55 lines
1.6 KiB
Django/Jinja
55 lines
1.6 KiB
Django/Jinja
# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
|
|
|
|
ui = {{ vault_enable_ui | ternary('true', 'false') }}
|
|
api_addr = "https://{{ inventory_hostname }}:8200"
|
|
cluster_addr = "https://{{ inventory_hostname }}:8201"
|
|
|
|
disable_mlock = true
|
|
|
|
plugin_directory = "{{ vault_plugin_path }}"
|
|
|
|
storage "raft" {
|
|
path = "{{ vault_storage_path }}"
|
|
{% if vault_node_id is defined %}
|
|
node_id = "{{ vault_node_id }}"
|
|
{% else %}
|
|
node_id = "vault{{ vault_id | default((inventory_hostname | regex_replace('vault(\\d+)\..*$', '\\1')| int )) }}"
|
|
{% endif %}
|
|
|
|
# Auto-join cluster
|
|
{% for host in play_hosts -%}
|
|
{% if host != inventory_hostname -%}
|
|
retry_join {
|
|
leader_api_address = "http://{{ hostvars[host]['ansible_host'] }}:8200"
|
|
}
|
|
{% endif -%}
|
|
{% endfor -%}
|
|
}
|
|
|
|
# HTTPS listener
|
|
listener "tcp" {
|
|
address = "0.0.0.0:8200"
|
|
tls_cert_file = "{{ vault_tls_cert_file }}"
|
|
tls_key_file = "{{ vault_tls_key_file }}"
|
|
{% if vault_proxy_protocol_behavior is defined %}
|
|
proxy_protocol_behavior = "{{ vault_proxy_protocol_behavior }}"
|
|
{% endif %}
|
|
{% if vault_proxy_protocol_authorized_addrs is defined %}
|
|
proxy_protocol_authorized_addrs = "{{ vault_proxy_protocol_authorized_addrs }}"
|
|
{% endif %}
|
|
{% if vault_x_forwarded_for_authorized_addrs is defined %}
|
|
x_forwarded_for_authorized_addrs = "{{ vault_x_forwarded_for_authorized_addrs }}"
|
|
{% endif %}
|
|
}
|
|
|
|
{% if vault_seal_transit_address is defined %}
|
|
seal "transit" {
|
|
address = "{{ vault_seal_transit_address }}"
|
|
token = "{{ vault_seal_transit_token }}"
|
|
disable_renewal = "false"
|
|
// Key configuration
|
|
key_name = "unseal_key"
|
|
mount_path = "transit/"
|
|
}
|
|
{% endif %}
|