ansible-galaxy/consul
1
0
Fork 0
mirror of https://gitea.0xace.cc/ansible-galaxy/consul.git synced 2025-07-01 09:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

rewrite ssl cert generation

Browse Source
This commit is contained in:
ace
2024-03-19 13:56:23 +03:00
parent ec2e1c36d2
commit c44883d0cd
7 changed files with 362 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
defaults/main.yaml
View File

@ -35,6 +35,10 @@ consul_self_signed_cert_name: "consul-tls"
consul_cacert_multiple_default_gw_workaround: false
consul_cacert_force_append_ips: []
consul_cacert_force_append_names: []
consul_cacert_ca_host_group: "consul_cacert_ca_host"
consul_cacert_clients_group: "consul_cacert_clients"
consul_cacert_ca_trust_anchors_update: true
consul_server_ssl_config: {}
consul_server_ssl_default_config:
ports:
@ -43,8 +47,8 @@ consul_server_ssl_default_config:
verify_outgoing: true
verify_server_hostname: false
ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
cert_file: "{{ consul_ssl_path }}/{{ inventory_hostname }}.crt"
key_file: "{{ consul_ssl_path }}/{{ inventory_hostname }}.key"
auto_encrypt:
allow_tls: true
@ -56,7 +60,7 @@ consul_agent_ssl_default_config:
verify_outgoing: true
verify_server_hostname: false
ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
cert_file: "{{ consul_ssl_path }}/{{ inventory_hostname }}.crt"
key_file: "{{ consul_ssl_path }}/{{ inventory_hostname }}.key"
is_virtualenv: "{{ lookup('env','VIRTUAL_ENV') | default('') }}"