Compare commits
No commits in common. "7bc9062d859d7b4572426c24fb7a238ff76f1d37" and "8cb41f5246cbb342e97d27172a0aff5ae4d6fccd" have entirely different histories.
7bc9062d85
...
8cb41f5246
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,2 @@
|
|||||||
.envrc
|
.envrc
|
||||||
.direnv
|
.direnv
|
||||||
requirements.txt
|
|
||||||
files/keys/*
|
|
||||||
@ -5,101 +5,48 @@
|
|||||||
|
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
tasks:
|
tasks:
|
||||||
|
# - name: Install python
|
||||||
|
# raw: apk add python3
|
||||||
|
|
||||||
- name: Install zip utils
|
- name: Install packages
|
||||||
apk:
|
community.general.apk:
|
||||||
name:
|
name: consul
|
||||||
- unzip
|
|
||||||
- consul
|
|
||||||
state: present
|
state: present
|
||||||
|
update_cache: yes
|
||||||
- name: Check for upgrade requirement
|
|
||||||
shell: /usr/sbin/consul version
|
|
||||||
register: consul_version
|
|
||||||
changed_when: false
|
|
||||||
|
|
||||||
- name: Apply upgrades if needed
|
|
||||||
block:
|
|
||||||
- name: Obtain consul binary
|
|
||||||
get_url:
|
|
||||||
url: https://releases.hashicorp.com/consul/1.10.4/consul_1.10.4_linux_amd64.zip
|
|
||||||
dest: /tmp/consul.zip
|
|
||||||
- name: Remove old consul binary
|
|
||||||
file:
|
|
||||||
path: /usr/sbin/consul
|
|
||||||
state: absent
|
|
||||||
- name: Expand binary
|
|
||||||
unarchive:
|
|
||||||
src: /tmp/consul.zip
|
|
||||||
dest: /usr/sbin/
|
|
||||||
remote_src: yes
|
|
||||||
when: consul_version.stdout.find('Consul v1.10.4') == -1
|
|
||||||
|
|
||||||
- name: Create keys directory
|
- name: Create keys directory
|
||||||
file:
|
file:
|
||||||
path: /etc/consul.keys
|
path: /etc/consul.keys
|
||||||
state: directory
|
state: directory
|
||||||
owner: root
|
owner: root
|
||||||
- name: Set up CA and create certs
|
|
||||||
block:
|
- name: Deploy keys
|
||||||
- name: Create a CA for key creation
|
copy:
|
||||||
shell: consul tls ca create
|
src: "{{ item }}"
|
||||||
args:
|
dest: /etc/consul.keys/
|
||||||
chdir: /etc/consul.keys
|
|
||||||
creates: /etc/consul.keys/consul-agent-ca-key.pem
|
|
||||||
- name: Retrieve new CA key and certificate
|
|
||||||
fetch:
|
|
||||||
src: '/etc/consul.keys/{{item}}'
|
|
||||||
dest: 'files/keys/{{item}}'
|
|
||||||
flat: yes
|
|
||||||
loop:
|
loop:
|
||||||
- consul-agent-ca-key.pem
|
- "files/keys/consul-agent-ca.pem"
|
||||||
- consul-agent-ca.pem
|
- "files/keys/dc1-server-consul-{{ ansible_nodename }}.pem"
|
||||||
- name: Install server certificate script
|
- "files/keys/dc1-server-consul-{{ ansible_nodename }}-key.pem"
|
||||||
copy:
|
|
||||||
src: 'files/scripts/consul-server-cert.sh'
|
- name: Update tls config
|
||||||
dest: '/usr/sbin/consul-server-cert'
|
|
||||||
mode: '0700'
|
|
||||||
- name: Create server certificates
|
|
||||||
shell: '/usr/sbin/consol-server-cert {{item}}'
|
|
||||||
args:
|
|
||||||
chdir: /etc/consul.keys
|
|
||||||
creates: '/etc/consul.keys/{{item}}.key.pem'
|
|
||||||
