diff options
author | pmikus <pmikus@cisco.com> | 2021-09-27 18:48:08 +0000 |
---|---|---|
committer | pmikus <pmikus@cisco.com> | 2021-09-27 18:48:08 +0000 |
commit | 7b626e1a708fe5abab70a54bb74ade6e6b7f4d91 (patch) | |
tree | b3f59e2ae80d953c86770c7ccb0b375287e618d8 | |
parent | a8dc69c48e909384348d2d6d8aaa856c1e8e740d (diff) |
feat(Ansible): Consul make variables configurable
Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: I2dc9da9546d1a6ea7e3b9110843eb28f84f1bfc2
-rw-r--r-- | fdio.infra.ansible/roles/consul/defaults/main.yaml | 4 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/consul/templates/base.hcl.j2 | 16 |
2 files changed, 12 insertions, 8 deletions
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml index 3905d05e0a..13bba8b144 100644 --- a/fdio.infra.ansible/roles/consul/defaults/main.yaml +++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml @@ -66,6 +66,10 @@ consul_encrypt: "" consul_ca_file: "{{ consul_ssl_dir }}/ca.pem" consul_cert_file: "{{ consul_ssl_dir }}/consul.pem" consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_ui_config: enabled: true consul_recursors: diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 index dab43fb3fc..15104b2710 100644 --- a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 +++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 @@ -14,22 +14,22 @@ server = {{ consul_node_server | bool | lower }} encrypt = "{{ consul_encrypt }}" {% if consul_node_server | bool == True %} bootstrap_expect = {{ consul_bootstrap_expect }} -verify_incoming = false -verify_outgoing = false -verify_server_hostname = false +verify_incoming = {{ consul_verify_incoming | bool | lower }} +verify_outgoing = {{ consul_verify_outgoing | bool | lower }} +verify_server_hostname = {{ consul_vefify_server_hostname | bool | lower }} ca_file = "{{ consul_ca_file }}" cert_file = "{{ consul_cert_file }}" key_file = "{{ consul_key_file }}" auto_encrypt { - allow_tls = false + allow_tls = {{ consul_allow_tls | bool | lower }} } {% else %} -verify_incoming = false -verify_outgoing = false -verify_server_hostname = false +verify_incoming = {{ consul_verify_incoming | bool | lower }} +verify_outgoing = {{ consul_verify_outgoing | bool | lower }} +verify_server_hostname = {{ consul_vefify_server_hostname | bool | lower }} ca_file = "{{ consul_ca_file }}" auto_encrypt { - tls = false + tls = {{ consul_allow_tls | bool | lower }} } {% endif %} {% if consul_retry_join | bool -%} |