Update to 2023-07-08 16:00

2025-08-02 06:45:43 +02:00 · 2023-07-08 16:00:11 +02:00
parent f16dd6e98d
commit d87c1bdc89
60 changed files with 708 additions and 439 deletions
--- a/roles/vault_agent/templates/vault-agent.service.j2
+++ b/roles/vault_agent/templates/vault-agent.service.j2
@@ -0,0 +1,49 @@
+[Unit]
+Description="HashiCorp Vault Agent"
+Documentation=https://www.vaultproject.io/docs/
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty={{ vault_agent_root_dir }}/etc/vault-agent.hcl
+StartLimitIntervalSec=60
+StartLimitBurst=6
+Before=consul.service
+Before=nomad.service
+{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}
+PartOf=nomad.service
+{% endif %}
+{% if vault_agent_consul.consul_pki.enabled %}
+PartOf=consul.service
+{% endif %}
+
+[Service]
+Type=notify
+User=root
+Group=root
+SyslogIdentifier=vault-agent
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=yes
+PrivateDevices=yes
+SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE
+NoNewPrivileges=yes
+ExecStart=/usr/local/bin/vault agent -config={{ vault_agent_root_dir }}/etc/
+ExecReload=/bin/kill --signal HUP $MAINPID
+KillMode=process
+KillSignal=SIGINT
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=30
+LimitNOFILE=65536
+LimitMEMLOCK=infinity
+
+[Install]
+WantedBy=multi-user.target
+{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}
+RequiredBy=nomad.service
+{% endif %}
+{% if vault_agent_consul.consul_pki.enabled %}
+RequiredBy=consul.service
+{% endif %}
+