Asara/infra
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Enable https on consul

Browse source
This commit is contained in:
Amarpreet Minhas 2020-09-30 22:16:38 -04:00
parent 4989911add
commit eca78a092d
3 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ansible/roles/consul_server/tasks/Debian.yml
View file

@ -38,7 +38,7 @@
register: exp
- name: get cert
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
args:
executable: /bin/bash
environment:

2
ansible/roles/consul_server/tasks/FreeBSD.yml
View file

@ -38,7 +38,7 @@
register: exp
- name: get cert
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
shell: "vault write pki_int/issue/{{ vault_pki_policy }} common_name=server.{{ main_dc_name }}.{{ consul_domain }} alt_names=consul.service.{{ consul_domain }},consul.service.{{ main_dc_name }}.{{ consul_domain }} ttl=43200m"
args:
executable: /usr/local/bin/bash
environment:

9
ansible/roles/consul_server/templates/consul.hcl.j2
View file

@ -8,9 +8,10 @@ ui = true
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
verify_incoming_https = false
verify_incoming_rpc = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
key_file = "{{ consul_config_path }}/certs/consul-server.key"
@ -29,10 +30,14 @@ raft_protocol = 3
enable_local_script_checks = true
addresses {
http = "0.0.0.0"
https = "0.0.0.0"
dns = "0.0.0.0"
}
ports {
https = 8501
}
performance {
raft_multiplier = 1
}