feat: add node_token to agent config
- move policy rules to hiera array[hash] - add node_token to agent as the default token
This commit is contained in:
@@ -72,6 +72,9 @@ lookup_options:
|
||||
consul::check:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::consul::client::node_rules:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
@@ -96,6 +99,17 @@ profiles::consul::server::members_role: roles::infra::storage::consul
|
||||
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
|
||||
profiles::consul::client::members_lookup: true
|
||||
profiles::consul::client::members_role: roles::infra::storage::consul
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: node
|
||||
segment: "%{facts.networking.hostname}"
|
||||
disposition: write
|
||||
- resource: node
|
||||
segment: "%{facts.networking.fqdn}"
|
||||
disposition: write
|
||||
- resource: node
|
||||
segment: ''
|
||||
disposition: read
|
||||
|
||||
|
||||
profiles::packages::install:
|
||||
- bash-completion
|
||||
|
||||
@@ -6,13 +6,17 @@ consul::services:
|
||||
tags:
|
||||
- 'https'
|
||||
- 'secure'
|
||||
address: "%{facts.networking.ip}" # Dynamically set from the networking facts
|
||||
address: "%{facts.networking.ip}"
|
||||
port: 443
|
||||
checks:
|
||||
- check_id: 'vault_https_check'
|
||||
- id: 'vault_https_check'
|
||||
name: 'Vault HTTPS Check'
|
||||
http: "https://%{facts.networking.fqdn}:443/v1/sys/health"
|
||||
method: 'GET'
|
||||
tls_skip_verify: true # Set to false in production for security
|
||||
tls_skip_verify: true
|
||||
interval: '10s'
|
||||
timeout: '1s'
|
||||
profiles::consul::client::node_rules:
|
||||
- resource: service
|
||||
segment: vault
|
||||
disposition: write
|
||||
|
||||
Reference in New Issue
Block a user