diff --git a/pillar.example b/pillar.example index d7c7f03..1f73a75 100644 --- a/pillar.example +++ b/pillar.example @@ -143,3 +143,9 @@ vault: ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg== =7pIB -----END PGP PUBLIC KEY BLOCK----- + + install_from_repo: false # Set to True to install package rather than extract archive + repo: ... # Might specify a specific repo, if not present in map + repo_key: https://... # Where to find repository key + package: vault # If package would have any other name on your repo + repo_configfile: '/etc/vault.d/vault.hcl' # If using non-default config file diff --git a/vault/config/clean.sls b/vault/config/clean.sls index 2504eb4..ff566f7 100644 --- a/vault/config/clean.sls +++ b/vault/config/clean.sls @@ -2,6 +2,8 @@ # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent {% from "vault/map.jinja" import vault with context %} +{% if not vault.install_from_repo %} vault-config-clean-file-absent: file.absent: - name: {{ vault.config_path }}/vault +{% endif %} diff --git a/vault/config/config.sls b/vault/config/config.sls index 9a8875e..a4ecf32 100644 --- a/vault/config/config.sls +++ b/vault/config/config.sls @@ -2,10 +2,15 @@ # vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent {% from "vault/map.jinja" import vault with context -%} +{% if not vault.install_from_repo %} +{% set configfile = vault.config_path ~ '/vault/conf.d/config.json' %} +{% else %} +{% set configfile = vault.repo_configfile %} +{% endif %} vault-config-config-file-serialize: file.serialize: - - name: {{ vault.config_path }}/vault/conf.d/config.json + - name: {{ configfile }} - encoding: utf-8 - formatter: json - dataset: {{ vault.config | json }} diff --git a/vault/defaults.yaml b/vault/defaults.yaml index 2205bcc..af81d8c 100644 --- a/vault/defaults.yaml +++ b/vault/defaults.yaml @@ -144,3 +144,6 @@ vault: ZF5q4h4I33PSGDdSvGXn9UMY5Isjpg== =7pIB -----END PGP PUBLIC KEY BLOCK----- + + install_from_repo: false + package: vault diff --git a/vault/osfamilymap.yaml b/vault/osfamilymap.yaml index e43aa9f..c7d34f8 100644 --- a/vault/osfamilymap.yaml +++ b/vault/osfamilymap.yaml @@ -3,6 +3,10 @@ --- Debian: setcap_pkg: libcap2-bin + repo: "deb [arch={{ grains['osarch'] }}] https://apt.releases.hashicorp.com {{ + grains['oscodename'] }} main" + repo_key: "https://apt.releases.hashicorp.com/gpg" + repo_configfile: '/etc/vault.d/vault.hcl' Suse: gpg_pkg: gpg2 diff --git a/vault/package/clean.sls b/vault/package/clean.sls index 4bdf556..6845468 100644 --- a/vault/package/clean.sls +++ b/vault/package/clean.sls @@ -3,6 +3,7 @@ {% from "vault/map.jinja" import vault with context %} +{% if not vault.install_from_repo %} include: - .gpg.clean @@ -25,3 +26,12 @@ vault-package-clean-user-absent: vault-package-clean-group-absent: group.absent: - name: vault +{% else %} +vault-package-clean-pkg: + pkg.removed: + - name: {{ vault.package }} + +valut-package-clean-repository: + pkgrepo.absent: + - name: {{ vault.repo }} +{% endif %} diff --git a/vault/package/init.sls b/vault/package/init.sls index 4e8caba..650fbc0 100644 --- a/vault/package/init.sls +++ b/vault/package/init.sls @@ -5,6 +5,6 @@ include: - .install - {%- if vault.verify_download %} + {%- if vault.verify_download and not vault.install_from_repo %} - .gpg {%- endif %} diff --git a/vault/package/install.sls b/vault/package/install.sls index 384340a..b3eb7f5 100644 --- a/vault/package/install.sls +++ b/vault/package/install.sls @@ -3,6 +3,7 @@ {% from "vault/map.jinja" import vault with context %} +{% if not vault.install_from_repo %} vault-package-install-group-present: group.present: - name: vault @@ -65,7 +66,7 @@ vault-package-install-cmd-run: - pkg: vault-package-install-pkg-installed - onchanges: - archive: vault-package-install-archive-extracted -{% else %} +{% else %}{# FreeBSD #} vault-package-install-login-file: file.replace: - name: /etc/login.conf @@ -83,3 +84,21 @@ vault-package-install-cmd-run: - onchanges: - file: vault-package-install-login-file {% endif %} +{% else %}{# From repo #} +vault-package-repository: + pkgrepo.managed: + - name: {{ vault.repo }} + - key_url: {{ vault.repo_key }} + - file: /etc/apt/sources.list.d/vault.list + +vault-package-installed: +{% if vault.version == 'latest' %} + pkg.latest: + - name: {{ vault.package }} +{% else %} + pkg.installed: + - pkgs: + - {{ vault.package }}{% if vault.version %}: {{ vault.version }}{% endif %} +{% endif %} + +{% endif %} diff --git a/vault/service/clean.sls b/vault/service/clean.sls index 8d8a033..ad2707a 100644 --- a/vault/service/clean.sls +++ b/vault/service/clean.sls @@ -8,6 +8,8 @@ vault-service-clean-service-dead: - name: vault - enable: False +{% if not vault.install_from_repo %} vault-service-clean-file-absent: file.absent: - name: {{ vault.service.path }} +{% endif %} diff --git a/vault/service/init.sls b/vault/service/init.sls index bcb2984..de9ddbf 100644 --- a/vault/service/init.sls +++ b/vault/service/init.sls @@ -3,6 +3,7 @@ {% from "vault/map.jinja" import vault with context %} +{% if not vault.install_from_repo %} vault-service-init-file-managed: file.managed: - name: {{ vault.service.path }} @@ -11,17 +12,23 @@ vault-service-init-file-managed: {% if grains.os_family == "FreeBSD" %} - mode: 555 {% endif %} + - watch_in: + - service: vault-service-init-service-running: {% if grains.get('init', '') == 'upstart' %} cmd.run: - name: initctl reload-configuration - onchanges: - file: vault-service-init-file-managed {% endif -%} +{% endif %} vault-service-init-service-running: service.running: - name: vault - enable: True - watch: +{% if not vault.install_from_repo %} - archive: vault-package-install-archive-extracted - - file: vault-service-init-file-managed +{% else %} + - pkg: vault-package-installed +{% endif %}