Update to 2022-09-06 18:00

roles/consul/defaults/main.yml

@@ -88,6 +88,12 @@ consul_base_conf:
     enabled: False
     # The default_policy is also used for intentions in the service mesh
     default_policy: deny
+    enable_token_persistence: True
+    # You can set tokens used by the agent
+    # tokens:
+    #   default: ab47bc38-d97f-19af-93a5-17b528d154c9
+    #   agent: 5459979a-3f23-8b1f-ff8a-2478856e9216
+    tokens: {}
 
   tls:
     # No TLS will be stup unless this is set to True
@@ -110,18 +116,21 @@ consul_extra_conf: {}
 consul_host_conf: {}
 consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}"
 
-# To get certificates from vault
-consul_base_vault_tls:
-  enabled: False
-  # address: https://active.vault.service.consul:8200
-  # token: XXXXXX
+# TLS certs and token retrival from vault
+consul_base_vault_secrets:
+  # vault_address: https://active.vault.service.consul:8200
+  # vault_token: XXXXXX
   pki:
+    enabled: False
     path: /pki/consul
     role: consul-{{ consul_conf.server | ternary('server', 'client') }}
-    ttl: 24h
-consul_extra_vault_tls: {}
-consul_host_vault_tls: {}
-consul_vault_tls: "{{ consul_base_vault_tls | combine(consul_extra_vault_tls, recursive=True) | combine(consul_host_vault_tls, recursive=True) }}"
+  tokens:
+    enabled: False
+    path: /consul
+    role: consul-agent
+consul_extra_vault_secrets: {}
+consul_host_vault_secrets: {}
+consul_vault_secrets: "{{ consul_base_vault_secrets | combine(consul_extra_vault_secrets, recursive=True) | combine(consul_host_vault_secrets, recursive=True) }}"
 
 # For example
 # consul_extra_conf: