test: adjust globals.yml for tls and no_tls multinode setups
This commit is contained in:
parent
7567e09191
commit
cdb94d9848
@ -1,293 +1,91 @@
|
||||
---
|
||||
# Molecule specific variables
|
||||
|
||||
##########################
|
||||
# General options ########
|
||||
##########################
|
||||
###################
|
||||
# General options #
|
||||
###################
|
||||
|
||||
# enable_haproxy: "yes"
|
||||
# enable_vault: "yes"
|
||||
# enable_consul: "yes"
|
||||
# enable_nomad: "yes"
|
||||
enable_vault: "yes"
|
||||
enable_consul: "yes"
|
||||
enable_nomad: "yes"
|
||||
|
||||
# haproxy_version: "2.8"
|
||||
nomad_version: "1.8.2"
|
||||
nomad_version: "1.8.3"
|
||||
# consul_version: "1.18.1"
|
||||
# vault_version: "1.16.2"
|
||||
|
||||
# consul_fqdn: consul.ednz.lab
|
||||
# vault_fqdn: vault.ednz.lab
|
||||
# nomad_fqdn: nomad.ednz.lab
|
||||
|
||||
# hashistack_external_vip_interface: "eth0"
|
||||
# hashistack_external_vip_addr: "192.168.121.100"
|
||||
# hashistack_internal_vip_interface: "{{ hashistack_external_vip_interface }}"
|
||||
# hashistack_internal_vip_addr: "{{ hashistack_external_vip_addr }}"
|
||||
vault_version: "1.17.2"
|
||||
|
||||
api_interface: "eth1"
|
||||
# api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
|
||||
|
||||
########################
|
||||
# external tls options #
|
||||
########################
|
||||
|
||||
# enable_tls_external: false
|
||||
# external_tls_externally_managed_certs: false
|
||||
###################
|
||||
# logging options #
|
||||
###################
|
||||
|
||||
enable_log_to_file: true
|
||||
########################
|
||||
# internal tls options #
|
||||
########################
|
||||
|
||||
# enable_tls_internal: false
|
||||
# internal_tls_externally_managed_certs: false
|
||||
|
||||
#####################################################
|
||||
# #
|
||||
##########
|
||||
# Consul #
|
||||
# #
|
||||
#####################################################
|
||||
##########
|
||||
|
||||
# consul_domain: consul
|
||||
# consul_datacenter: dc1
|
||||
# consul_primary_datacenter: dc1
|
||||
# consul_leave_on_terminate: true
|
||||
# consul_rejoin_after_leave: true
|
||||
# consul_enable_script_checks: true
|
||||
# consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
|
||||
# hashistack_consul_domain: consul
|
||||
# hashistack_consul_datacenter: dc1
|
||||
# hashistack_consul_primary_datacenter: "{{ consul_datacenter }}"
|
||||
# hashistack_consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
|
||||
# hashistack_consul_enable_script_checks: false
|
||||
|
||||
################################
|
||||
# consul address configuration #
|
||||
################################
|
||||
# hashistack_consul_extra_files_list: []
|
||||
# hashistack_consul_extra_configuration: {}
|
||||
|
||||
# consul_address_configuration:
|
||||
# # The address to which Consul will bind client interfaces,
|
||||
# # including the HTTP and DNS servers.
|
||||
# client_addr: "0.0.0.0"
|
||||
# # The address that should be bound to for internal cluster communications.
|
||||
# bind_addr: "{{ api_interface_address }}"
|
||||
# # The advertise address is used to change the address that we advertise to other nodes in the cluster.
|
||||
# advertise_addr: "{{ api_interface_address }}"
|
||||
# hashistack_consul_enable_tls: "{{ enable_tls_internal }}"
|
||||
|
||||
############################
|
||||
# consul ACL configuration #
|
||||
############################
|
||||
# hashistack_consul_log_level: info
|
||||
|
||||
# consul_acl_configuration:
|
||||
# enabled: true
|
||||
# default_policy: "deny" # can be allow or deny
|
||||
# enable_token_persistence: true
|
||||
|
||||
############################
|
||||
# consul DNS configuration #
|
||||
############################
|
||||
|
||||
# consul_dns_configuration:
|
||||
# allow_stale: true
|
||||
# enable_truncate: true
|
||||
# only_passing: true
|
||||
|
||||
###########################
|
||||
# consul ui configuration #
|
||||
###########################
|
||||
|
||||
# consul_ui_configuration:
|
||||
# enabled: "{{ 'consul_servers' in group_names }}"
|
||||
|
||||
#####################################
|
||||
# consul service mesh configuration #
|
||||
#####################################
|
||||
|
||||
# consul_mesh_configuration:
|
||||
# enabled: true
|
||||
|
||||
############################
|
||||
# consul tls configuration #
|
||||
############################
|
||||
|
||||
# consul_enable_tls: "{{ enable_tls_internal }}"
|
||||
# consul_tls_configuration:
|
||||
# defaults:
|
||||
# ca_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||
# cert_file: "{{ consul_certificates_directory }}/cert.pem"
|
||||
# key_file: "{{ consul_certificates_directory }}/key.pem"
|
||||
# verify_incoming: false
|
||||
# verify_outgoing: true
|
||||
# internal_rpc:
|
||||
# verify_server_hostname: true
|
||||
|
||||
############################
|
||||
# consul container volumes #
|
||||
############################
|
||||
|
||||
# extra_consul_container_volumes: []
|
||||
|
||||
##############################
|
||||
# consul extra configuration #
|
||||
##############################
|
||||
|
||||
# consul_extra_configuration: {}
|
||||
# consul_extra_files_list: []
|
||||
|
||||
#####################################################
|
||||
# #
|
||||
#########
|
||||
# Vault #
|
||||
# #
|
||||
#####################################################
|
||||
#########
|
||||
|
||||
# vault_cluster_name: vault
|
||||
# vault_enable_ui: true
|
||||
# vault_seal_configuration:
|
||||
# key_shares: 3
|
||||
# key_threshold: 2
|
||||
# hashistack_vault_cluster_name: vault
|
||||
# hashistack_vault_bind_addr: "0.0.0.0"
|
||||
# hashistack_vault_cluster_addr: "{{ api_interface_address }}"
|
||||
# hashistack_vault_enable_ui: true
|
||||
# hashistack_vault_disable_mlock: false
|
||||
# hashistack_vault_disable_cache: false
|
||||
|
||||
#################
|
||||
# vault storage #
|
||||
#################
|
||||
# hashistack_vault_extra_files_list: []
|
||||
# hashistack_vault_extra_configuration: {}
|
||||
|
||||
# vault_storage_configuration:
|
||||
# raft:
|
||||
# path: "{{ hashicorp_vault_data_dir }}/data"
|
||||
# node_id: "{{ ansible_hostname }}"
|
||||
# retry_join: |
|
||||
# [
|
||||
# {% for host in groups['vault_servers'] %}
|
||||
# {
|
||||
# 'leader_api_addr': '{{ "https" if vault_enable_tls else "http"}}://{{ hostvars[host].api_interface_address }}:8200'
|
||||
# }{% if not loop.last %},{% endif %}
|
||||
# {% endfor %}
|
||||
# ]
|
||||
# hashistack_vault_enable_tls: "{{ enable_tls_internal }}"
|
||||
|
||||
##################
|
||||
# vault listener #
|
||||
##################
|
||||
# hashistack_vault_enable_service_registration: "{{ enable_consul | bool }}"
|
||||
|
||||
# vault_enable_tls: "{{ enable_tls_internal }}"
|
||||
# vault_tls_verify: false
|
||||
# vault_listener_configuration:
|
||||
# tcp:
|
||||
# address: "0.0.0.0:8200"
|
||||
# tls_disable: true
|
||||
# hashistack_vault_enable_plugins: false
|
||||
|
||||
# vault_tls_listener_configuration:
|
||||
# tcp:
|
||||
# tls_disable: false
|
||||
# tls_cert_file: "{{ vault_certificates_directory }}/cert.pem"
|
||||
# tls_key_file: "{{ vault_certificates_directory }}/key.pem"
|
||||
# tls_disable_client_certs: true
|
||||
# hashistack_vault_log_level: info
|
||||
|
||||
# vault_extra_listener_configuration: {}
|
||||
|
||||
########################
|
||||
# service registration #
|
||||
########################
|
||||
|
||||
# vault_enable_service_registration: false
|
||||
# vault_service_registration_configuration:
|
||||
# consul:
|
||||
# address: "127.0.0.1:8500"
|
||||
# scheme: "http"
|
||||
# token: ""
|
||||
|
||||
#################
|
||||
# vault plugins #
|
||||
#################
|
||||
|
||||
# vault_enable_plugins: false
|
||||
|
||||
###########
|
||||
# logging #
|
||||
###########
|
||||
|
||||
# vault_enable_log_to_file: false
|
||||
# vault_logging_configuration:
|
||||
# log_level: info
|
||||
# log_format: standard
|
||||
# log_rotate_duration: 24h
|
||||
# log_rotate_max_files: 30
|
||||
|
||||
###########################
|
||||
# vault container volumes #
|
||||
###########################
|
||||
|
||||
# extra_vault_container_volumes: []
|
||||
|
||||
#############################
|
||||
# vault extra configuration #
|
||||
#############################
|
||||
|
||||
# vault_extra_configuration: {}
|
||||
# vault_extra_files_list: []
|
||||
|
||||
#####################################################
|
||||
# #
|
||||
#########
|
||||
# Nomad #
|
||||
# #
|
||||
#####################################################
|
||||
#########
|
||||
|
||||
# nomad_datacenter: dc1
|
||||
# nomad_region: global
|
||||
# hashistack_nomad_region: global
|
||||
# hashistack_nomad_datacenter: dc1
|
||||
|
||||
###########################
|
||||
# nomad ACL configuration #
|
||||
###########################
|
||||
# hashistack_nomad_extra_files_list: []
|
||||
# hashistack_nomad_extra_configuration: {}
|
||||
|
||||
# nomad_acl_configuration:
|
||||
# enabled: true
|
||||
# token_ttl: 30s
|
||||
# policy_ttl: 60s
|
||||
# role_ttl: 60s
|
||||
# hashistack_nomad_autopilot_configuration: {}
|
||||
|
||||
############################
|
||||
# nomad consul integration #
|
||||
############################
|
||||
# hashistack_nomad_driver_enable_docker: true
|
||||
# hashistack_nomad_driver_enable_podman: false
|
||||
# hashistack_nomad_driver_enable_raw_exec: false
|
||||
# hashistack_nomad_driver_enable_java: false
|
||||
# hashistack_nomad_driver_enable_qemu: false
|
||||
|
||||
# nomad_enable_consul_integration: "{{ enable_consul | bool }}"
|
||||
# nomad_consul_integration_configuration:
|
||||
# address: "127.0.0.1:{{ hashicorp_consul_configuration.ports.https if consul_enable_tls else hashicorp_consul_configuration.ports.http }}"
|
||||
# auto_advertise: true
|
||||
# ssl: "{{ consul_enable_tls | bool }}"
|
||||
# token: "{{ _credentials.consul.tokens.nomad.server.secret_id if nomad_enable_server else _credentials.consul.tokens.nomad.client.secret_id}}"
|
||||
# tags: []
|
||||
# hashistack_nomad_driver_configuration: {}
|
||||
|
||||
############################
|
||||
# nomad vault integration #
|
||||
############################
|
||||
# hashistack_nomad_log_level: info
|
||||
|
||||
# nomad_enable_vault_integration: false
|
||||
# nomad_vault_integration_configuration: {}
|
||||
|
||||
###############################
|
||||
# nomad drivers configuration #
|
||||
###############################
|
||||
|
||||
# nomad_driver_enable_docker: yes
|
||||
# nomad_driver_enable_podman: no
|
||||
# nomad_driver_enable_raw_exec: no
|
||||
# nomad_driver_enable_java: no
|
||||
# nomad_driver_enable_qemu: no
|
||||
|
||||
# nomad_driver_extra_configuration: {}
|
||||
|
||||
######################
|
||||
# nomad internal tls #
|
||||
######################
|
||||
|
||||
# nomad_enable_tls: "{{ enable_tls_internal }}"
|
||||
# nomad_tls_configuration:
|
||||
# http: true
|
||||
# rpc: true
|
||||
# ca_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||
# cert_file: "{{ nomad_certificates_directory }}/cert.pem"
|
||||
# key_file: "{{ nomad_certificates_directory }}/key.pem"
|
||||
# verify_server_hostname: true
|
||||
# nomad_certificates_directory: "{{ hashicorp_nomad_config_dir }}/tls"
|
||||
# nomad_certificates_extra_files_dir:
|
||||
# - src: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
|
||||
# dest: "{{ nomad_certificates_directory }}"
|
||||
|
||||
#############################
|
||||
# nomad extra configuration #
|
||||
#############################
|
||||
|
||||
# nomad_extra_configuration: {}
|
||||
# nomad_extra_files_list: []
|
||||
# hashistack_nomad_enable_tls: "{{ enable_tls_internal }}"
|
||||
|
@ -7,38 +7,26 @@ hashistack_ca_directory_owner: "{{ lookup('env', 'USER') }}"
|
||||
hashistack_ca_domain: ednz.lab
|
||||
hashistack_ca_intermediate_name_constraints_critical: false
|
||||
|
||||
##########################
|
||||
# General options ########
|
||||
##########################
|
||||
###################
|
||||
# General options #
|
||||
###################
|
||||
|
||||
# enable_haproxy: "yes"
|
||||
# enable_vault: "yes"
|
||||
# enable_consul: "yes"
|
||||
# enable_nomad: "yes"
|
||||
enable_vault: "yes"
|
||||
enable_consul: "yes"
|
||||
enable_nomad: "yes"
|
||||
|
||||
# haproxy_version: "2.8"
|
||||
nomad_version: "1.8.3"
|
||||
# consul_version: "1.18.1"
|
||||
vault_version: "1.17.2"
|
||||
|
||||
# consul_fqdn: consul.ednz.lab
|
||||
# vault_fqdn: vault.ednz.lab
|
||||
# nomad_fqdn: nomad.ednz.lab
|
||||
|
||||
# hashistack_external_vip_interface: "eth0"
|
||||
# hashistack_external_vip_addr: "192.168.121.100"
|
||||
# hashistack_internal_vip_interface: "{{ hashistack_external_vip_interface }}"
|
||||
# hashistack_internal_vip_addr: "{{ hashistack_external_vip_addr }}"
|
||||
|
||||
api_interface: "eth1"
