Add support for upgrading vault when installed with archive #166
Conversation
| @@ -35,6 +35,7 @@ | |||
| owner => $::vault::user, | |||
| group => $::vault::group, | |||
| mode => $::vault::config_mode, | |||
| notify => Class['vault::service'], | |||
There was a problem hiding this comment.
Can you please split this out into its own commit as it addresses a different issue.
There was a problem hiding this comment.
I don't really understand why it should be a different commit. As when you update the binary you need to restart the service. I can do it, just want to understand why :)
There was a problem hiding this comment.
It’d be good to have this in its own commit b/c it addresses a different new/changed functionality. Just in case it needs to be reverted separately from the addition of versioned installs.
| } | ||
|
|
||
| exec { 'install_versioned_vault': | ||
| command => "/bin/cp -f ${_vault_versioned_bin} ${vault_bin}", |
There was a problem hiding this comment.
Any reason to do a cp instead of a symlink? This approach was discussed in #63 but I can't recall the specifics of if it was/wasn't feasible.
There was a problem hiding this comment.
I tried with a symlink. But the issue is that you can't set the file_capabilities on a symlink. Keeping to the symlink path meant changing the code in other places. This was the easiest way to introduce this functionality.
There was a problem hiding this comment.
@rgevaert symlinks are pass-through, so whatever they link to is the mode in play.
E.g., if you symlink ${_vault_versioned_bin} → ${vault_bin}, whatever mode is assigned to ${vault_bin} will be the mode used.
So this is probably cleaner done as a symlink:
file { $vault_bin:
ensure => link,
target => $vault_versioned_bin,
notify => Class['vault::service'],
}And let whatever mode the actual bin has be the mode in play. If it needs to be set, I believe you’ll want to do that in the Archive["${::vault::download_dir}/${::vault::download_filename}"] resource above.
There was a problem hiding this comment.
TBH I tried that first but had issues like mentioned before. If someone else has time to pick it up, please do.
There was a problem hiding this comment.
Using a symlink will throw an error when setting mlock on the $vault_bin, which is done at
puppet-vault/manifests/install.pp
Line 66 in 97dd794
$_vault_versioned_bin instead.
Closes jsok/puppet-vault/issues/63
|
@jsok I did you changes you requested. |
|
What's the status here? |
|
This came up today with an in-place upgrade my team was trying to do, and it’d be great to get the last few changes in & get it merged! |
|
Any update on this? This seems like it would be a great addition.... |
|
Any updates on this PR? |
This makes it possible to upgrade vault when it was installed with an archive.