vault_setup

Sets up Vault with Consul as its secret backend

Module Stats

9,087 downloads

7,030 latest version

4.6 quality score

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

released Jan 6th 2017

This version is compatible with:

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'induja-vault_setup', '0.2.3'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add induja-vault_setup

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install induja-vault_setup --version 0.2.3

Documentation

induja/vault_setup — version 0.2.3 Jan 6th 2017

#vault_config

Description:

This module installs unzip and vault in the node.

This module creates the vault server configuration file with consul secret backend.

This module sets the VAULT_ADDR=http://127.0.0.1:8200 so we can interact with vault without SSL keys.

Pre-requisites:

1) Consul should be installed and up and running in the node that you are trying to test.

2) Proxy is added and is all set.

3) Stahnma/epel module should be installed through r10k control repo or Librarian puppet or manually.

4) puppetlabs/stdlib module should be installed.

Usage:

class { '::vault_setup': 
  vault_binary_file => 'vault_0.6.4_linux_amd64.zip',
  source_file => 'https://releases.hashicorp.com/vault/0.6.4/vault_0.6.4_linux_amd64.zip',
  cdadmin_path => '/opt/cdadmin/bin',
}

Parameters you need to pass for this class:

  $vault_binary_file - The binary file name for vault installation. Default: vault_0.6.4_linux_amd64.zip

  $source_file - source file for vault installation. Default: 'https://releases.hashicorp.com/vault/0.6.4/vault_0.6.4_linux_amd64.zip'

  $cdadmin_path - The path for placing all the executables like vault-config.hcl, unzip_install.sh, vault_0.6.4_linux_amd64.zip, one_time_install. Default: '/opt/cdadmin/bin'

The above mentioned arguments are the defaults.

Things to do after this module is installed:

1) Modify $cdadmin_path/vault-config.hcl to add your consul write ACL token so vault can interact with consul backend.

2) Login to the node that used this module for vault installation

2) export VAULT_ADDR=http://127.0.0.1:8200

3) vault server -config /opt/cdadmin/bin/vault-config.hcl &

4) vault status

This should show that vault is sealed.

5) vault unseal

Enter key1

6) vault unseal

Enter key2

7) vault unseal

Enter key3

8) Now the new node has vault service started and is up and running.

9) If an existing node goes away, this new node automatically gets elected as the vault server in the cluster.

Word of Caution:

This is intended only for dev and test environments, please do not use it on production environment boxes as SSL keys are not configured yet. Use the ssl certs and https when you are production ready and have working certificates for your environments.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started