jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-10-30 18:31:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2022-09-04 18:00

Browse Source
This commit is contained in:
Daniel Berteaud
2022-09-04 18:00:17 +02:00
parent c36a80b596
commit e084a5f0b2
10 changed files with 124 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/consul/defaults/main.yml
View File

@@ -102,6 +102,9 @@ consul_base_conf:
# TLS settings for interal RPC
internal_rpc:
verify_server_hostname: True
grpc:
# verify_incoming must be disabled on the gRPC endpoint for the envoy proxies when using Consul Connect !
verify_incoming: False
consul_extra_conf: {}
consul_host_conf: {}

2
roles/consul/templates/agent_cert.tpl.j2
View File

@@ -1,5 +1,5 @@
{% if consul_conf.server %}
[[ with secret "{{ consul_vault_tls.pki.path }}/issue/{{ consul_vault_tls.pki.role }}" "common_name={{ consul_conf.server | ternary('server', 'client') }}-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" "ttl={{ consul_vault_tls.pki.ttl }}" "alt_names=localhost,{{ consul_conf.server | ternary('server', 'client') }}.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" ]]
[[ with secret "{{ consul_vault_tls.pki.path }}/issue/{{ consul_vault_tls.pki.role }}" "common_name=server-{{ ansible_fqdn | regex_replace('\\.', '-') }}.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" "ttl={{ consul_vault_tls.pki.ttl }}" "alt_names=localhost,consul.service.{{ consul_conf.domain | default('consul') }},server.{{ consul_conf.datacenter | default('dc1') }}.{{ consul_conf.domain | default('consul') }}" ]]
[[ .Data.{{ item.what }} ]]
[[ end ]]
{% else %}