-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault preferres HCL #18
Comments
I created my own vault module to manage our vault instances at my job, which outputs HCL. I will get a PR started to add HCL output to this module. Some of my code is pretty opinionated, so hopefully, @bastelfreak doesn't mind too much and we can merge the two modules into one. Edit: Did some end-of-the-day work and this is my very rough non-working first pass at merging my work into this module. https://github.com/avitacco/puppet-vault |
It's even worse, I just tried to install, spent 2 hours not understanding why my parameters from the module weren't used -- there is a /etc/vault.d/vault.hcl which is used and the config.json is completely ignored. If you try to delete the vault.hcl file, vault refuses to run: It's /lib/systemd/system/vault.service has a condition to forbid it to run if the hcl file is not present... As is, the puppet-vault module is totally unusable. |
The problem with HCL is that, as far as I know, there's no native way in Ruby nor Puppet to generate it. For JSON, we can just use a Puppet Hash and throw it into
To be fair that's not true. it depends which package you're using. If your source add the condition I suggest to use a systemd::dropin_file that clears If someone has an idea for easy HCL generation I'm happy to talk about it. |
Agreed, my comment was a bit harsh, sorry. Probably a result of the lost time. The source is the debian repo for hashicorp, configured by this module via the hashi_stack module, so nothing fancy here, just the last official source :/ root@vault:~# apt-cache policy vault In order to use the config.json... root@vault:/etc/vault.d# ls -l Commenting out the condition gives:
... aaaand I found out why. I use: Which gives in manifests/config.pp: So... Jan 8 15:59:58 vault (vault)[13955]: vault.service: Failed to locate executable /usr/local/bin/vault: No such file or directory So: Did the final trick. For the HCL, besides a ERB template (like the ntp module), I have no idea. |
This worked for me on RHEL 9 |
Hello,
Hashicorp wants to use HCL instead of JSON for configuration. There is also a comment about this problem also here and I've added to a comment here too.
I had to switch from the Debian package to the Archive method, which is not a problem but it took a bit time, to understand, why it wasn't working. After the switch and getting most parts up and running, I tried to add service registration to Consul, but the JSON wasn't parsed correctly.
It seems, it wasn't fixed correctly, as I still get:
with:
It works, but the message "unknown or unsupported field consul found" is still there. And also the question is .. how to handle the systemd file, when install_method package / repository is used.
cu denny
The text was updated successfully, but these errors were encountered: