commit 3794921f6f6e5b97dfb62072573a9bb455a1d575
parent 743536789af1a4fe64c2de1ec881426bd128672b
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Sat, 27 Jul 2024 20:29:13 +0200
feat(bao): fix tls dir
Diffstat:
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/openbao.sh b/openbao.sh
@@ -12,10 +12,10 @@ cd "/home/${USERNAME}"
# Create bao config directories
mkdir -p /etc/openbao
rm -rf /etc/openbao/*
-mkdir -p /opt/openbao/tls
+mkdir -p /etc/openbao/tls
# The bao systemd service requires this env file, can be empty
touch /etc/openbao/openbao.env
-cd /opt/openbao/tls
+cd /etc/openbao/tls
# Specify CSR parameters for server key
VAULT_TLS_SUBJ_ALT_NAME=${VAULT_TLS_SUBJ_ALT_NAME:+", $VAULT_TLS_SUBJ_ALT_NAME"}
@@ -56,8 +56,8 @@ ui = true
listener "tcp" {
address = "0.0.0.0:8200"
- tls_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- tls_key_file = "/opt/openbao/tls/$HOSTNAME.key"
+ tls_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ tls_key_file = "/etc/openbao/tls/$HOSTNAME.key"
tls_disable_client_certs = true
}
@@ -79,23 +79,23 @@ storage "raft" {
retry_join {
leader_api_addr = "https://pi0:8200"
leader_tls_servername = "vault.in0rdr.ch"
- leader_ca_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- leader_client_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- leader_client_key_file = "/opt/openbao/tls/$HOSTNAME.key"
+ leader_ca_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ leader_client_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ leader_client_key_file = "/etc/openbao/tls/$HOSTNAME.key"
}
retry_join {
leader_api_addr = "https://pi2:8200"
leader_tls_servername = "vault.in0rdr.ch"
- leader_ca_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- leader_client_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- leader_client_key_file = "/opt/openbao/tls/$HOSTNAME.key"
+ leader_ca_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ leader_client_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ leader_client_key_file = "/etc/openbao/tls/$HOSTNAME.key"
}
retry_join {
leader_api_addr = "https://pi4:8200"
leader_tls_servername = "vault.in0rdr.ch"
- leader_ca_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- leader_client_cert_file = "/opt/openbao/tls/$HOSTNAME.pem"
- leader_client_key_file = "/opt/openbao/tls/$HOSTNAME.key"
+ leader_ca_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ leader_client_cert_file = "/etc/openbao/tls/$HOSTNAME.pem"
+ leader_client_key_file = "/etc/openbao/tls/$HOSTNAME.key"
}
}
