request a database and point vault at it
This commit is contained in:
parent
0ba3a38de9
commit
7af993a496
|
@ -1,10 +1,11 @@
|
|||
from charmhelpers.core.hookenv import (
|
||||
config,
|
||||
open_port,
|
||||
)
|
||||
|
||||
from charmhelpers.core.host import (
|
||||
service_start,
|
||||
service_stop,
|
||||
service_restart,
|
||||
)
|
||||
|
||||
from charmhelpers.core.templating import (
|
||||
|
@ -22,10 +23,14 @@ from charms.reactive import (
|
|||
|
||||
@when('snap.installed.vault')
|
||||
@when_not('configured')
|
||||
def configure_vault():
|
||||
render('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', {}, perms=0o644)
|
||||
@when('db.master.available')
|
||||
def configure_vault(psql):
|
||||
context = {
|
||||
'db_conn': psql.master,
|
||||
}
|
||||
render('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', context, perms=0o644)
|
||||
render('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644)
|
||||
service_restart('vault')
|
||||
service_start('vault') # restart seals the vault
|
||||
open_port(8200)
|
||||
set_state('configured')
|
||||
|
||||
|
@ -33,3 +38,9 @@ def configure_vault():
|
|||
@hook('upgrade-charm')
|
||||
def upgrade_charm():
|
||||
remove_state('configured')
|
||||
|
||||
|
||||
@when('db.connected')
|
||||
def request_db(pgsql):
|
||||
pgsql.set_database('vault')
|
||||
|
||||
|
|
|
@ -1,10 +1,15 @@
|
|||
# XXX(pjdc): Fix this before we go live!
|
||||
disable_mlock = true
|
||||
|
||||
storage "inmem" {
|
||||
{%- if db_conn %}
|
||||
storage "postgresql" {
|
||||
connection_url = "{{ db_conn.uri }}"
|
||||
}
|
||||
{%- endif %}
|
||||
|
||||
listener "tcp" {
|
||||
address = "0.0.0.0:8200"
|
||||
tls_disable = 1
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue