Skip to content

Latest commit

 

History

History
444 lines (225 loc) · 9.21 KB

REFERENCE.md

File metadata and controls

444 lines (225 loc) · 9.21 KB
Raw

Reference

Table of Contents

Classes

Public Classes

  • vault: install hashicorp vault

Private Classes

  • vault::config: This class is called from vault for service config
  • vault::install
  • vault::params: This class is meant to be called from vault. It sets variables according to platform.
  • vault::service

Classes

vault

install hashicorp vault

Parameters

The following parameters are available in the vault class:

user

Data type: Any

Customise the user vault runs as, will also create the user unless manage_user is false.

Default value: 'vault'

manage_user

Data type: Any

Whether or not the module should create the user.

Default value: true

group

Data type: Any

Customise the group vault runs as, will also create the user unless manage_group is false.

Default value: 'vault'

manage_group

Data type: Any

Whether or not the module should create the group.

Default value: true

bin_dir

Data type: Any

Directory the vault executable will be installed in.

Default value: $vault::params::bin_dir

config_dir

Data type: Any

Directory the vault configuration will be kept in.

Default value: if $install_method == 'repo' and $manage_repo { '/etc/vault.d' } else { '/etc/vault'

config_mode

Data type: Any

Mode of the configuration file (config.json). Defaults to '0750'

Default value: '0750'

purge_config_dir

Data type: Any

Whether the config_dir should be purged before installing the generated config.

Default value: true

download_url

Data type: Any

Manual URL to download the vault zip distribution from.

Default value: undef

download_url_base

Data type: Any

Hashicorp base URL to download vault zip distribution from.

Default value: 'https://releases.hashicorp.com/vault/'

download_extension

Data type: Any

The extension of the vault download

Default value: 'zip'

service_name

Data type: Any

Customise the name of the system service

Default value: 'vault'

service_provider

Data type: Any

Customise the name of the system service provider; this also controls the init configuration files that are installed.

Default value: $facts['service_provider']

service_options

Data type: Any

Extra argument to pass to vault server, as per: vault server --help

Default value: ''

manage_repo

Data type: Boolean

Configure the upstream HashiCorp repository. Only relevant when $nomad::install_method = 'repo'.

Default value: $vault::params::manage_repo

manage_service

Data type: Any

Instruct puppet to manage service or not

Default value: true

num_procs

Data type: Any

Sets the GOMAXPROCS environment variable, to determine how many CPUs Vault can use. The official Vault Terraform install.sh script sets this to the output of nprocs, with the comment, "Make sure to use all our CPUs, because Vault can block a scheduler thread". Default: number of CPUs on the system, retrieved from the processorcount Fact.

Default value: $facts['processors']['count']

api_addr

Data type: Optional[String]

Specifies the address (full URL) to advertise to other Vault servers in the cluster for client redirection. This value is also used for plugin backends. This can also be provided via the environment variable VAULT_API_ADDR. In general this should be set as a full URL that points to the value of the listener address

Default value: undef

version

Data type: Any

The version of Vault to install

Default value: '1.12.0'

extra_config

Data type: Hash

Default value: {}

enable_ui

Data type: Optional[Boolean]

Default value: undef

arch

Data type: Any

Default value: $vault::params::arch

os

Data type: Any

Default value: downcase($facts['kernel'])

manage_download_dir

Data type: Any

Default value: false

download_dir

Data type: Any

Default value: '/tmp'

package_ensure

Data type: Any

Default value: 'installed'

package_name

Data type: Any

Default value: 'vault'

install_method

Data type: Any

Default value: $vault::params::install_method

manage_file_capabilities

Data type: Any

Default value: undef

disable_mlock

Data type: Any

Default value: undef

max_lease_ttl

Data type: Optional[String]

Default value: undef

default_lease_ttl

Data type: Optional[String]

Default value: undef

telemetry

Data type: Optional[Hash]

Default value: undef

disable_cache

Data type: Optional[Boolean]

Default value: undef

seal

Data type: Optional[Hash]

Default value: undef

ha_storage

Data type: Optional[Hash]

Default value: undef

listener

Data type: Variant[Hash, Array[Hash]]

Default value: { 'tcp' => { 'address' => '127.0.0.1:8200', 'tls_disable' => 1 }, }

manage_storage_dir

Data type: Any

Default value: false

storage

Data type: Hash

Default value: { 'file' => { 'path' => '/var/lib/vault' } }

manage_service_file

Data type: Optional[Boolean]

Default value: $vault::params::manage_service_file

service_ensure

Data type: Any

Default value: 'running'

service_enable

Data type: Any

Default value: true

manage_config_file

Data type: Any

Default value: true

download_filename

Data type: Any

Default value: 'vault.zip'

manage_config_dir

Data type: Boolean

enable/disable the directory management. not required for package based installations

Default value: $install_method == 'archive'