Enable https on consul
This commit is contained in:
parent
4989911add
commit
eca78a092d
3 changed files with 10 additions and 5 deletions
|
@ -38,7 +38,7 @@
|
||||||
register: exp
|
register: exp
|
||||||
|
|
||||||
- name: get cert
|
- name: get cert
|
||||||
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
|
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
|
||||||
args:
|
args:
|
||||||
executable: /bin/bash
|
executable: /bin/bash
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
register: exp
|
register: exp
|
||||||
|
|
||||||
- name: get cert
|
- name: get cert
|
||||||
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
|
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
|
||||||
args:
|
args:
|
||||||
executable: /usr/local/bin/bash
|
executable: /usr/local/bin/bash
|
||||||
environment:
|
environment:
|
||||||
|
|
|
@ -8,9 +8,10 @@ ui = true
|
||||||
|
|
||||||
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
|
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
|
||||||
|
|
||||||
verify_incoming = true
|
|
||||||
verify_outgoing = true
|
verify_outgoing = true
|
||||||
verify_server_hostname = true
|
verify_server_hostname = true
|
||||||
|
verify_incoming_https = false
|
||||||
|
verify_incoming_rpc = true
|
||||||
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
||||||
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
|
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
|
||||||
key_file = "{{ consul_config_path }}/certs/consul-server.key"
|
key_file = "{{ consul_config_path }}/certs/consul-server.key"
|
||||||
|
@ -29,10 +30,14 @@ raft_protocol = 3
|
||||||
enable_local_script_checks = true
|
enable_local_script_checks = true
|
||||||
|
|
||||||
addresses {
|
addresses {
|
||||||
http = "0.0.0.0"
|
https = "0.0.0.0"
|
||||||
dns = "0.0.0.0"
|
dns = "0.0.0.0"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
https = 8501
|
||||||
|
}
|
||||||
|
|
||||||
performance {
|
performance {
|
||||||
raft_multiplier = 1
|
raft_multiplier = 1
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue