112 lines
2.8 KiB
YAML
112 lines
2.8 KiB
YAML
---
|
|
#####################################################
|
|
# #
|
|
# Vault Configuration #
|
|
# #
|
|
#####################################################
|
|
|
|
vault_cluster_name: vault
|
|
vault_enable_ui: true
|
|
vault_seal_configuration:
|
|
key_shares: 3
|
|
key_threshold: 2
|
|
|
|
#########
|
|
# storage
|
|
#########
|
|
|
|
vault_storage_configuration:
|
|
raft:
|
|
path: "{{ hashi_vault_data_dir }}/data"
|
|
node_id: "{{ ansible_hostname }}"
|
|
retry_join: |
|
|
[
|
|
{% for host in groups['vault_servers'] %}
|
|
{
|
|
'leader_api_addr': 'http://{{ hostvars[host].api_interface_address }}:8200'
|
|
}{% if not loop.last %},{% endif %}
|
|
{% endfor %}
|
|
]
|
|
|
|
##########
|
|
# listener
|
|
##########
|
|
|
|
vault_enable_tls: false
|
|
vault_listener_configuration:
|
|
tcp:
|
|
address: "0.0.0.0:8200"
|
|
tls_disable: true
|
|
|
|
vault_tls_listener_configuration:
|
|
tcp:
|
|
tls_disable: false
|
|
tls_cert_file: "{{ hashi_vault_extra_files_dst }}/tls/cert.pem"
|
|
tls_key_file: "{{ hashi_vault_extra_files_dst }}/tls/key.pem"
|
|
|
|
vault_extra_listener_configuration: {}
|
|
|
|
######################
|
|
# service registration
|
|
######################
|
|
|
|
vault_enable_service_registration: false
|
|
vault_service_registration_configuration:
|
|
consul:
|
|
address: "127.0.0.1:8500"
|
|
scheme: "http"
|
|
|
|
#########
|
|
# plugins
|
|
#########
|
|
|
|
vault_enable_plugins: true
|
|
vault_plugin_directory: "{{ hashi_vault_extra_files_dst }}/plugin"
|
|
|
|
#########
|
|
# logging
|
|
#########
|
|
|
|
vault_enable_log_to_file: false
|
|
vault_logging_configuration:
|
|
log_level: info
|
|
log_format: standard
|
|
log_rotate_duration: 24h
|
|
log_rotate_max_files: 30
|
|
|
|
#########################
|
|
# vault container volumes
|
|
#########################
|
|
|
|
extra_vault_container_volumes: []
|
|
|
|
#####################
|
|
# extra configuration
|
|
#####################
|
|
|
|
vault_extra_configuration: {}
|
|
|
|
###############
|
|
# configuration
|
|
###############
|
|
|
|
hashi_vault_start_service: true
|
|
hashi_vault_version: "{{ vault_versions[deployment_method] }}"
|
|
hashi_vault_deploy_method: "{{ deployment_method }}"
|
|
hashi_vault_env_variables: {}
|
|
hashi_vault_config_dir: "/etc/vault.d"
|
|
hashi_vault_data_dir: "/opt/vault"
|
|
hashi_vault_extra_files: true
|
|
hashi_vault_extra_files_src: "{{ sub_configuration_directories.vault_servers }}/config"
|
|
hashi_vault_extra_files_dst: "{{ hashi_vault_config_dir }}/config"
|
|
hashi_vault_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_vault_container_volumes) | unique }}"
|
|
hashi_vault_configuration:
|
|
cluster_name: "{{ vault_cluster_name }}"
|
|
cluster_addr: "http://{{ api_interface_address }}:8201"
|
|
api_addr: "http://{{ api_interface_address }}:8200"
|
|
ui: "{{ vault_enable_ui }}"
|
|
disable_mlock: false
|
|
disable_cache: false
|
|
listener: "{{ vault_listener_configuration }}"
|
|
storage: "{{ vault_storage_configuration }}"
|