infra/ansible/roles/vault_server/templates/vault.hcl.j2

ui = true

listener "tcp" {
  address         = "127.0.0.1:8200"
  tls_cert_file   = "/etc/vault.d/certs/vault.pem"
  tls_key_file    = "/etc/vault.d/certs/vault.key"
}

listener "tcp" {
  address         = "{{ ansible_default_ipv4.address }}:8200"
  tls_cert_file   = "/etc/vault.d/certs/vault.pem"
  tls_key_file    = "/etc/vault.d/certs/vault.key"
}

api_addr          = "https://{{ ansible_default_ipv4.address }}:8200"
cluster_addr      = "https://{{ ansible_default_ipv4.address }}:8201"

storage "consul" {
  address   = "localhost:8500"
  path      = "vault/"
  token     = "{{ lookup('hashi_vault', 'secret=kv/data/vault:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['consul-acl'] }}"
}
Add vault server, add some generic consul acls and vault policies 2020-08-27 19:26:40 +00:00			`ui = true`
Explicitly define ports for consul and vault 2020-10-13 02:39:23 +00:00
Add vault server, add some generic consul acls and vault policies 2020-08-27 19:26:40 +00:00			`listener "tcp" {`
Explicitly define ports for consul and vault 2020-10-13 02:39:23 +00:00			`address = "127.0.0.1:8200"`
			`tls_cert_file = "/etc/vault.d/certs/vault.pem"`
			`tls_key_file = "/etc/vault.d/certs/vault.key"`
Add vault server, add some generic consul acls and vault policies 2020-08-27 19:26:40 +00:00			`}`
Explicitly define ports for consul and vault 2020-10-13 02:39:23 +00:00
			`listener "tcp" {`
			`address = "{{ ansible_default_ipv4.address }}:8200"`
			`tls_cert_file = "/etc/vault.d/certs/vault.pem"`
			`tls_key_file = "/etc/vault.d/certs/vault.key"`
			`}`

Fix up vault ssl, fix up vault cert since it needs a bundled cert 2020-10-14 01:42:39 +00:00			`api_addr = "https://{{ ansible_default_ipv4.address }}:8200"`
			`cluster_addr = "https://{{ ansible_default_ipv4.address }}:8201"`
Explicitly define ports for consul and vault 2020-10-13 02:39:23 +00:00
Add vault server, add some generic consul acls and vault policies 2020-08-27 19:26:40 +00:00			`storage "consul" {`
			`address = "localhost:8500"`
			`path = "vault/"`
Add ca_cert to hashi_vault lookups 2022-11-01 20:02:59 +00:00			`token = "{{ lookup('hashi_vault', 'secret=kv/data/vault:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['consul-acl'] }}"`
Add vault server, add some generic consul acls and vault policies 2020-08-27 19:26:40 +00:00			`}`