jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-07 00:57:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-08-31 13:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-08-31 13:00:17 +02:00
parent 416ed9c867
commit c10fd506f3
18 changed files with 491 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
roles/vault/templates/vault.hcl.j2 Normal file
View File

@@ -0,0 +1,57 @@
cluster_name = "{{ vault_conf.cluster_name }}"
log_level = "{{ vault_conf.log_level }}"
log_format = "{{ vault_conf.log_format }}"
plugin_directory = "{{ vault_conf.plugin_directory }}"
plugin_file_uid = {{ vault_conf.plugin_file_uid }}
disable_mlock = {{ vault_conf.disable_mlock | ternary('true', 'false') }}
{% for listener in vault_conf.listeners %}
listener "tcp" {
address = "{{ listener.address }}"
cluster_address = "{{ listener.cluster_address }}"
tls_cert_file = "{{ listener.tls_cert_file }}"
tls_key_file = "{{ listener.tls_key_file }}"
{% if listener.x_forwarded_for_authorized_addrs | length > 0 %}
x_forwarded_for_authorized_addrs = "{{ listener.x_forwarded_for_authorized_addrs | join(',') }}"
x_forwarded_for_reject_not_present = {{ listener.x_forwarded_for_reject_not_present | ternary('true', 'false') }}
{% endif %}
}
{% endfor %}
api_addr = "{{ vault_conf.api_addr }}"
cluster_addr = "{{ vault_conf.cluster_addr }}"
storage "raft" {
path = "{{ vault_conf.storage.raft.path }}"
node_id = "{{ vault_conf.storage.raft.node_id }}"
performance_multiplier = {{ vault_conf.storage.raft.performance_multiplier }}
{% if vault_conf.storage.raft.retry_join | length > 0 %}
{% for server in vault_conf.storage.raft.retry_join %}
retry_join {
{% for key in server.keys() | list %}
{{ key }} = "{{ server[key] }}"
{% endfor %}
}
{% endfor %}
{% endif %}
}
{% if vault_conf.service_registration is defined %}
service_registration "consul" {
{% for key in ['address', 'service', 'token', 'tls_ca_file', 'tls_cert_file', 'tls_key_file'] %}
{% if vault_conf.service_registration[key] is defined %}
{{ key }} = "{{ vault_conf.service_registration[key] }}"
{% endif %}
{% endfor %}
{% if vault_conf.service_registration.service_tags is defined %}
service_tags = [
{% for tag in vault_conf.service_registration.service_tags %}
"{{ tag }}",
{% endfor %}
]
{% endif %}
}
{% endif %}