Patrick de Ruiter
22d78bf85c
All checks were successful
Code Quality & Security Scan / TFLint (push) Successful in 24s
Code Quality & Security Scan / Tfsec Security Scan (push) Successful in 30s
Code Quality & Security Scan / Checkov Security Scan (push) Successful in 44s
Code Quality & Security Scan / Terraform Validate (push) Successful in 43s
Code Quality & Security Scan / SonarQube Trigger (push) Successful in 47s
- Remove ansible/ from .gitignore - Add vault_agent role (copied from terraform-vsphere-infra) - Add vault_agent-playbook.yml for deployment - Include ansible collections (cloud.terraform, ansible.posix, etc.) - Archive consul_template role as consul_template-legacy The ansible directory contains the vault-agent deployment automation that replaces the legacy consul-template approach.
26 lines
879 B
Django/Jinja
26 lines
879 B
Django/Jinja
storage "raft" {
|
|
path = "{{ vault_raft_storage }}"
|
|
node_id = "{{ ansible_hostname }}"
|
|
{% for node in groups["vault"] %}
|
|
retry_join
|
|
{
|
|
leader_api_addr = "https://{{ hostvars[node]['inventory_hostname'] }}.{{ domain_name }}:{{ vault_port }}"
|
|
}
|
|
{% endfor %}
|
|
}
|
|
|
|
listener "tcp" {
|
|
address = "0.0.0.0:{{ vault_port }}"
|
|
tls_disable = false
|
|
tls_cert_file = "/etc/vault.d/ssl/{{ inventory_hostname }}.crt"
|
|
tls_key_file = "/etc/vault.d/ssl/{{ inventory_hostname }}.key"
|
|
tls_client_ca_file = "/etc/vault.d/ssl/ca-wbyc-certificate.pem"
|
|
}
|
|
api_addr = "https://{{ inventory_hostname }}.{{ domain_name }}:{{ vault_port }}"
|
|
cluster_addr = "https://{{ inventory_hostname }}.{{ domain_name }}:{{ vault_cluster_port }}"
|
|
disable_mlock = true
|
|
ui = true
|
|
log_level = "{{ vault_log_level }}"
|
|
disable_cache = true
|
|
cluster_name = "{{ vault_cluster_name }}"
|