loop: "{{ groups.consul }}"
|
|
||||||
- name: Retrieve server certificates
|
|
||||||
fetch:
|
|
||||||
src: '/etc/consul.keys/{{item}}.pem'
|
|
||||||
dest: 'files/keys/{{item}}.pem'
|
|
||||||
flat: yes
|
|
||||||
loop: "{{ groups.consul }}"
|
|
||||||
- name: Retrieve server keys
|
|
||||||
fetch:
|
|
||||||
src: '/etc/consul.keys/{{item}}.key.pem'
|
|
||||||
dest: 'files/keys/{{item}}.key.pem'
|
|
||||||
flat: yes
|
|
||||||
loop: "{{ groups.consul }}"
|
|
||||||
when: inventory_hostname in 'cnsl01'
|
|
||||||
- name: Distribute CA certificate
|
|
||||||
copy:
|
|
||||||
src: keys/consul-agent-ca.pem
|
|
||||||
dest: /etc/consul.keys/consul-agent-ca.pem
|
|
||||||
- name: Distribute certificates and keys
|
|
||||||
block:
|
|
||||||
- name: Ship certificate
|
|
||||||
copy:
|
|
||||||
src: "keys/{{inventory_hostname}}.pem"
|
|
||||||
dest: "/etc/consul.keys/{{inventory_hostname}}.pem"
|
|
||||||
- name: Ship key
|
|
||||||
copy:
|
|
||||||
src: "keys/{{inventory_hostname}}.key.pem"
|
|
||||||
dest: "/etc/consul.keys/{{inventory_hostname}}.key.pem"
|
|
||||||
when: inventory_hostname not in 'cnsl01'
|
|
||||||
- name: Update server tls config
|
|
||||||
template:
|
template:
|
||||||
src: tls.json
|
src: tls.json
|
||||||
dest: /etc/consul/
|
dest: /etc/consul/
|
||||||
|
|
||||||
- name: Copy static server config files
|
- name: Copy static config files
|
||||||
copy:
|
copy:
|
||||||
src: files/server_cfg/
|
src: files/server_cfg/
|
||||||
dest: /etc/consul
|
dest: /etc/consul
|
||||||
|
|
||||||
|
- name: Restart server
|
||||||
|
service:
|
||||||
|
name: consul
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Enable service
|
||||||
|
service:
|
||||||
|
name: consul
|
||||||
|
enabled: true
|
||||||
|
runlevel: default
|
||||||
|
|
||||||
@ -1,9 +0,0 @@
|
|||||||
- name: Deploy consul cluster
|
|
||||||
hosts:
|
|
||||||
- consul
|
|
||||||
vars:
|
|
||||||
|
|
||||||
gather_facts: false
|
|
||||||
tasks:
|
|
||||||
- name: Install python
|
|
||||||
raw: apk add python3
|
|
||||||
18
files/keys/consul-agent-ca.pem
Normal file
18
files/keys/consul-agent-ca.pem
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC7TCCApSgAwIBAgIRAJ+pfHI7AaUSwrjOoqBQj8gwCgYIKoZIzj0EAwIwgbkx
|
||||||
|
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
|
||||||
|
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
|
||||||
|
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
|
||||||
|
IDIxMjIyNzI3MzU2Nzk1Njk5MzEzNjAxNTI2MzkyNjQ5NDIwMzg0ODAeFw0yMTEx
|
||||||
|
MTIwODQ1NTJaFw0yNjExMTEwODQ1NTJaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
|
||||||
|
CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
|
||||||
|
bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
|
||||||
|
Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyMTIyMjcyNzM1Njc5NTY5OTMx
|
||||||
|
MzYwMTUyNjM5MjY0OTQyMDM4NDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQW
|
||||||
|
hgJCkj2MSVQ0MduzN+gahsxjefgUi/7caK840Z8+nZH9uf+mIFD2MV5GlyH2rUxm
