aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpmikus <pmikus@cisco.com>2021-09-27 18:48:08 +0000
committerpmikus <pmikus@cisco.com>2021-09-27 18:48:08 +0000
commit7b626e1a708fe5abab70a54bb74ade6e6b7f4d91 (patch)
treeb3f59e2ae80d953c86770c7ccb0b375287e618d8
parenta8dc69c48e909384348d2d6d8aaa856c1e8e740d (diff)
feat(Ansible): Consul make variables configurable
Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: I2dc9da9546d1a6ea7e3b9110843eb28f84f1bfc2
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml4
-rw-r--r--fdio.infra.ansible/roles/consul/templates/base.hcl.j216
2 files changed, 12 insertions, 8 deletions
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
index 3905d05e0a..13bba8b144 100644
--- a/fdio.infra.ansible/roles/consul/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -66,6 +66,10 @@ consul_encrypt: ""
consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
+consul_verify_incoming: false
+consul_verify_outgoing: false
+consul_vefify_server_hostname: false
+consul_allow_tls: false
consul_ui_config:
enabled: true
consul_recursors:
diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
index dab43fb3fc..15104b2710 100644
--- a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
+++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
@@ -14,22 +14,22 @@ server = {{ consul_node_server | bool | lower }}
encrypt = "{{ consul_encrypt }}"
{% if consul_node_server | bool == True %}
bootstrap_expect = {{ consul_bootstrap_expect }}
-verify_incoming = false
-verify_outgoing = false
-verify_server_hostname = false
+verify_incoming = {{ consul_verify_incoming | bool | lower }}
+verify_outgoing = {{ consul_verify_outgoing | bool | lower }}
+verify_server_hostname = {{ consul_vefify_server_hostname | bool | lower }}
ca_file = "{{ consul_ca_file }}"
cert_file = "{{ consul_cert_file }}"
key_file = "{{ consul_key_file }}"
auto_encrypt {
- allow_tls = false
+ allow_tls = {{ consul_allow_tls | bool | lower }}
}
{% else %}
-verify_incoming = false
-verify_outgoing = false
-verify_server_hostname = false
+verify_incoming = {{ consul_verify_incoming | bool | lower }}
+verify_outgoing = {{ consul_verify_outgoing | bool | lower }}
+verify_server_hostname = {{ consul_vefify_server_hostname | bool | lower }}
ca_file = "{{ consul_ca_file }}"
auto_encrypt {
- tls = false
+ tls = {{ consul_allow_tls | bool | lower }}
}
{% endif %}
{% if consul_retry_join | bool -%}