feat: add node_token to agent config

- move policy rules to hiera array[hash]
- add node_token to agent as the default token
This commit is contained in:
2024-04-28 14:52:38 +10:00
parent 199e35840f
commit 8df927de18
3 changed files with 28 additions and 15 deletions
+14
View File
@@ -72,6 +72,9 @@ lookup_options:
consul::check:
merge:
strategy: deep
profiles::consul::client::node_rules:
merge:
strategy: deep
facts_path: '/opt/puppetlabs/facter/facts.d'
@@ -96,6 +99,17 @@ profiles::consul::server::members_role: roles::infra::storage::consul
profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc'
profiles::consul::client::members_lookup: true
profiles::consul::client::members_role: roles::infra::storage::consul
profiles::consul::client::node_rules:
- resource: node
segment: "%{facts.networking.hostname}"
disposition: write
- resource: node
segment: "%{facts.networking.fqdn}"
disposition: write
- resource: node
segment: ''
disposition: read
profiles::packages::install:
- bash-completion
@@ -6,13 +6,17 @@ consul::services:
tags:
- 'https'
- 'secure'
address: "%{facts.networking.ip}" # Dynamically set from the networking facts
address: "%{facts.networking.ip}"
port: 443
checks:
- check_id: 'vault_https_check'
- id: 'vault_https_check'
name: 'Vault HTTPS Check'
http: "https://%{facts.networking.fqdn}:443/v1/sys/health"
method: 'GET'
tls_skip_verify: true # Set to false in production for security
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: vault
disposition: write