|
||||||
|
Ob8qzwEorpnEsHltt7Zro3sweTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw
|
||||||
|
AwEB/zApBgNVHQ4EIgQgXjMGwMpTJIyi1WN7r+oADAdMh02M70ToNUyD1nR077sw
|
||||||
|
KwYDVR0jBCQwIoAgXjMGwMpTJIyi1WN7r+oADAdMh02M70ToNUyD1nR077swCgYI
|
||||||
|
KoZIzj0EAwIDRwAwRAIgfmt0Huh6EXAIB4uRsLtT6oQP4mBBdPz+wWhgGl/8oqkC
|
||||||
|
IHfpKw05q5g56h63rlpCfCSjx049IEhdQl1BQq7w1wO6
|
||||||
|
-----END CERTIFICATE-----
|
||||||
5
files/keys/dc1-server-consul-cnsl01-key.pem
Normal file
5
files/keys/dc1-server-consul-cnsl01-key.pem
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIEVE3laHqkyUawkHzgNXOklVGEIpHeIsVHO9prVxPE9doAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEifAILwrPlw3IZIEBYxGytwQOjtTU7v+p/v17TYj+bqjpFTAzRA8A
|
||||||
|
ZfAuMmRWYfBgyR+PgvwrCVz0sF4ekisyBQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
||||||
16
files/keys/dc1-server-consul-cnsl01.pem
Normal file
16
files/keys/dc1-server-consul-cnsl01.pem
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICnDCCAkKgAwIBAgIQZcUIsW7KEyguQLeakeM+rzAKBggqhkjOPQQDAjCBuTEL
|
||||||
|
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
|
||||||
|
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
|
||||||
|
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg
|
||||||
|
MjEyMjI3MjczNTY3OTU2OTkzMTM2MDE1MjYzOTI2NDk0MjAzODQ4MB4XDTIxMTEx
|
||||||
|
MjA4NDcyMFoXDTIyMTExMjA4NDcyMFowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j
|
||||||
|
b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASJ8AgvCs+XDchkgQFjEbK3
|
||||||
|
BA6O1NTu/6n+/XtNiP5uqOkVMDNEDwBl8C4yZFZh8GDJH4+C/CsJXPSwXh6SKzIF
|
||||||
|
o4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
|
||||||
|
BQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgHi5V5f8evpxId4TtQEqMm/Ba
|
||||||
|
mwB+m+YaRqEbtGUaoOYwKwYDVR0jBCQwIoAgXjMGwMpTJIyi1WN7r+oADAdMh02M
|
||||||
|
70ToNUyD1nR077swLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs
|
||||||
|
aG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiEA4R0nOX021RbB3WiwSHT+Lsn+
|
||||||
|
gVAh0BvYnSYs7Flr6jwCIHCSkd4Vwq/QoNJEG1ocveHuv0l74tpcdPHhXddmRxa/
|
||||||
|
-----END CERTIFICATE-----
|
||||||
5
files/keys/dc1-server-consul-cnsl02-key.pem
Normal file
5
files/keys/dc1-server-consul-cnsl02-key.pem
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIExUDPjsTgYUwkij3/76kQmaCNZfTnD7ULncnwMp9+9QoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEyrnR6O3NTx2tG1RLzi25xhC72/H56tsU+KL7yy8WTv1/eTSfp35A
|
||||||
|
z8eYI8MVVFlFg6Y6RSB+mWAOK1ZlCAK/iw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
||||||
17
files/keys/dc1-server-consul-cnsl02.pem
Normal file
17
files/keys/dc1-server-consul-cnsl02.pem
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICnTCCAkOgAwIBAgIRALtKTylNLn8tcn1f3LwqxqIwCgYIKoZIzj0EAwIwgbkx
|
||||||
|
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
|
||||||
|
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
|
||||||
|
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
|
||||||
|
