admin/NewSmoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added helper scrip for vault installation in dev env

Browse Source
This commit is contained in:
tdv
2025-10-30 16:54:22 +02:00
parent e92194f739
commit d0cece3001
4 changed files with 96 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
certs/vault_install.sh Normal file
View File

@@ -0,0 +1,72 @@
#!/usr/bin/env bash
# -------------------------------------------------------
# HashiCorp Vault Installation and Configuration Script
# -------------------------------------------------------
set -e
# -------------------------------------------------------
# 1. Install Vault
# -------------------------------------------------------
# yum install -y yum-utils
# yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
# yum -y install vault
# echo "[+] Vault installed successfully."
# -------------------------------------------------------
# 2. Create directories and set permissions
# -------------------------------------------------------
useradd --system --home /opt/vault --shell /bin/false vault
mkdir -p /opt/vault/data
chown -R vault:vault /opt/vault
mkdir -p /etc/vault
chown -R vault:vault /etc/vault
echo "[+] Directories and permissions set."
# -------------------------------------------------------
# 3. Create Vault configuration file
# -------------------------------------------------------
cat > /etc/vault/config.hcl <<'EOF'
storage "file" {
path = "/opt/vault/data"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
disable_mlock = true
ui = true
EOF
echo "[+] Vault configuration file created at /etc/vault/config.hcl."
# -------------------------------------------------------
# 4. Create systemd service file
# -------------------------------------------------------
cat > /etc/systemd/system/vault.service <<'EOF'
[Unit]
Description=HashiCorp Vault
After=network-online.target
Wants=network-online.target
[Service]
User=vault
Group=vault
ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
echo "[+] Vault systemd service file created at /etc/systemd/system/vault.service."
# -------------------------------------------------------
# 5. Enable and start Vault service
# -------------------------------------------------------
restorecon -v /usr/bin/vault
systemctl daemon-reload
systemctl enable vault
systemctl start vault
echo "[+] Vault service started and enabled."
# -------------------------------------------------------
# 6. Final status
# -------------------------------------------------------
systemctl --no-pager status vault | grep "Active:" || echo "[+] Vault service may need manual check."