Explicitly define ports for consul and vault

This commit is contained in:
Amarpreet Minhas 2020-10-12 22:39:23 -04:00
parent b5b9dc2024
commit b5d51f7e3f
4 changed files with 34 additions and 3 deletions

View file

@ -30,11 +30,13 @@ raft_protocol = 3
enable_local_script_checks = true
addresses {
http = "127.0.0.1"
https = "0.0.0.0"
dns = "0.0.0.0"
}
ports {
http = 8500
https = 8501
}

View file

@ -17,6 +17,15 @@ consul {
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-client'] }}"
}
vault {
enabled = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
address = "https://vault.service.{{ consul_domain }}:8200"
create_from_role = "nomad-cluster"
unwrap_token = true
}
tls {
http = true
rpc = true

View file

@ -6,6 +6,15 @@ server {
bootstrap_expect = 1
}
vault {
enabled = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
address = "https://vault.service.{{ consul_domain }}:8200"
create_from_role = "nomad-cluster"
unwrap_token = true
}
consul {
token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-server'] }}"
}

View file

@ -1,9 +1,20 @@
ui = true
listener "tcp" {
address = "0.0.0.0:8200"
address = "127.0.0.1:8200"
tls_cert_file = "/etc/vault.d/certs/vault.pem"
tls_key_file = "/etc/vault.d/certs/vault.key"
}
listener "tcp" {
address = "{{ ansible_default_ipv4.address }}:8200"
tls_cert_file = "/etc/vault.d/certs/vault.pem"
tls_key_file = "/etc/vault.d/certs/vault.key"
}
api_address = "{{ ansible_default_ipv4.address }}:8200"
cluster_address = "{{ ansible_default_ipv4.address }}:8201"
storage "consul" {
address = "localhost:8500"
path = "vault/"