mirror of
https://git.lapiole.org/dani/ansible-roles.git
synced 2025-04-16 10:13:26 +02:00
43 lines
1.2 KiB
Django/Jinja
43 lines
1.2 KiB
Django/Jinja
vault {
|
|
address = "{{ consul_vault_secrets.vault_address }}"
|
|
token = "{{ consul_vault_secrets.vault_token }}"
|
|
unwrap_token = false
|
|
}
|
|
|
|
template {
|
|
source = "{{ consul_root_dir }}/consul-template/agent_bundle.pem.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ consul_root_dir }}/tls/agent_bundle.pem"
|
|
perms = 0640
|
|
exec {
|
|
command = "sh -c 'systemctl reload consul || true'"
|
|
}
|
|
}
|
|
|
|
{% if consul_conf.server %}
|
|
template {
|
|
source = "{{ consul_root_dir }}/consul-template/cli_bundle.pem.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ consul_root_dir }}/tls/cli_bundle.pem"
|
|
perms = 0640
|
|
exec {
|
|
command = "sh -c 'systemctl reload consul || true'"
|
|
}
|
|
}
|
|
{% endif %}
|
|
|
|
{% if consul_vault_secrets.tokens.enabled %}
|
|
template {
|
|
source = "{{ consul_root_dir }}/consul-template/agent.token.tpl"
|
|
left_delimiter = "[["
|
|
right_delimiter = "]]"
|
|
destination = "{{ consul_root_dir }}/tmp/agent.token"
|
|
perms = 0600
|
|
exec {
|
|
command = "sh -c 'consul acl set-agent-token default $(grep -P \'^[^\s]\' {{ consul_root_dir }}/tmp/agent.token)'"
|
|
}
|
|
}
|
|
{% endif %}
|