cleanup packaging

7 years ago · 507748a89b
3 changed files with 16 additions and 8 deletions
--- a/vault/vault-tls.sh
+++ b/vault/vault-tls.sh
@ -12,9 +12,6 @@ cat >vault-tls-ca.json <<EOT
        "size": 4096
    },
    "names": [{
-        "C":  "US",
-        "ST": "California",
-        "L":  "San Francisco",
        "OU": "Certificate Authority",
        "O":  "Example, Inc"
    }]
@ -31,9 +28,6 @@ cat >vault-tls-sv.json <<EOT
    "CN": "server.example.com",
    "hosts": [ "server.example.com", "127.0.0.1" ],
    "names": [{
-        "C":  "US",
-        "ST": "California",
-        "L":  "San Francisco",
        "OU": "Server Administration",
        "O":  "Example, Inc"
    }]
--- a/vault/vault.hcl
+++ b/vault/vault.hcl
@ -4,6 +4,13 @@

 disable_mlock     = true

+cluster_name      = "example"
+
+max_lease_ttl     = "768h"
+default_lease_ttl = "768h"
+
+ui                = true
+
 listener "tcp" {
    address       = "127.0.0.1:8200"
    tls_disable   = 0
@ -11,13 +18,16 @@ listener "tcp" {
    tls_key_file  = "@l_prefix@/etc/vault/vault-tls-sv.key"
 }

+api_addr          = "https://127.0.0.1:8200"
+cluster_addr      = "https://127.0.0.1:8201"
+
 storage "file" {
    path          = "@l_prefix@/var/vault/db"
 }

 # storage "consul" {
 #     address       = "127.0.0.1:8500"
-#     path          = "vault"
+#     path          = "vault/"
 #     scheme        = "http"
 # }

--- a/vault/vault.spec
+++ b/vault/vault.spec
@ -138,9 +138,13 @@ PreReq:       OpenPKG, openpkg >= 20160101, cfssl
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault operator init \\%{l_nil}"
          echo "      -key-shares=1 -key-threshold=1 \\%{l_nil}"
          echo "      -recovery-shares=1 -recovery-threshold=1"
+          echo "   In case of a Vault cluster of N nodes use (N>K>1):"
+          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault operator init \\%{l_nil}"
+          echo "      -key-shares=N -key-threshold=K \\%{l_nil}"
+          echo "      -recovery-shares=N -recovery-threshold=K"
          echo "6. unseal database (with remembered unseal key):"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault operator unseal <key>"
-          echo "7. authenticate against database (with remembered root token):"
+          echo "7. authenticate against database (use remembered root token):"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault login -method=token"
          echo "8. write data under <name>:"
          echo "   \$ $RPM_INSTALL_PREFIX/bin/vault write secret/<name> value=<value>"