Skip to content

Latest commit

 

History

History
543 lines (305 loc) · 12.7 KB

REFERENCE.md

File metadata and controls

543 lines (305 loc) · 12.7 KB

Reference

Table of Contents

Classes

Public Classes

  • vault: install hashicorp vault

Private Classes

  • vault::config: This class is called from vault for service config
  • vault::install
  • vault::params: This class is meant to be called from vault. It sets variables according to platform.
  • vault::service

Classes

vault

Agent specific parameters

Parameters

The following parameters are available in the vault class:

user

Data type: Any

Customise the user vault runs as, will also create the user unless manage_user is false.

Default value: 'vault'

manage_user

Data type: Any

Whether or not the module should create the user.

Default value: true

group

Data type: Any

Customise the group vault runs as, will also create the user unless manage_group is false.

Default value: 'vault'

manage_group

Data type: Any

Whether or not the module should create the group.

Default value: true

bin_dir

Data type: Any

Directory the vault executable will be installed in.

Default value: $vault::params::bin_dir

config_dir

Data type: Any

Directory the vault configuration will be kept in.

Default value: if $install_method == 'repo' and $manage_repo { '/etc/vault.d' } else { '/etc/vault'

config_mode

Data type: Any

Mode of the configuration file (config.json). Defaults to '0750'

Default value: '0750'

purge_config_dir

Data type: Any

Whether the config_dir should be purged before installing the generated config.

Default value: true

download_url

Data type: Any

Manual URL to download the vault zip distribution from.

Default value: undef

download_url_base

Data type: Any

Hashicorp base URL to download vault zip distribution from.

Default value: 'https://releases.hashicorp.com/vault/'

download_extension

Data type: Any

The extension of the vault download

Default value: 'zip'

service_name

Data type: Any

Customise the name of the system service

Default value: 'vault'

service_provider

Data type: Any

Customise the name of the system service provider; this also controls the init configuration files that are installed.

Default value: $facts['service_provider']

service_options

Data type: Any

Extra argument to pass to vault server, as per: vault server --help

Default value: ''

manage_repo

Data type: Boolean

Configure the upstream HashiCorp repository. Only relevant when $nomad::install_method = 'repo'.

Default value: $vault::params::manage_repo

manage_service

Data type: Any

Instruct puppet to manage service or not

Default value: true

num_procs

Data type: Any

Sets the GOMAXPROCS environment variable, to determine how many CPUs Vault can use. The official Vault Terraform install.sh script sets this to the output of nprocs, with the comment, "Make sure to use all our CPUs, because Vault can block a scheduler thread". Default: number of CPUs on the system, retrieved from the processorcount Fact.

Default value: $facts['processors']['count']

api_addr

Data type: Optional[String]

Specifies the address (full URL) to advertise to other Vault servers in the cluster for client redirection. This value is also used for plugin backends. This can also be provided via the environment variable VAULT_API_ADDR. In general this should be set as a full URL that points to the value of the listener address

Default value: undef

version

Data type: Any

The version of Vault to install

Default value: '1.12.0'

mode

Data type: Enum['server', 'agent']

Whether to start vault in 'server' or 'agent' mode

Default value: 'server'

extra_config

Data type: Hash

Hash containing extra configuration options to merge with the generated config

Default value: {}

enable_ui

Data type: Optional[Boolean]

Whether to enable the Vault web UI

Default value: undef

arch

Data type: Any

System architecture for the Vault binary (automatically determined)

Default value: $vault::params::arch

os

Data type: Any

Operating system for the Vault binary (automatically determined)

Default value: downcase($facts['kernel'])

manage_download_dir

Data type: Any

Whether to manage the download directory

Default value: false

download_dir

Data type: Any

Directory where the Vault archive will be downloaded

Default value: '/tmp'

package_ensure

Data type: Any

The state the package should be in (installed, absent, latest)

Default value: 'installed'

package_name

Data type: Any

Name of the Vault package

Default value: 'vault'

install_method

Data type: Any

Installation method: 'archive' or 'repo'

Default value: $vault::params::install_method

manage_file_capabilities

Data type: Any

Whether to manage Linux file capabilities for vault binary

Default value: undef

disable_mlock

Data type: Any

Whether to disable the memory lock capability

Default value: undef

max_lease_ttl

Data type: Optional[String]

Specifies the maximum possible lease duration for tokens and secrets

Default value: undef

default_lease_ttl

Data type: Optional[String]

Specifies the default lease duration for tokens and secrets

Default value: undef

telemetry

Data type: Optional[Hash]

Hash containing Vault telemetry configuration

Default value: undef

disable_cache

Data type: Optional[Boolean]

Disable caching

Default value: undef

seal

Data type: Optional[Hash]

Hash containing seal configuration options

Default value: undef

ha_storage

Data type: Optional[Hash]

Hash containing storage configuration for HA setup

Default value: undef

listener

Data type: Variant[Hash, Array[Hash]]

Hash or Array of hashes containing listener configuration

Default value: { 'tcp' => { 'address' => '127.0.0.1:8200', 'tls_disable' => 1 }, }

manage_storage_dir

Data type: Any

Whether to manage the storage directory

Default value: false

storage

Data type: Hash

Hash containing storage configuration

Default value: { 'file' => { 'path' => '/var/lib/vault' } }

manage_service_file

Data type: Optional[Boolean]

Whether to manage the service file

Default value: $vault::params::manage_service_file

service_ensure

Data type: Any

Desired state of the Vault service (running, stopped)

Default value: 'running'

service_enable

Data type: Any

Whether to enable the Vault service on boot

Default value: true

manage_config_file

Data type: Any

Whether to manage the Vault config file

Default value: true

download_filename

Data type: Any

Filename for the downloaded archive

Default value: 'vault.zip'

manage_config_dir

Data type: Boolean

Whether to manage the configuration directory

Default value: $install_method == 'archive'

agent_vault

Data type: Optional[Hash]

Hash containing Vault server connection configuration for agent mode

Default value: undef

agent_auto_auth

Data type: Optional[Hash]

Hash containing auto-auth configuration for agent mode

Default value: undef

agent_api_proxy

Data type: Optional[Hash]

Hash containing API proxy configuration for agent mode

Default value: undef

agent_cache

Data type: Optional[Hash]

Hash containing cache configuration for agent mode

Default value: undef

agent_listeners

Data type: Optional[Array[Hash]]

Array of hashes containing listener configuration for agent mode

Default value: undef

agent_template

Data type: Optional[Hash]

Hash containing template configuration for agent mode

Default value: undef

agent_template_config

Data type: Optional[Hash]

Hash containing template engine configuration for agent mode

Default value: undef

agent_exec

Data type: Optional[Hash]

Hash containing exec configuration for agent mode

Default value: undef

agent_env_template

Data type: Optional[Hash]

Hash containing environment template configuration for agent mode

Default value: undef

agent_telemetry

Data type: Optional[Hash]

Hash containing telemetry configuration for agent mode

Default value: undef