From 96705fb3f2bc3b9ab903c16bc6fe61e339b27968 Mon Sep 17 00:00:00 2001 From: Jaymala Date: Tue, 6 Jun 2023 21:03:50 +0000 Subject: [PATCH] backport of commit 85128585837bcce2cf99f8e1f749c3a4aef204ca --- enos/enos-scenario-autopilot.hcl | 23 ++++++++-------- enos/modules/vault_cluster/main.tf | 2 +- .../scripts/create_audit_log_dir.sh | 26 +++++++++++++++++-- 3 files changed, 37 insertions(+), 14 deletions(-) diff --git a/enos/enos-scenario-autopilot.hcl b/enos/enos-scenario-autopilot.hcl index b06fa8547b95..bc99be9623fe 100644 --- a/enos/enos-scenario-autopilot.hcl +++ b/enos/enos-scenario-autopilot.hcl @@ -179,7 +179,7 @@ scenario "autopilot" { } variables { - vault_instances = step.create_vault_cluster_targets.hosts + vault_instances = step.create_vault_cluster.target_hosts vault_install_dir = local.vault_install_dir vault_root_token = step.create_vault_cluster.root_token } @@ -200,7 +200,7 @@ scenario "autopilot" { variables { leader_public_ip = step.get_vault_cluster_ips.leader_public_ip leader_private_ip = step.get_vault_cluster_ips.leader_private_ip - vault_instances = step.create_vault_cluster_targets.hosts + vault_instances = step.create_vault_cluster.target_hosts vault_install_dir = local.vault_install_dir vault_root_token = step.create_vault_cluster.root_token } @@ -266,6 +266,7 @@ scenario "autopilot" { storage_node_prefix = "upgrade_node" target_hosts = step.create_vault_cluster_upgrade_targets.hosts unseal_method = matrix.seal + enable_file_audit_device = var.vault_enable_file_audit_device } } @@ -283,7 +284,7 @@ scenario "autopilot" { variables { vault_install_dir = local.vault_install_dir - vault_instances = step.create_vault_cluster_upgrade_targets.hosts + vault_instances = step.upgrade_vault_cluster_with_autopilot.target_hosts } } @@ -300,7 +301,7 @@ scenario "autopilot" { variables { vault_install_dir = local.vault_install_dir - vault_instances = step.create_vault_cluster_upgrade_targets.hosts + vault_instances = step.upgrade_vault_cluster_with_autopilot.target_hosts vault_root_token = step.upgrade_vault_cluster_with_autopilot.root_token } } @@ -321,7 +322,7 @@ scenario "autopilot" { vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version vault_autopilot_upgrade_status = "await-server-removal" vault_install_dir = local.vault_install_dir - vault_instances = step.create_vault_cluster_upgrade_targets.hosts + vault_instances = step.create_vault_cluster_upgrade_targets.target_hosts vault_root_token = step.upgrade_vault_cluster_with_autopilot.root_token } } @@ -340,11 +341,11 @@ scenario "autopilot" { } variables { - vault_instances = step.create_vault_cluster_targets.hosts + vault_instances = step.create_vault_cluster.target_hosts vault_install_dir = local.vault_install_dir vault_root_token = step.create_vault_cluster.root_token node_public_ip = step.get_vault_cluster_ips.leader_public_ip - added_vault_instances = step.create_vault_cluster_targets.hosts + added_vault_instances = step.upgrade_vault_cluster_with_autopilot.target_hosts } } @@ -383,7 +384,7 @@ scenario "autopilot" { variables { operator_instance = step.get_updated_vault_cluster_ips.leader_public_ip - remove_vault_instances = step.create_vault_cluster_targets.hosts + remove_vault_instances = step.create_vault_cluster.target_hosts vault_install_dir = local.vault_install_dir vault_instance_count = 3 vault_root_token = step.create_vault_cluster.root_token @@ -402,7 +403,7 @@ scenario "autopilot" { } variables { - old_vault_instances = step.create_vault_cluster_targets.hosts + old_vault_instances = step.create_vault_cluster.target_hosts vault_instance_count = 3 } } @@ -424,7 +425,7 @@ scenario "autopilot" { vault_autopilot_upgrade_version = matrix.artifact_source == "local" ? step.get_local_metadata.version : var.vault_product_version vault_autopilot_upgrade_status = "idle" vault_install_dir = local.vault_install_dir - vault_instances = step.create_vault_cluster_upgrade_targets.hosts + vault_instances = step.upgrade_vault_cluster_with_autopilot.target_hosts vault_root_token = step.create_vault_cluster.root_token } } @@ -445,7 +446,7 @@ scenario "autopilot" { variables { vault_install_dir = local.vault_install_dir - vault_instances = step.create_vault_cluster_upgrade_targets.hosts + vault_instances = step.upgrade_vault_cluster_with_autopilot.target_hosts vault_root_token = step.create_vault_cluster.root_token } } diff --git a/enos/modules/vault_cluster/main.tf b/enos/modules/vault_cluster/main.tf index 97c8edf47f3c..695d5f35885a 100644 --- a/enos/modules/vault_cluster/main.tf +++ b/enos/modules/vault_cluster/main.tf @@ -61,7 +61,7 @@ locals { path = "vault" }) ] - audit_device_file_path = "/var/log/vault_audit.log" + audit_device_file_path = "/var/log/vault/vault_audit.log" vault_service_user = "vault" enable_audit_device = var.enable_file_audit_device && var.initialize_cluster } diff --git a/enos/modules/vault_cluster/scripts/create_audit_log_dir.sh b/enos/modules/vault_cluster/scripts/create_audit_log_dir.sh index 582bfdb14337..4c2e392d442a 100755 --- a/enos/modules/vault_cluster/scripts/create_audit_log_dir.sh +++ b/enos/modules/vault_cluster/scripts/create_audit_log_dir.sh @@ -1,8 +1,30 @@ -#!/bin/env sh +#!/usr/bin/env bash set -eux LOG_DIR=$(dirname "$LOG_FILE_PATH") +function retry { + local retries=$1 + shift + local count=0 + + until "$@"; do + exit=$? + wait=10 + count=$((count + 1)) + + if [ "$count" -lt "$retries" ]; then + sleep "$wait" + else + return "$exit" + fi + done + + return 0 +} + +retry 7 id -a "$SERVICE_USER" + sudo mkdir -p "$LOG_DIR" -sudo chown "$SERVICE_USER":"$SERVICE_USER" "$LOG_DIR" +sudo chown -R "$SERVICE_USER":"$SERVICE_USER" "$LOG_DIR"