IDIxMjIyNzI3MzU2Nzk1Njk5MzEzNjAxNTI2MzkyNjQ5NDIwMzg0ODAeFw0yMTEx
|
||||||
|
MTMyMjE5MTVaFw0yMjExMTMyMjE5MTVaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu
|
||||||
|
Y29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyrnR6O3NTx2tG1RLzi25
|
||||||
|
xhC72/H56tsU+KL7yy8WTv1/eTSfp35Az8eYI8MVVFlFg6Y6RSB+mWAOK1ZlCAK/
|
||||||
|
i6OBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
|
||||||
|
AQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEIOXNeOY9OY/iUqY3unTsLW3U
|
||||||
|
3fDbvWoKJHphyRGUxd8EMCsGA1UdIwQkMCKAIF4zBsDKUySMotVje6/qAAwHTIdN
|
||||||
|
jO9E6DVMg9Z0dO+7MC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh
|
||||||
|
bGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIhALliGcXi+IKPGytKslUPHNbO
|
||||||
|
LYuiQBR4ChW+cy3z3MNrAiBGKqzbfb0O890DFyN4BP/p2MurWXEHADAAwQDlW8fw
|
||||||
|
vw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
5
files/keys/dc1-server-consul-cnsl03-key.pem
Normal file
5
files/keys/dc1-server-consul-cnsl03-key.pem
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIPpk6l39vQmXv5PZN4/JC5OYJIKXTVo7vavHRJhUNTiroAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEm+5MaEoPb022EWsQr4z8XBGogtI1Q9avsv7nSVRAgzDBTGv1HYo7
|
||||||
|
oi5x98kU+u/lRyKxINK7etthQ3I39g6Vhg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
||||||
16
files/keys/dc1-server-consul-cnsl03.pem
Normal file
16
files/keys/dc1-server-consul-cnsl03.pem
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICnDCCAkKgAwIBAgIQO8BkyzQIkpd070agWUhNzzAKBggqhkjOPQQDAjCBuTEL
|
||||||
|
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
|
||||||
|
MRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV
|
||||||
|
BgNVBAoTDkhhc2hpQ29ycCBJbmMuMUAwPgYDVQQDEzdDb25zdWwgQWdlbnQgQ0Eg
|
||||||
|
MjEyMjI3MjczNTY3OTU2OTkzMTM2MDE1MjYzOTI2NDk0MjAzODQ4MB4XDTIxMTEx
|
||||||
|
MzIyMTkxOVoXDTIyMTExMzIyMTkxOVowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j
|
||||||
|
b25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASb7kxoSg9vTbYRaxCvjPxc
|
||||||
|
EaiC0jVD1q+y/udJVECDMMFMa/UdijuiLnH3yRT67+VHIrEg0rt622FDcjf2DpWG
|
||||||
|
o4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
|
||||||
|
BQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgYWn1nNojLeViJTm/dKAyGpeI
|
||||||
|
+v8axVVcRDYr/9oVt5MwKwYDVR0jBCQwIoAgXjMGwMpTJIyi1WN7r+oADAdMh02M
|
||||||
|
70ToNUyD1nR077swLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs
|
||||||
|
aG9zdIcEfwAAATAKBggqhkjOPQQDAgNIADBFAiEAvzkvkOIZYowUocOhY3G6lLbO
|
||||||
|
v7cflBuK7wCS986fHPcCID6mztj5Ij+bSlE905axemFAesaoego14Go4OEKrMFPI
|
||||||
|
-----END CERTIFICATE-----
|
||||||
@ -1,21 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
RENEW=false
|
|
||||||
|
|
||||||
while getopts r: flag
|
|
||||||
do
|
|
||||||
case "${flag}" in
|
|
||||||
r) RENEW=true
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
HOSTNAME=$1
|
|
||||||
|
|
||||||
if [[ -f "$HOSTNAME.key.pem" && renew == 'false' ]]; then
|
|
||||||
echo "Certificate key for $HOSTNAME exists, use -r to renew it."
