I’d like to submit a change to the the systemd vault.service in the official Hashicorp vault rpm (instructions at https://learn.hashicorp.com/vault/getting-started/install) but I haven’t been able to locate a github repository or the owner. Can somebody point me to one of those? The same contents of the vault-1.5.0 rpm’s /usr/lib/systemd/system/vault.service is also at
https://learn.hashicorp.com/vault/operations/ops-deployment-guide#step-3-configure-systemd
but I haven’t been able to figure out how to submit a change to that either. I discovered the docker hashicorp/learn-website container ( https://hub.docker.com/r/hashicorp/learn-website) but the documentation that comes with it isn’t complete enough to do anything with.
In particular the change I want is to have an ability to change the parameters to vault server via EnvironmentFile=/etc/sysconfig/vault, similar to what is done in boeroboy’s copr build of vault.
https://copr-dist-git.fedorainfracloud.org/cgit/boeroboy/hashicorp/vault.git/tree/vault.service
Dave
Hi Dave,
In general, issues or suggestions with the RPMs/debs can be submitted via github issue on the vault repo.
In this case, the contents of the package are intended to line up with what’s in the deployment guide, so the deployment guide is probably what you’re looking to have changed.
I’ll add that the RPM configs are meant to be a common starting point to be edited/replaced once installed in order to fit individual use cases. With that in mind, I do agree that having an EnvironmentFile would be helpful, so I’ll discuss it with the team!
Thanks,
Kyle
1 Like
Thanks a lot for your answer, Kyle. I guess since you’re bringing it to the team, I’ll skip the vault github issue step. Let me know if you think it would still be helpful to do that.
In the rpm form at least I don’t think system admins can really edit vault.service because it would get wiped out by the next upgrade (or at least it should, because there could be other important changes), so having a standard place to customize the parameters that doesn’t get replaced by an upgrade is helpful.
Dave
Oh, a problem may be that the standard place to customize on Debian is /etc/default, not /etc/sysconfig. I see a few files there on rhel 7 too, so maybe that’s a more portable choice than /etc/sysconfig.
I have since learned how to do this without changing any rpm-created files, although it’s still better to have it builtin to the rpm, I think. Using sudo -E systemctl edit vault I added these lines:
[Service]
EnvironmentFile=/etc/sysconfig/vault
ExecStart=
ExecStart=/usr/bin/vault server $VAULT_SERVICE_OPTIONS -config=/etc/vault.d/vault.hcl
This writes into /etc/systemd/system/vault.service.d/override.conf. Then in /etc/sysconfig/vault I set VAULT_SERVICE_OPTIONS for additional command line options.
Dave