mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-16 19:47:02 +02:00
39 lines
1.1 KiB
Bash
39 lines
1.1 KiB
Bash
#!/bin/env bash
|
|
# Copyright (c) HashiCorp, Inc.
|
|
# SPDX-License-Identifier: BUSL-1.1
|
|
|
|
set -exo pipefail
|
|
|
|
# Run nc to listen on port 9090 for the socket auditor. We spawn nc
|
|
# with nohup to ensure that the listener doesn't expect a SIGHUP and
|
|
# thus block the SSH session from exiting or terminating on exit.
|
|
# We immediately write to STDIN from /dev/null to give nc an
|
|
# immediate EOF so as to not block on expecting STDIN.
|
|
nohup nc -kl 9090 &> /dev/null < /dev/null &
|
|
|
|
# Wait for nc to be listening before we attempt to enable the socket auditor.
|
|
attempts=3
|
|
count=0
|
|
until nc -zv 127.0.0.1 9090 &> /dev/null < /dev/null; do
|
|
wait=$((2 ** count))
|
|
count=$((count + 1))
|
|
|
|
if [ "$count" -le "$attempts" ]; then
|
|
sleep "$wait"
|
|
if ! pgrep -x nc; then
|
|
nohup nc -kl 9090 &> /dev/null < /dev/null &
|
|
fi
|
|
else
|
|
|
|
echo "Timed out waiting for nc to listen on 127.0.0.1:9090" 1>&2
|
|
exit 1
|
|
fi
|
|
done
|
|
|
|
sleep 1
|
|
|
|
# Enable the auditors.
|
|
$VAULT_BIN_PATH audit enable file file_path="$LOG_FILE_PATH"
|
|
$VAULT_BIN_PATH audit enable syslog tag="vault" facility="AUTH"
|
|
$VAULT_BIN_PATH audit enable socket address="127.0.0.1:9090" || true
|