Explicitly define ports for consul and vault
This commit is contained in:
parent
b5b9dc2024
commit
b5d51f7e3f
4 changed files with 34 additions and 3 deletions
|
@ -30,11 +30,13 @@ raft_protocol = 3
|
|||
enable_local_script_checks = true
|
||||
|
||||
addresses {
|
||||
http = "127.0.0.1"
|
||||
https = "0.0.0.0"
|
||||
dns = "0.0.0.0"
|
||||
}
|
||||
|
||||
ports {
|
||||
http = 8500
|
||||
https = 8501
|
||||
}
|
||||
|
||||
|
|
|
@ -17,6 +17,15 @@ consul {
|
|||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-client'] }}"
|
||||
}
|
||||
|
||||
vault {
|
||||
enabled = true
|
||||
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
|
||||
address = "https://vault.service.{{ consul_domain }}:8200"
|
||||
create_from_role = "nomad-cluster"
|
||||
unwrap_token = true
|
||||
}
|
||||
|
||||
tls {
|
||||
http = true
|
||||
rpc = true
|
||||
|
|
|
@ -6,6 +6,15 @@ server {
|
|||
bootstrap_expect = 1
|
||||
}
|
||||
|
||||
vault {
|
||||
enabled = true
|
||||
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
|
||||
address = "https://vault.service.{{ consul_domain }}:8200"
|
||||
create_from_role = "nomad-cluster"
|
||||
unwrap_token = true
|
||||
}
|
||||
|
||||
consul {
|
||||
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-server'] }}"
|
||||
}
|
||||
|
|
|
@ -1,9 +1,20 @@
|
|||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
address = "0.0.0.0:8200"
|
||||
address = "127.0.0.1:8200"
|
||||
tls_cert_file = "/etc/vault.d/certs/vault.pem"
|
||||
tls_key_file = "/etc/vault.d/certs/vault.key"
|
||||
}
|
||||
|
||||
listener "tcp" {
|
||||
address = "{{ ansible_default_ipv4.address }}:8200"
|
||||
tls_cert_file = "/etc/vault.d/certs/vault.pem"
|
||||
tls_key_file = "/etc/vault.d/certs/vault.key"
|
||||
}
|
||||
|
||||
api_address = "{{ ansible_default_ipv4.address }}:8200"
|
||||
cluster_address = "{{ ansible_default_ipv4.address }}:8201"
|
||||
|
||||
storage "consul" {
|
||||
address = "localhost:8500"
|
||||
path = "vault/"
|
||||
|
|
Loading…
Reference in a new issue