Enable https on consul

This commit is contained in:
Amarpreet Minhas 2020-09-30 22:16:38 -04:00
parent 4989911add
commit eca78a092d
3 changed files with 10 additions and 5 deletions

View file

@ -38,7 +38,7 @@
register: exp register: exp
- name: get cert - name: get cert
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m" shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
args: args:
executable: /bin/bash executable: /bin/bash
environment: environment:

View file

@ -38,7 +38,7 @@
register: exp register: exp
- name: get cert - name: get cert
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m" shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
args: args:
executable: /usr/local/bin/bash executable: /usr/local/bin/bash
environment: environment:

View file

@ -8,9 +8,10 @@ ui = true
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}" encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
verify_incoming = true
verify_outgoing = true verify_outgoing = true
verify_server_hostname = true verify_server_hostname = true
verify_incoming_https = false
verify_incoming_rpc = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}" ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
cert_file = "{{ consul_config_path }}/certs/consul-server.pem" cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
key_file = "{{ consul_config_path }}/certs/consul-server.key" key_file = "{{ consul_config_path }}/certs/consul-server.key"
@ -29,10 +30,14 @@ raft_protocol = 3
enable_local_script_checks = true enable_local_script_checks = true
addresses { addresses {
http = "0.0.0.0" https = "0.0.0.0"
dns = "0.0.0.0" dns = "0.0.0.0"
} }
ports {
https = 8501
}
performance { performance {
raft_multiplier = 1 raft_multiplier = 1
} }