Merge 6118304bb3 into 8e20a13896

.release/linux/postinst

@@ -1,37 +1,35 @@
 #!/bin/bash
 
-if [[ -f /opt/vault/tls/tls.crt ]] && [[ -f /opt/vault/tls/tls.key ]]; then
-  echo "Vault TLS key and certificate already exist. Exiting."
-  exit 0
+if [[ ! -f /opt/vault/tls/tls.crt ]] || [[ ! -f /opt/vault/tls/tls.key ]]; then
+
+  echo "Generating Vault TLS key and self-signed certificate..."
+
+  # Create TLS and Data directory
+  mkdir --parents /opt/vault/tls
+  mkdir --parents /opt/vault/data
+
+  # Generate TLS key and certificate
+  cd /opt/vault/tls
+  openssl req \
+    -out tls.crt \
+    -new \
+    -keyout tls.key \
+    -newkey rsa:4096 \
+    -nodes \
+    -sha256 \
+    -x509 \
+    -subj "/O=HashiCorp/CN=Vault" \
+    -days 1095 # 3 years
+
+  # Update file permissions
+  chown --recursive vault:vault /etc/vault.d
+  chown --recursive vault:vault /opt/vault
+  chmod 600 /opt/vault/tls/tls.crt /opt/vault/tls/tls.key
+  chmod 700 /opt/vault/tls
+
+  echo "Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'."
 fi
 
-echo "Generating Vault TLS key and self-signed certificate..."
-
-# Create TLS and Data directory
-mkdir --parents /opt/vault/tls
-mkdir --parents /opt/vault/data
-
-# Generate TLS key and certificate
-cd /opt/vault/tls
-openssl req \
-  -out tls.crt \
-  -new \
-  -keyout tls.key \
-  -newkey rsa:4096 \
-  -nodes \
-  -sha256 \
-  -x509 \
-  -subj "/O=HashiCorp/CN=Vault" \
-  -days 1095 # 3 years
-
-# Update file permissions
-chown --recursive vault:vault /etc/vault.d
-chown --recursive vault:vault /opt/vault
-chmod 600 /opt/vault/tls/tls.crt /opt/vault/tls/tls.key
-chmod 700 /opt/vault/tls
-
-echo "Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'."
-
 # Set IPC_LOCK capabilities on vault
 setcap cap_ipc_lock=+ep /usr/bin/vault