Asara/infra
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Explicitly define ports for consul and vault

Browse source
This commit is contained in:
Amarpreet Minhas 2020-10-12 22:39:23 -04:00
parent b5b9dc2024
commit b5d51f7e3f
4 changed files with 34 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ansible/roles/consul_server/templates/consul.hcl.j2
View file

@ -30,11 +30,13 @@ raft_protocol = 3
enable_local_script_checks = true enable_local_script_checks = true
addresses { addresses {
http = "127.0.0.1"
https = "0.0.0.0" https = "0.0.0.0"
dns = "0.0.0.0" dns = "0.0.0.0"
} }
ports { ports {
http = 8500
https = 8501 https = 8501
} }

9
ansible/roles/nomad_client/templates/nomad.hcl.j2
View file

@ -17,6 +17,15 @@ consul {
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-client'] }}" token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-client'] }}"
} }
vault {
enabled = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
address = "https://vault.service.{{ consul_domain }}:8200"
create_from_role = "nomad-cluster"
unwrap_token = true
}
tls { tls {
http = true http = true
rpc = true rpc = true

9
ansible/roles/nomad_server/templates/nomad.hcl.j2
View file

@ -6,6 +6,15 @@ server {
bootstrap_expect = 1 bootstrap_expect = 1
} }
vault {
enabled = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
address = "https://vault.service.{{ consul_domain }}:8200"
create_from_role = "nomad-cluster"
unwrap_token = true
}
consul { consul {
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-server'] }}" token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-server'] }}"
} }

13
ansible/roles/vault_server/templates/vault.hcl.j2
View file

@ -1,9 +1,20 @@
ui = true ui = true
listener "tcp" { listener "tcp" {
address = "0.0.0.0:8200" address = "127.0.0.1:8200"
tls_cert_file = "/etc/vault.d/certs/vault.pem" tls_cert_file = "/etc/vault.d/certs/vault.pem"
tls_key_file = "/etc/vault.d/certs/vault.key" tls_key_file = "/etc/vault.d/certs/vault.key"
} }
listener "tcp" {
address = "{{ ansible_default_ipv4.address }}:8200"
tls_cert_file = "/etc/vault.d/certs/vault.pem"
tls_key_file = "/etc/vault.d/certs/vault.key"
}
api_address = "{{ ansible_default_ipv4.address }}:8200"
cluster_address = "{{ ansible_default_ipv4.address }}:8201"
storage "consul" { storage "consul" {
address = "localhost:8500" address = "localhost:8500"
path = "vault/" path = "vault/"