FS#63783 - [vault] Systemd Slicing
Attached to Project:
Community Packages
Opened by brent saner (sanerb) - Monday, 16 September 2019, 09:09 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:07 GMT
Opened by brent saner (sanerb) - Monday, 16 September 2019, 09:09 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:07 GMT
|
Details
Description:
Just a sidenote: * This package is behind upstream version; it is marked as out-of-date 12 days ago (current upstream is 1.2.2, [community] is 1.2.0) * The default config shipped seems to be outdated. It still works, but e.g. "backend" should be "storage", and the URL in the comment (https://vaultproject.io/docs/config/) should instead be https://www.vaultproject.io/docs/configuration/ (I can create a separate task for this if desired.) That aside, I recommend either modifying or copying (recommended) the vault.service file to vault@.service, with some minor changes (both for consistency with other packages - /usr/bin vs. /bin - and to enable slicing). Patch attached. Apply it with `patch -o vault\@.service < path/to/vault.service.patch`. |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:07 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/vault/issues/1
Saturday, 25 November 2023, 20:07 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/vault/issues/1
thanks for your patch. I am going to apply it as soon I have fixed the current build process for it.
This is also the reason why we are 2 versions behind of upstream.
Sadly we get 0 support from hashicorp for building it our own.
I have not done any testing beyond building the package.
First PKGBUILD is for go-bindata-assetfs:
Applied patch to go-bindata-assetfs for https://github.com/elazarl/go-bindata-assetfs/issues/33
Second PKGBUILD is for vault:
Switched to Arch packages for go-bindata go-bindata-assetfs gox goimports and removed unneeded python make depends.
Updated version to 1.3.1
Revert commit causing https://github.com/hashicorp/vault/issues/7475
PKGBUILD (2.4 KiB)
Now back to your bug report:
1.I will change the default configuration for vault
2. About the systemd service file: I would actually prefer that upstream manages the systemd service file. I always thought that you should just have one vault running, why do you need systemd slicing?
As for why, one can ask the same philosophical question of why the mariadb package has slicing for mysqld, or uwsgi when it offers vassal, etc. It facilitates running completely separate instances on the same host, which - Vault being a security-oriented program - is a good idea as it allows segregation of runtime instead of relying on in-software ACL. Best practices.
.release/linux/package/usr/lib/systemd/system/vault.service