|
||||
# api_interface_address: "{{ ansible_facts[api_interface]['ipv4']['address'] }}"
|
||||
|
||||
########################
|
||||
# external tls options #
|
||||
########################
|
||||
###################
|
||||
# logging options #
|
||||
###################
|
||||
|
||||
enable_tls_external: true
|
||||
# external_tls_externally_managed_certs: false
|
||||
enable_log_to_file: true
|
||||
|
||||
########################
|
||||
# internal tls options #
|
||||
@ -46,254 +34,65 @@ enable_tls_external: true
|
||||
|
||||
enable_tls_internal: true
|
||||
# internal_tls_externally_managed_certs: false
|
||||
|
||||
#####################################################
|
||||
# #
|
||||
##########
|
||||
# Consul #
|
||||
# #
|
||||
#####################################################
|
||||
##########
|
||||
|
||||
# consul_domain: consul
|
||||
# consul_datacenter: dc1
|
||||
# consul_primary_datacenter: dc1
|
||||
# consul_leave_on_terminate: true
|
||||
# consul_rejoin_after_leave: true
|
||||
# consul_enable_script_checks: true
|
||||
# consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
|
||||
# hashistack_consul_domain: consul
|
||||
# hashistack_consul_datacenter: dc1
|
||||
# hashistack_consul_primary_datacenter: "{{ consul_datacenter }}"
|
||||
# hashistack_consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}"
|
||||
# hashistack_consul_enable_script_checks: false
|
||||
|
||||
################################
|
||||
# consul address configuration #
|
||||
################################
|
||||
# hashistack_consul_extra_files_list: []
|
||||
# hashistack_consul_extra_configuration: {}
|
||||
|
||||
# consul_address_configuration:
|
||||
# # The address to which Consul will bind client interfaces,
|
||||
# # including the HTTP and DNS servers.
|
||||
# client_addr: "0.0.0.0"
|
||||
# # The address that should be bound to for internal cluster communications.
|
||||
# bind_addr: "{{ api_interface_address }}"
|
||||
# # The advertise address is used to change the address that we advertise to other nodes in the cluster.
|
||||
# advertise_addr: "{{ api_interface_address }}"
|
||||
# hashistack_consul_enable_tls: "{{ enable_tls_internal }}"
|
||||
|
||||
############################
|
||||
# consul ACL configuration #
|
||||
############################
|
||||
# hashistack_consul_log_level: info
|
||||
|
||||
# consul_acl_configuration:
|
||||
# enabled: true
|
||||
# default_policy: "deny" # can be allow or deny
|
||||
# enable_token_persistence: true
|
||||
|
||||
############################
|
||||
# consul DNS configuration #
|
||||
############################
|
||||
|
||||
# consul_dns_configuration:
|
||||
# allow_stale: true
|
||||
# enable_truncate: true
|
||||
# only_passing: true
|
||||
|
||||
###########################
|
||||
# consul ui configuration #
|
||||
###########################
|
||||
|
||||
# consul_ui_configuration:
|
||||
# enabled: "{{ 'consul_servers' in group_names }}"
|
||||
|
||||
#####################################
|
||||
# consul service mesh configuration #
|
||||
#####################################
|
||||
|
||||
# consul_mesh_configuration:
|
||||
# enabled: true
|
||||
|
||||
############################
|
||||
# consul tls configuration #
|
||||
############################
|
||||
|
||||
# consul_enable_tls: "{{ enable_tls_internal }}"
|
||||
# consul_tls_configuration:
|
||||
# defaults:
|
||||
# ca_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||
# cert_file: "{{ consul_certificates_directory }}/cert.pem"
|
||||
# key_file: "{{ consul_certificates_directory }}/key.pem"
|
||||
# verify_incoming: false
|
||||
# verify_outgoing: true
|
||||
# internal_rpc:
|
||||
# verify_server_hostname: true
|
||||
|
||||
############################
|
||||
# consul container volumes #
|
||||
############################
|
||||
|
||||
# extra_consul_container_volumes: []
|
||||
|
||||
##############################
|
||||
# consul extra configuration #
|
||||
##############################
|
||||
|
||||
# consul_extra_configuration: {}
|
||||
# consul_extra_files_list: []
|
||||
|
||||
#####################################################
|
||||
# #
|
||||
#########
|
||||
# Vault #
|
||||
# #
|
||||
#####################################################
|
||||
#########
|
||||
|
||||
# vault_cluster_name: vault
|
||||
# vault_enable_ui: true
|
||||
# vault_seal_configuration:
|
||||
# key_shares: 3
|
||||
# key_threshold: 2
|
||||
# hashistack_vault_cluster_name: vault
|
||||
# hashistack_vault_bind_addr: "0.0.0.0"
|
||||
# hashistack_vault_cluster_addr: "{{ api_interface_address }}"
|
||||
# hashistack_vault_enable_ui: true
|
||||
# hashistack_vault_disable_mlock: false
|
||||
# hashistack_vault_disable_cache: false
|
||||
|
||||
#################
|
||||
# vault storage #
|
||||
#################
|
||||
# hashistack_vault_extra_files_list: []
|
||||
# hashistack_vault_extra_configuration: {}
|
||||
|
||||
# vault_storage_configuration:
|
||||
# raft:
|
||||
# path: "{{ hashicorp_vault_data_dir }}/data"
|
||||
# node_id: "{{ ansible_hostname }}"
|
||||
# retry_join: |
|
||||
# [
|
||||
# {% for host in groups['vault_servers'] %}
|
||||
# {
|
||||
# 'leader_api_addr': '{{ "https" if vault_enable_tls else "http"}}://{{ hostvars[host].api_interface_address }}:8200'
|
||||
# }{% if not loop.last %},{% endif %}
|
