add vault to blackstart

2025-02-26 09:11:54 -05:00
parent 73f133ad61
commit d596076223
3 changed files with 42 additions and 0 deletions
--- a/black-start/services/vault/.gitignore
+++ b/black-start/services/vault/.gitignore
@@ -0,0 +1,4 @@
+logs/
+data/
+certs/
+file/
--- a/black-start/services/vault/config/config.hcl
+++ b/black-start/services/vault/config/config.hcl
@@ -0,0 +1,17 @@
+ui = true
+disable_mlock = "true"
+
+storage "raft" {
+  path    = "/vault/data"
+  node_id = "node1"
+}
+
+listener "tcp" {
+  address = "[::]:8200"
+  tls_disable = "false"
+  tls_cert_file = "/certs/server.crt"
+  tls_key_file  = "/certs/server.key"
+}
+
+api_addr = "https://weyma-vault.infra.dubyatp.xyz:8200"
+cluster_addr = "https://weyma-vault.infra.dubyatp.xyz:8200"
--- a/black-start/services/vault/docker-compose.yaml
+++ b/black-start/services/vault/docker-compose.yaml
@@ -0,0 +1,21 @@
+services:
+  vault:
+    image: hashicorp/vault:1.18
+    environment:
+      VAULT_ADDR: "https://weyma-vault.infra.dubyatp.xyz:8200"
+      VAULT_API_ADDR: "https://weyma-vault.infra.dubyatp.xyz:8200"
+      VAULT_ADDRESS: "https://weyma-vault.infra.dubyatp.xyz:8200"
+      VAULT_UI: true
+    ports:
+      - "8200:8200"
+      - "8201:8201"
+    restart: always
+    volumes:
+      - ./logs:/vault/logs/:rw
+      - ./data:/vault/data/:rw
+      - ./config:/vault/config/:rw
+      - ./certs:/certs/:rw
+      - ./file:/vault/file/:rw
+    cap_add:
+      - IPC_LOCK
+    entrypoint: vault server -config /vault/config/config.hcl