jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-06 16:46:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-09-04 14:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-09-04 14:00:17 +02:00
parent 59c5adc8fa
commit c36a80b596
16 changed files with 270 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
roles/consul/templates/consul.hcl.j2
View File

@@ -76,3 +76,37 @@ acl {
enabled = {{ consul_conf.acl.enabled | ternary('true', 'false') }}
default_policy = "{{ consul_conf.acl.default_policy }}"
}
{% if consul_conf.tls.enabled %}
# TLS settings
tls {
{% for section in ['defaults', 'grpc', 'https', 'internal_rpc'] %}
{% if consul_conf.tls[section] is defined %}
{{ section }} {
{% for key in ['ca_file', 'ca_path', 'cert_file', 'key_file', 'tls_min_version', 'tls_cipher_suites'] %}
{% if consul_conf.tls[section][key] is defined %}
{{ key }} = "{{ consul_conf.tls[section][key] }}"
{% endif %}
{% endfor %}
{% for key in ['verify_incoming', 'verify_outgoing', 'verify_server_hostname'] %}
{% if consul_conf.tls[section][key] is defined %}
{{ key }} = {{ consul_conf.tls[section][key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
}
{% endif %}
{% endfor %}
}
# auto_encrypt, to distribute certificates from servers to clients
{% if consul_conf.server %}
auto_encrypt {
allow_tls = true
}
{% else %}
auto_encrypt {
tls = true
}
{% endif %}
{% endif %}