Infra: Vault

Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: Ia6e728f98d20144c3771405b32933a77fe15b19b
author: pmikus <pmikus@cisco.com> 2021-05-18 13:30:08 +0000
committer: Peter Mikus <pmikus@cisco.com> 2021-08-09 11:51:31 +0000
commit: 73440ab332c51eb11405767d320bc496d9ebdbe7 (patch)
tree: 003e06b7ab75c311009516a9872e77fdb00e47a8 /fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2
parent: bbfe9b5ba82a3998687909a833c2646bccbb6aa6 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2 b/fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2
new file mode 100644
index 0000000000..5d2ca78b2e
--- /dev/null
+++ b/fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2
@@ -0,0 +1,30 @@
+[Unit]
+Description=Vault
+Documentation=https://www.vaultproject.io/docs/
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+User={{ vault_user }}
+Group={{ vault_group }}
+ProtectSystem=full
+ProtectHome=read-only
+PrivateTmp=yes
+PrivateDevices=yes
+NoNewPrivileges=yes
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStart={{ vault_bin_dir }}/vault {{ vault_node_role }} -config={{ vault_config_dir }}
+KillMode=process
+KillSignal=SIGINT
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=30
+StartLimitInterval=60
+StartLimitBurst=3
+LimitNOFILE=524288
+LimitNPROC=524288
+LimitMEMLOCK=infinity
+LimitCORE=0
+
+[Install]
+WantedBy=multi-user.target
+\ No newline at end of file
author	pmikus <pmikus@cisco.com>	2021-05-18 13:30:08 +0000
committer	Peter Mikus <pmikus@cisco.com>	2021-08-09 11:51:31 +0000
commit	73440ab332c51eb11405767d320bc496d9ebdbe7 (patch)
tree	003e06b7ab75c311009516a9872e77fdb00e47a8 /fdio.infra.ansible/roles/vault/templates/vault_systemd.service.j2
parent	bbfe9b5ba82a3998687909a833c2646bccbb6aa6 (diff)