You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

37 lines
1.5 KiB

  1. [Unit]
  2. Description=hashicorp vault on rkt
  3. Documentation=https://github.com/hashicorp/vault
  4. Wants=network.target
  5. [Service]
  6. User=root
  7. Restart=on-failure
  8. RestartSec=10s
  9. TimeoutStartSec=5
  10. LimitNOFILE=40000
  11. # Container has the following internal mount points:
  12. # /vault/file/ # File backend storage location
  13. # /vault/logs/ # Log files
  14. ExecStart=/usr/bin/rkt run \
  15. --insecure-options=image \
  16. --volume hosts,kind=host,source=/etc/hosts,readOnly=true \
  17. --mount volume=hosts,target=/etc/hosts \
  18. --volume=volume-vault-file,kind=host,source=/var/lib/vault \
  19. --volume=volume-vault-logs,kind=host,source={{ vault_log_dir }} \
  20. --volume=vault-cert-dir,kind=host,source={{ vault_cert_dir }} \
  21. --mount=volume=vault-cert-dir,target={{ vault_cert_dir }} \
  22. --volume=vault-conf-dir,kind=host,source={{ vault_config_dir }} \
  23. --mount=volume=vault-conf-dir,target={{ vault_config_dir }} \
  24. --volume=vault-secrets-dir,kind=host,source={{ vault_secrets_dir }} \
  25. --mount=volume=vault-secrets-dir,target={{ vault_secrets_dir }} \
  26. --volume=vault-roles-dir,kind=host,source={{ vault_roles_dir }} \
  27. --mount=volume=vault-roles-dir,target={{ vault_roles_dir }} \
  28. --volume=vault-etcd-cert-dir,kind=host,source={{ vault_etcd_cert_dir }} \
  29. --mount=volume=vault-etcd-cert-dir,target={{ vault_etcd_cert_dir }} \
  30. docker://{{ vault_image_repo }}:{{ vault_image_tag }} \
  31. --name={{ vault_container_name }} --net=host \
  32. --caps-retain=CAP_IPC_LOCK \
  33. --exec vault -- server --config={{ vault_config_dir }}/config.json
  34. [Install]
  35. WantedBy=multi-user.target