|
|
[Unit]Description=hashicorp vault on rktDocumentation=https://github.com/hashicorp/vaultWants=network.target
[Service]User=rootRestart=on-failureRestartSec=10sTimeoutStartSec=5LimitNOFILE=40000# Container has the following internal mount points:# /vault/file/ # File backend storage location# /vault/logs/ # Log filesExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/vault.uuid
ExecStart=/usr/bin/rkt run \ --insecure-options=image \ --volume hosts,kind=host,source=/etc/hosts,readOnly=true \ --mount volume=hosts,target=/etc/hosts \ --volume=volume-vault-file,kind=host,source=/var/lib/vault \ --volume=volume-vault-logs,kind=host,source={{ vault_log_dir }} \ --volume=vault-cert-dir,kind=host,source={{ vault_cert_dir }} \ --mount=volume=vault-cert-dir,target={{ vault_cert_dir }} \ --volume=vault-conf-dir,kind=host,source={{ vault_config_dir }} \ --mount=volume=vault-conf-dir,target={{ vault_config_dir }} \ --volume=vault-secrets-dir,kind=host,source={{ vault_secrets_dir }} \ --mount=volume=vault-secrets-dir,target={{ vault_secrets_dir }} \ --volume=vault-roles-dir,kind=host,source={{ vault_roles_dir }} \ --mount=volume=vault-roles-dir,target={{ vault_roles_dir }} \ --volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }} \ --mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \ docker://{{ vault_image_repo }}:{{ vault_image_tag }} \ --uuid-file-save=/var/run/vault.uuid \ --name={{ vault_container_name }} \ --net=host \ --caps-retain=CAP_IPC_LOCK \ --exec vault -- \ server \ --config={{ vault_config_dir }}/config.json
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/vault.uuid
[Install]WantedBy=multi-user.target
|