||||
# {% endfor %}
|
||||
# ]
|
||||
# hashistack_vault_enable_tls: "{{ enable_tls_internal }}"
|
||||
|
||||
##################
|
||||
# vault listener #
|
||||
##################
|
||||
# hashistack_vault_enable_service_registration: "{{ enable_consul | bool }}"
|
||||
|
||||
# vault_enable_tls: "{{ enable_tls_internal }}"
|
||||
# vault_tls_verify: false
|
||||
# vault_listener_configuration:
|
||||
# tcp:
|
||||
# address: "0.0.0.0:8200"
|
||||
# tls_disable: true
|
||||
# hashistack_vault_enable_plugins: false
|
||||
|
||||
# vault_tls_listener_configuration:
|
||||
# tcp:
|
||||
# tls_disable: false
|
||||
# tls_cert_file: "{{ vault_certificates_directory }}/cert.pem"
|
||||
# tls_key_file: "{{ vault_certificates_directory }}/key.pem"
|
||||
# tls_disable_client_certs: true
|
||||
# hashistack_vault_log_level: info
|
||||
|
||||
# vault_extra_listener_configuration: {}
|
||||
|
||||
########################
|
||||
# service registration #
|
||||
########################
|
||||
|
||||
# vault_enable_service_registration: false
|
||||
# vault_service_registration_configuration:
|
||||
# consul:
|
||||
# address: "127.0.0.1:8500"
|
||||
# scheme: "http"
|
||||
# token: ""
|
||||
|
||||
#################
|
||||
# vault plugins #
|
||||
#################
|
||||
|
||||
# vault_enable_plugins: false
|
||||
|
||||
###########
|
||||
# logging #
|
||||
###########
|
||||
|
||||
# vault_enable_log_to_file: false
|
||||
# vault_logging_configuration:
|
||||
# log_level: info
|
||||
# log_format: standard
|
||||
# log_rotate_duration: 24h
|
||||
# log_rotate_max_files: 30
|
||||
|
||||
###########################
|
||||
# vault container volumes #
|
||||
###########################
|
||||
|
||||
# extra_vault_container_volumes: []
|
||||
|
||||
#############################
|
||||
# vault extra configuration #
|
||||
#############################
|
||||
|
||||
# vault_extra_configuration: {}
|
||||
# vault_extra_files_list: []
|
||||
|
||||
#####################################################
|
||||
# #
|
||||
#########
|
||||
# Nomad #
|
||||
# #
|
||||
#####################################################
|
||||
#########
|
||||
|
||||
# nomad_datacenter: dc1
|
||||
# nomad_region: global
|
||||
# hashistack_nomad_region: global
|
||||
# hashistack_nomad_datacenter: dc1
|
||||
|
||||
###########################
|
||||
# nomad ACL configuration #
|
||||
###########################
|
||||
# hashistack_nomad_extra_files_list: []
|
||||
# hashistack_nomad_extra_configuration: {}
|
||||
|
||||
# nomad_acl_configuration:
|
||||
# enabled: true
|
||||
# token_ttl: 30s
|
||||
# policy_ttl: 60s
|
||||
# role_ttl: 60s
|
||||
# hashistack_nomad_autopilot_configuration: {}
|
||||
|
||||
############################
|
||||
# nomad consul integration #
|
||||
############################
|
||||
# hashistack_nomad_driver_enable_docker: true
|
||||
# hashistack_nomad_driver_enable_podman: false
|
||||
# hashistack_nomad_driver_enable_raw_exec: false
|
||||
# hashistack_nomad_driver_enable_java: false
|
||||
# hashistack_nomad_driver_enable_qemu: false
|
||||
|
||||
# nomad_enable_consul_integration: "{{ enable_consul | bool }}"
|
||||
# nomad_consul_integration_configuration:
|
||||
# address: "127.0.0.1:{{ hashicorp_consul_configuration.ports.https if consul_enable_tls else hashicorp_consul_configuration.ports.http }}"
|
||||
# auto_advertise: true
|
||||
# ssl: "{{ consul_enable_tls | bool }}"
|
||||
# token: "{{ _credentials.consul.tokens.nomad.server.secret_id if nomad_enable_server else _credentials.consul.tokens.nomad.client.secret_id}}"
|
||||
# tags: []
|
||||
# hashistack_nomad_driver_configuration: {}
|
||||
|
||||
############################
|
||||
# nomad vault integration #
|
||||
############################
|
||||
# hashistack_nomad_log_level: info
|
||||
|
||||
# nomad_enable_vault_integration: false
|
||||
# nomad_vault_integration_configuration: {}
|
||||
|
||||
###############################
|
||||
# nomad drivers configuration #
|
||||
###############################
|
||||
|
||||
# nomad_driver_enable_docker: yes
|
||||
# nomad_driver_enable_podman: no
|
||||
# nomad_driver_enable_raw_exec: no
|
||||
# nomad_driver_enable_java: no
|
||||
# nomad_driver_enable_qemu: no
|
||||
|
||||
# nomad_driver_extra_configuration: {}
|
||||
|
||||
######################
|
||||
# nomad internal tls #
|
||||
######################
|
||||
|
||||
# nomad_enable_tls: "{{ enable_tls_internal }}"
|
||||
# nomad_tls_configuration:
|
||||
# http: true
|
||||
# rpc: true
|
||||
# ca_file: "/etc/ssl/certs/ca-certificates.crt"
|
||||
# cert_file: "{{ nomad_certificates_directory }}/cert.pem"
|
||||
# key_file: "{{ nomad_certificates_directory }}/key.pem"
|
||||
# verify_server_hostname: true
|
||||
# nomad_certificates_directory: "{{ hashicorp_nomad_config_dir }}/tls"
|
||||
# nomad_certificates_extra_files_dir:
|
||||
# - src: "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}"
|
||||
# dest: "{{ nomad_certificates_directory }}"
|
||||
|
||||
#############################
|
||||
# nomad extra configuration #
|
||||
#############################
|
||||
|
||||
# nomad_extra_configuration: {}
|
||||
# nomad_extra_files_list: []
|
||||
# hashistack_nomad_enable_tls: "{{ enable_tls_internal }}"
|
||||
|
Loading…
Reference in New Issue
Block a user