diff options
author | pmikus <pmikus@cisco.com> | 2021-05-18 13:30:08 +0000 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2021-08-09 11:51:31 +0000 |
commit | 73440ab332c51eb11405767d320bc496d9ebdbe7 (patch) | |
tree | 003e06b7ab75c311009516a9872e77fdb00e47a8 /fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2 | |
parent | bbfe9b5ba82a3998687909a833c2646bccbb6aa6 (diff) |
Infra: Vault
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Ia6e728f98d20144c3771405b32933a77fe15b19b
Diffstat (limited to 'fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2')
-rw-r--r-- | fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2 | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2 b/fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2 new file mode 100644 index 0000000000..5d2ca78b2e --- /dev/null +++ b/fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2 @@ -0,0 +1,30 @@ +[Unit] +Description=Vault +Documentation=https://www.vaultproject.io/docs/ +Requires=network-online.target +After=network-online.target + +[Service] +User={{ vault_user }} +Group={{ vault_group }} +ProtectSystem=full +ProtectHome=read-only +PrivateTmp=yes +PrivateDevices=yes +NoNewPrivileges=yes +ExecReload=/bin/kill -HUP $MAINPID +ExecStart={{ vault_bin_dir }}/vault {{ vault_node_role }} -config={{ vault_config_dir }} +KillMode=process +KillSignal=SIGINT +Restart=on-failure +RestartSec=5 +TimeoutStopSec=30 +StartLimitInterval=60 +StartLimitBurst=3 +LimitNOFILE=524288 +LimitNPROC=524288 +LimitMEMLOCK=infinity +LimitCORE=0 + +[Install] +WantedBy=multi-user.target
\ No newline at end of file |