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
consul tls cert create -server -dc dc1 -additional-dnsname=$HOSTNAME -node=$HOSTNAME
|
|
||||||
mv dc1-server-consul-0-key.pem $HOSTNAME.key.pem
|
|
||||||
mv dc1-server-consul-0.pem $HOSTNAME.pem
|
|
||||||
@ -8,9 +8,7 @@
|
|||||||
"disable_remote_exec": true,
|
"disable_remote_exec": true,
|
||||||
"enable_syslog": true,
|
"enable_syslog": true,
|
||||||
"client_addr": "0.0.0.0",
|
"client_addr": "0.0.0.0",
|
||||||
"ui_config": {
|
"ui": true,
|
||||||
"enabled": true
|
|
||||||
},
|
|
||||||
"retry_join": [
|
"retry_join": [
|
||||||
"10.0.96.80",
|
"10.0.96.80",
|
||||||
"10.0.96.81",
|
"10.0.96.81",
|
||||||
|
|||||||
@ -1,3 +1,3 @@
|
|||||||
node "{{item}}" {
|
node "cnsl01" {
|
||||||
policy = "write"
|
policy = "write"
|
||||||
}
|
}
|
||||||
3
policy/cnsl02-node-policy.hcl
Normal file
3
policy/cnsl02-node-policy.hcl
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
node "cnsl02" {
|
||||||
|
policy = "write"
|
||||||
|
}
|
||||||
3
policy/cnsl03-node-policy.hcl
Normal file
3
policy/cnsl03-node-policy.hcl
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
node "cnsl03" {
|
||||||
|
policy = "write"
|
||||||
|
}
|
||||||
12
policy/node-policy.hcl
Normal file
12
policy/node-policy.hcl
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
agent_prefix "" {
|
||||||
|
policy = "write"
|
||||||
|
}
|
||||||
|
node_prefix "" {
|
||||||
|
policy = "write"
|
||||||
|
}
|
||||||
|
service_prefix "" {
|
||||||
|
policy = "read"
|
||||||
|
}
|
||||||
|
session_prefix "" {
|
||||||
|
policy = "read"
|
||||||
|
}
|
||||||
7
policy/node-token.txt
Normal file
7
policy/node-token.txt
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
AccessorID: 34eb7622-fb31-c2ac-68c0-f1de090c220a
|
||||||
|
SecretID: a3ffb2c1-a218-5b02-c4ae-6b2e73050a7c
|
||||||
|
Description: node token
|
||||||
|
Local: false
|
||||||
|
Create Time: 2021-11-14 03:38:58.055421799 +0000 UTC
|
||||||
|
Policies:
|
||||||
|
90a72d92-8c2f-475d-1db3-b44ac409be6d - node-policy
|
||||||
3
policy/oort-node-policy.hcl
Normal file
3
policy/oort-node-policy.hcl
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
node "oort" {
|
||||||
|
policy = "write"
|
||||||
|
}
|
||||||
3
policy/oort.hcl
Normal file
3
policy/oort.hcl
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
node "oort" {
|
||||||
|
policy = "write"
|
||||||
|
}
|
||||||
@ -1,3 +0,0 @@
|
|||||||
ansible
|
|
||||||
proxmoxer
|
|
||||||
requests
|
|
||||||
@ -8,6 +8,8 @@
|
|||||||
"enable_syslog": true,
|
"enable_syslog": true,
|
||||||
"encrypt": "HwOdJKTZXTaqGsCaBs7qRlrPm0msjz/K2WQ1/HbZ+I8=",
|
"encrypt": "HwOdJKTZXTaqGsCaBs7qRlrPm0msjz/K2WQ1/HbZ+I8=",
|
||||||
"ca_file": "/etc/consul/consul-agent-ca.pem",
|
"ca_file": "/etc/consul/consul-agent-ca.pem",
|
||||||
|
"cert_file": "/etc/consul/dc1-agent-consul-0.pem",
|
||||||
|
"key_file": "/etc/consul/dc1-agent-consul-0-key.pem",
|
||||||
"verify_incoming": true,
|
"verify_incoming": true,
|
||||||
"verify_outgoing": true,
|
"verify_outgoing": true,
|
||||||
"verify_server_hostname": true,
|
"verify_server_hostname": true,
|
||||||
|
|||||||
@ -1,11 +1,8 @@
|
|||||||
{
|
{
|
||||||
"ca_file": "/etc/consul.keys/consul-agent-ca.pem",
|
"ca_file": "/etc/consul.keys/consul-agent-ca.pem",
|
||||||
"cert_file": "/etc/consul.keys/{{ ansible_nodename }}.pem",
|
"cert_file": "/etc/consul.keys/dc1-server-consul-{{ ansible_nodename }}.pem",
|
||||||
"key_file": "/etc/consul.keys/{{ ansible_nodename }}.key.pem",
|
"key_file": "/etc/consul.keys/dc1-server-consul-{{ ansible_nodename }}-key.pem",
|
||||||
"verify_incoming": true,
|
"verify_incoming": true,
|
||||||
"verify_outgoing": true,
|
"verify_outgoing": true,
|
||||||
"verify_server_hostname": true,
|
"verify_server_hostname": true
|
||||||
"auto_encrypt": {
|
|
||||||
"allow_tls": true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user