Skip to content

Commit

Permalink
feat(freebsd): add FreeBSD support
Browse files Browse the repository at this point in the history
  • Loading branch information
@myii
Julien LEVIEIL authored and myii committed Mar 23, 2022
1 parent 52eec77 commit 946e2d0
Show file tree
Hide file tree
Showing 10 changed files with 128 additions and 7 deletions.
3 changes: 2 additions & 1 deletion vault/config/clean.sls
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# -*- coding: utf-8 -*-
# vim: ft=sls syntax=yaml softtabstop=2 tabstop=2 shiftwidth=2 expandtab autoindent
{% from "vault/map.jinja" import vault with context %}

vault-config-clean-file-absent:
file.absent:
- name: /etc/vault
- name: {{ vault.config_path }}/vault
2 changes: 1 addition & 1 deletion vault/config/config.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

vault-config-config-file-serialize:
file.serialize:
- name: /etc/vault/conf.d/config.json
- name: {{ vault.config_path }}/vault/conf.d/config.json
- encoding: utf-8
- formatter: json
- dataset: {{ vault.config | json }}
Expand Down
4 changes: 2 additions & 2 deletions vault/config/self-sign.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ vault-config-self-signed-cmd-script:
- source: salt://vault/files/cert-gen.sh.j2
- template: jinja
- args: {{ vault.self_signed_cert.hostname }} {{ vault.self_signed_cert.password }}
- cwd: /etc/vault
- creates: /etc/vault/{{ vault.self_signed_cert.hostname }}.pem
- cwd: {{ vault.config_path }}/vault
- creates: {{ vault.config_path }}/vault/{{ vault.self_signed_cert.hostname }}.pem
1 change: 1 addition & 0 deletions vault/defaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ vault:
verify_download: true
self_signed_cert:
enabled: false
config_path: /etc
config:
listener:
tcp:
Expand Down
2 changes: 1 addition & 1 deletion vault/files/vault.conf.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ script
{%- if vault.dev_mode %}
-dev \
{% else %}
-config="/etc/vault/conf.d/config.json" \
-config="{{ vault.config_path }}/vault/conf.d/config.json" \
{% endif -%}
>>/var/log/vault.log 2>&1
end script
89 changes: 89 additions & 0 deletions vault/files/vault.service.fbsd.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
{% from "vault/map.jinja" import vault with context -%}
#!/bin/sh

# PROVIDE: vault
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# vault_enable (bool):boolSet it to YES to enable vault.
#toDefault is "NO".
# vault_user (user):userSet user to run vault.
#toDefault is "vault".
# vault_group (group):groupSet group to run vault.
#toDefault is "vault".
# vault_config (dir):dirSet vault config file.
#vaultDefault is "/usr/local/etc/vault/conf.d/vault.json".
# vault_syslog_output_enable (bool):boolSet to enable syslog output.
#boolSetDefault is "NO". See daemon(8).
# vault_syslog_output_priority (str):strSet syslog priority if syslog enabled.
#strSetDefault is "info". See daemon(8).
# vault_syslog_output_facility (str):strSet syslog facility if syslog enabled.
#strSetDefault is "daemon". See daemon(8).

. /etc/rc.subr

name=vault
rcvar=vault_enable

load_rc_config $name

: ${vault_enable:="NO"}
: ${vault_user:="vault"}
: ${vault_group:="vault"}
: ${vault_config:="{{ vault.config_path }}/vault/conf.d/config.json"}
: ${vault_env:="HOME=/var/lib/vault"}

DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?)
if [ ${DAEMON} -eq 0 ]; then
: ${vault_syslog_output_enable:="NO"}
: ${vault_syslog_output_priority:="info"}
: ${vault_syslog_output_facility:="daemon"}
if checkyesno vault_syslog_output_enable; then
vault_syslog_output_flags="-t ${name} -T ${name}"

if [ -n "${vault_syslog_output_priority}" ]; then
vault_syslog_output_flags="${vault_syslog_output_flags} -s ${vault_syslog_output_priority}"
fi

if [ -n "${vault_syslog_output_facility}" ]; then
vault_syslog_output_flags="${vault_syslog_output_flags} -l ${vault_syslog_output_facility}"
fi
fi
else
vault_syslog_output_enable="NO"
vault_syslog_output_flags=""
fi

pidfile=/var/run/vault.pid
procname="/usr/local/bin/vault"
command="/usr/sbin/daemon"
command_args="-f ${vault_syslog_output_flags} -p ${pidfile} /usr/bin/env ${vault_env} ${procname} server {% if vault.dev_mode %} -dev {% else %} -config=${vault_config} {% endif %}"

extra_commands="reload monitor"
monitor_cmd=vault_monitor
start_precmd=vault_startprecmd
{% if not vault.dev_mode %}
required_files="$vault_config"
{% endif %}

vault_monitor()
{
sig_reload=USR1
run_rc_command "reload"
}

vault_startprecmd()
{
if [ ! -e ${pidfile} ]; then
install -o ${vault_user} -g ${vault_group} /dev/null ${pidfile};
fi

if [ ! -d ${vault_dir} ]; then
install -d -o ${vault_user} -g ${vault_group} ${vault_dir}
fi
}

run_rc_command "$1"
2 changes: 1 addition & 1 deletion vault/files/vault.service.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ After=network-online.target
User=vault
Group=vault
PIDFile=/var/run/vault/vault.pid
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %} -dev {% else %} -config=/etc/vault/conf.d {% endif %}
ExecStart=/usr/local/bin/vault server {% if vault.dev_mode %} -dev {% else %} -config={{ vault.config_path }}/vault/conf.d {% endif %}
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
KillSignal=SIGTERM
Expand Down
8 changes: 8 additions & 0 deletions vault/osfamilymap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,11 @@ Arch:

MacOS:
platform: darwin_amd64

FreeBSD:
gpg_pkg: gnupg
platform: freebsd_amd64
config_path: /usr/local/etc
service:
path: /usr/local/etc/rc.d/vault
source: salt://vault/files/vault.service.fbsd.j2
19 changes: 19 additions & 0 deletions vault/package/install.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ vault-package-install-file-symlink:
- target: /opt/vault/bin/vault
- force: true

{% if grains['os_family'] != "FreeBSD" %}
vault-package-install-pkg-installed:
pkg.installed:
- name: {{ vault.setcap_pkg }}
Expand All @@ -64,3 +65,21 @@ vault-package-install-cmd-run:
- pkg: vault-package-install-pkg-installed
- onchanges:
- archive: vault-package-install-archive-extracted
{% else %}
vault-package-install-login-file:
file.replace:
- name: /etc/login.conf
- pattern: |
^daemon:\\(?:\n|\r\n?)(.+)$(?:\n|\r\n?)^(\t):tc=default:
- flags: ['MULTILINE']
- repl: |
daemon:\\
\t:memorylocked=256M:\\
\t:tc=default:
vault-package-install-cmd-run:
cmd.run:
- name: cap_mkdb /etc/login.conf
- onchanges:
- file: vault-package-install-login-file
{% endif %}
5 changes: 4 additions & 1 deletion vault/service/init.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ vault-service-init-file-managed:
- name: {{ vault.service.path }}
- source: {{ vault.service.source }}
- template: jinja
{% if grains.init == 'upstart' %}
{% if grains.os_family == "FreeBSD" %}
- mode: 555
{% endif %}
{% if grains.get('init', '') == 'upstart' %}
cmd.run:
- name: initctl reload-configuration
- onchanges:
Expand Down

0 comments on commit 946e2d0

Please sign in to comment.