endif %}
9 changes: 8 additions & 1 deletion vault/service/init.sls
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

{% from "vault/map.jinja" import vault with context %}

{% if not vault.install_from_repo %}
vault-service-init-file-managed:
file.managed:
- name: {{ vault.service.path }}
Expand All @@ -11,17 +12,23 @@ vault-service-init-file-managed:
{% if grains.os_family == "FreeBSD" %}
- mode: 555
{% endif %}
- watch_in:
- service: vault-service-init-service-running:
{% if grains.get('init', '') == 'upstart' %}
cmd.run:
- name: initctl reload-configuration
- onchanges:
- file: vault-service-init-file-managed
{% endif -%}
{% endif %}

vault-service-init-service-running:
service.running:
- name: vault
- enable: True
- watch:
{% if not vault.install_from_repo %}
- archive: vault-package-install-archive-extracted
- file: vault-service-init-file-managed
{% else %}
- pkg: vault-package-installed
{% endif %}

0 comments on commit 75eafc1

Please sign in to comment.