Adding uuidfile for rkt based vault to properly cleanup after itself

20dba8b3 · Brad Beam · f624ba47 · 20dba8b3
Commit 20dba8b3 authored 6 years ago by Brad Beam
--- a/roles/vault/templates/rkt.service.j2
+++ b/roles/vault/templates/rkt.service.j2
@@ -12,6 +12,8 @@ LimitNOFILE=40000
 # Container has the following internal mount points:
 #   /vault/file/    # File backend storage location
 #   /vault/logs/    # Log files
+ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/vault.uuid
+
 ExecStart=/usr/bin/rkt run \
        --insecure-options=image \
        --volume hosts,kind=host,source=/etc/hosts,readOnly=true \
@@ -29,9 +31,15 @@ ExecStart=/usr/bin/rkt run \
        --volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }} \
        --mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
        docker://{{ vault_image_repo }}:{{ vault_image_tag }} \
--name={{ vault_container_name }} --net=host \
+        --uuid-file-save=/var/run/vault.uuid \
+        --name={{ vault_container_name }} \
+        --net=host \
        --caps-retain=CAP_IPC_LOCK \
--exec vault -- server --config={{ vault_config_dir }}/config.json
+        --exec vault -- \
+                server \
+                --config={{ vault_config_dir }}/config.json
+
+ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/vault.uuid

 [Install]
 WantedBy=multi-user.target