72 lines
2.3 KiB
Bash
72 lines
2.3 KiB
Bash
#!/usr/bin/env bash
|
|
# -------------------------------------------------------
|
|
# HashiCorp Vault Installation and Configuration Script
|
|
# -------------------------------------------------------
|
|
set -e
|
|
# -------------------------------------------------------
|
|
# 1. Install Vault
|
|
# -------------------------------------------------------
|
|
# yum install -y yum-utils
|
|
# yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
|
|
# yum -y install vault
|
|
# echo "[+] Vault installed successfully."
|
|
# -------------------------------------------------------
|
|
# 2. Create directories and set permissions
|
|
# -------------------------------------------------------
|
|
useradd --system --home /opt/vault --shell /bin/false vault
|
|
mkdir -p /opt/vault/data
|
|
chown -R vault:vault /opt/vault
|
|
mkdir -p /etc/vault
|
|
chown -R vault:vault /etc/vault
|
|
echo "[+] Directories and permissions set."
|
|
# -------------------------------------------------------
|
|
# 3. Create Vault configuration file
|
|
# -------------------------------------------------------
|
|
cat > /etc/vault/config.hcl <<'EOF'
|
|
storage "file" {
|
|
path = "/opt/vault/data"
|
|
}
|
|
|
|
listener "tcp" {
|
|
address = "127.0.0.1:8200"
|
|
tls_disable = 1
|
|
}
|
|
|
|
disable_mlock = true
|
|
ui = true
|
|
EOF
|
|
|
|
echo "[+] Vault configuration file created at /etc/vault/config.hcl."
|
|
# -------------------------------------------------------
|
|
# 4. Create systemd service file
|
|
# -------------------------------------------------------
|
|
cat > /etc/systemd/system/vault.service <<'EOF'
|
|
[Unit]
|
|
Description=HashiCorp Vault
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
User=vault
|
|
Group=vault
|
|
ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl
|
|
Restart=on-failure
|
|
LimitNOFILE=65536
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
echo "[+] Vault systemd service file created at /etc/systemd/system/vault.service."
|
|
# -------------------------------------------------------
|
|
# 5. Enable and start Vault service
|
|
# -------------------------------------------------------
|
|
restorecon -v /usr/bin/vault
|
|
systemctl daemon-reload
|
|
systemctl enable vault
|
|
systemctl start vault
|
|
echo "[+] Vault service started and enabled."
|
|
# -------------------------------------------------------
|
|
# 6. Final status
|
|
# -------------------------------------------------------
|
|
systemctl --no-pager status vault | grep "Active:" || echo "[+] Vault service may need manual check." |