aboutsummaryrefslogtreecommitdiffstats
path: root/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
diff options
context:
space:
mode:
Diffstat (limited to 'resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2')
-rw-r--r--resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j221
1 files changed, 17 insertions, 4 deletions
diff --git a/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2 b/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
index 11743fa420..e220c8f687 100644
--- a/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
+++ b/resources/tools/testbed-setup/ansible/roles/consul/templates/base.hcl.j2
@@ -14,6 +14,23 @@ server = {{ consul_node_server | bool | lower }}
encrypt = "{{ consul_encrypt }}"
{% if consul_node_server | bool == True %}
bootstrap_expect = {{ consul_bootstrap_expect }}
+verify_incoming = true
+verify_outgoing = true
+verify_server_hostname = true
+ca_file = "{{ consul_ca_file }}"
+cert_file = "{{ consul_cert_file }}"
+key_file = "{{ consul_key_file }}"
+auto_encrypt {
+ allow_tls = true
+}
+{% else %}
+verify_incoming = false
+verify_outgoing = true
+verify_server_hostname = true
+ca_file = "{{ consul_ca_file }}"
+auto_encrypt {
+ tls = true
+}
{% endif %}
{% if consul_retry_join | bool -%}
retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
@@ -21,10 +38,6 @@ retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if n
ui = {{ consul_ui | bool | lower }}
-ca_file = "{{ consul_ca_file }}"
-cert_file = "{{ consul_cert_file }}"
-key_file = "{{ consul_key_file }}"
-
{% if consul_recursors -%}
recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
{%- endif %} \ No newline at end of file