mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-04-18 19:23:17 +02:00
45 lines
995 B
Plaintext
45 lines
995 B
Plaintext
|
vault {
|
||
|
|
address = "{{ consul_vault_agent.vault_address }}"
|
||
|
|
}
|
||
|
|
|
||
|
|
auto_auth {
|
||
|
|
{% if consul_vault_agent.auth.approle is defined %}
|
||
|
|
method {
|
||
|
|
type = "approle"
|
||
|
|
config {
|
||
|
|
role_id_file_path = "{{ consul_root_dir }}/vault/role_id"
|
||
|
|
secret_id_file_path = "{{ consul_root_dir }}/vault/secret_id"
|
||
|
|
remove_secret_id_file_after_reading = false
|
||
|
|
}
|
||
|
|
}
|
||
|
|
{% elif consul_vault_agent.auth.token is defined %}
|
||
|
|
method {
|
||
|
|
type = "token_file"
|
||
|
|
config {
|
||
|
|
token_file_path = "{{ consul_root_dir }}/vault/token"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
{% endif %}
|
||
|
|
|
||
|
|
sink {
|
||
|
|
type = "file"
|
||
|
|
wrap_ttl = "30s"
|
||
|
|
config = {
|
||
|
|
path = "/run/consul/vault_token"
|
||
|
|
mode = 640
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
template {
|
||
|
|
source = "{{ consul_root_dir }}/vault/templates/agent_bundle.pem.tpl"
|
||
|
|
destination = "{{ consul_root_dir }}/tls/agent_bundle.pem"
|
||
|
|
left_delimiter = "[["
|
||
|
|
right_delimiter = "]]"
|
||
|
|
perms = 0640
|
||
|
|
exec {
|
||
|
|
command = ["sh", "-c", "kill -USR1 $(cat /run/consul/consul_agent.pid)"]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|