From a8d348766402877532441a947546d71d730cded7 Mon Sep 17 00:00:00 2001
From: "Cobb, Randy" <randy.cobb@nordstrom.com>
Date: Tue, 20 Mar 2018 10:19:41 -0700
Subject: [PATCH] adding in a config for Hashicorp Vault

---
 templates/vault/0/docker-compose.yml.tpl | 36 +++++++++++++
 templates/vault/0/rancher-compose.yml    | 69 ++++++++++++++++++++++++
 templates/vault/catalogIcon-entry.svg    |  1 +
 templates/vault/config.yml               |  8 +++
 4 files changed, 114 insertions(+)
 create mode 100755 templates/vault/0/docker-compose.yml.tpl
 create mode 100755 templates/vault/0/rancher-compose.yml
 create mode 100644 templates/vault/catalogIcon-entry.svg
 create mode 100644 templates/vault/config.yml

diff --git a/templates/vault/0/docker-compose.yml.tpl b/templates/vault/0/docker-compose.yml.tpl
new file mode 100755
index 0000000..2bb41c8
--- /dev/null
+++ b/templates/vault/0/docker-compose.yml.tpl
@@ -0,0 +1,36 @@
+version: '2'
+volumes:
+  vault-config:
+    driver: ${volumeDriver}
+  vault-file:
+    driver: ${volumeDriver}
+services:
+  vault-lb:
+    image: rancher/lb-service-haproxy:v0.7.15
+    ports:
+    - 8200:8200/tcp
+    - 8201:8201/tcp
+    labels:
+      io.rancher.scheduler.affinity:host_label: lbhost=true
+      io.rancher.container.agent.role: environmentAdmin,agent
+      io.rancher.container.agent_service.drain_provider: 'true'
+      io.rancher.container.create_agent: 'true'
+  vault:
+    cap_add:
+    - IPC_LOCK
+    image: vault
+    environment:
+      VAULT_LOCAL_CONFIG: ${VAULT_LOCAL_CONFIG}
+{{- if eq .Values.useConsul "true"}}
+    external_links:
+    - ${consulService}:consul
+{{- end}}
+    volumes:
+    - vault-file:/vault/file
+    - vault-config:/vault/config
+    logging:
+      driver: journald
+    command:
+    - server
+    labels:
+      io.rancher.container.pull_image: always
diff --git a/templates/vault/0/rancher-compose.yml b/templates/vault/0/rancher-compose.yml
new file mode 100755
index 0000000..bac2cbc
--- /dev/null
+++ b/templates/vault/0/rancher-compose.yml
@@ -0,0 +1,69 @@
+version: '2'
+catalog:
+  name: Vault
+  version: 1.0-test-rancher1
+  description: |
+    Installs a Vault container, internal (Rancher) load-balancer, and allows connection to a Consul cluster
+  uuid: vault-rac-0
+  questions:
+    - variable: VAULT_LOCAL_CONFIG
+      label: Provide a default config?
+      description: |
+        This is the embedded JSON format config file that vault will use at startup
+      type: multiline
+      default: |
+        '{"backend":{"consul":{"address":"http://<listenAddress>:<listenPort>",
+        "advertise_addr":"http://<advertiseAddress>","path":"<Path>"}},
+        "listener":{"tcp":{"address":"0.0.0.0:18200","tls_disable":1}}}'
+    - variable: useConsul
+      label: Would you like to back Vault with Consul?
+      description: |
+        Selecting yes or no allows you to back your vault repoository with a pre-installed
+        Consul cluster/server
+      default: false
+      type: boolean
+    - variable: consulService
+      label: Specify the Consul service to connect to
+      description: |
+        The pre-installed Consul server to back to
+      default: "select"
+      type: service
+    - variable: volumeDriver
+      label: Driver for volumes
+      description: |
+        How/Where to store your vault config and logs
+      default: local
+      type: enum
+      options:
+        - local
+        - rancher-nfs
+        - rancher-efs
+        - rancher-ebs
+services:
+  vault-lb:
+    scale: 1
+    start_on_create: true
+    lb_config:
+      certs: []
+      port_rules:
+      - priority: 1
+        protocol: tcp
+        service: vault
+        source_port: 8200
+        target_port: 8200
+      - priority: 2
+        protocol: tcp
+        service: vault
+        source_port: 8201
+        target_port: 8201
+    health_check:
+      response_timeout: 2000
+      healthy_threshold: 2
+      port: 42
+      unhealthy_threshold: 3
+      initializing_timeout: 60000
+      interval: 2000
+      reinitializing_timeout: 60000
+  vault:
+    scale: 1
+    start_on_create: true
diff --git a/templates/vault/catalogIcon-entry.svg b/templates/vault/catalogIcon-entry.svg
new file mode 100644
index 0000000..880ebf3
--- /dev/null
+++ b/templates/vault/catalogIcon-entry.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 73.6 72" width="2500" height="2446"><defs><path id="a" d="M37.6 36.8c1.2 0 2.1-1 2.1-2.1s-.9-2.1-2.1-2.1-2.1 1-2.1 2.1.9 2.1 2.1 2.1zM31.3 31c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1-1.2 0-2.1 1-2.1 2.1 0 1.2.9 2.1 2.1 2.1zm6.3 0c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1s-2.1 1-2.1 2.1c0 1.2.9 2.1 2.1 2.1zm6.3 0c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1-1.2 0-2.1 1-2.1 2.1 0 1.2 1 2.1 2.1 2.1zm-12.6-5.7c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1-1.2 0-2.1 1-2.1 2.1 0 1.2.9 2.1 2.1 2.1zm6.3 0c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1s-2.1 1-2.1 2.1c0 1.2.9 2.1 2.1 2.1zm6.3 0c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1-1.2 0-2.1 1-2.1 2.1 0 1.2 1 2.1 2.1 2.1zm-6.3-5.7c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1s-2.1 1-2.1 2.1.9 2.1 2.1 2.1zm6.3 0c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1-1.2 0-2.1 1-2.1 2.1s1 2.1 2.1 2.1zm-12.6 0c1.2 0 2.1-1 2.1-2.1 0-1.2-.9-2.1-2.1-2.1-1.2 0-2.1 1-2.1 2.1s.9 2.1 2.1 2.1zM36.8 72L0 0h73.6L36.8 72z"/></defs><use xlink:href="#a" overflow="visible" fill-rule="evenodd" clip-rule="evenodd"/></svg>
\ No newline at end of file
diff --git a/templates/vault/config.yml b/templates/vault/config.yml
new file mode 100644
index 0000000..58b1095
--- /dev/null
+++ b/templates/vault/config.yml
@@ -0,0 +1,8 @@
+name: Vault
+description: |
+  This template installs a Vault server with optional configuration items, including backing store
+version: 1.0-test-rancher1
+category: Platform
+maintainer: Randal Cobb <randy.cobb@nordstrom.com>
+license: 
+projectURL: http://www.nordstrom.com/tech/givingBack