commit 2b68f292a1e5417114be5e8e77b85312afd3f17b parent c22987936ec0608871d96470d5e2396ff9a0110d Author: Andreas Gruhler <andreas.gruhler@adfinis.com> Date: Thu, 30 Mar 2023 20:24:02 +0200 feat: go-sockaddr template for ha advertise addrs Diffstat:
| M | vault.sh | | | 11 | ++++++++--- |
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/vault.sh b/vault.sh @@ -85,11 +85,16 @@ listener "tcp" { # # https://www.vaultproject.io/docs/configuration#high-availability-parameters # https://www.vaultproject.io/docs/concepts/ha#client-redirection - +# +# This uses a go-sockaddr template to fetch the actual ip for an interface. +# This is the address registered in the Consul service. If this is not an ip +# here, requests to the Consul DNS will also not return an A record (only +# CNAME). This leads to problems with Haproxy server-template. +# # API_ADDR for client redirection (fallback, if request forwarding is disabled) -api_addr = "https://$HOSTNAME:8200" +api_addr = "https://{{GetInterfaceIP \"eth0\"}}:8200" # CLUSTER_ADDR: Vault listens for server-to-server cluster requests -cluster_addr = "https://$HOSTNAME:8201" +cluster_addr = "https://{{GetInterfaceIP \"eth0\"}}:8201" storage "consul" { address = "https://127.0.0.1:8501"