hashipi

Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
git clone https://git.in0rdr.ch/hashipi.git
Log | Files | Refs | README

commit 2b68f292a1e5417114be5e8e77b85312afd3f17b
parent c22987936ec0608871d96470d5e2396ff9a0110d
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Thu, 30 Mar 2023 20:24:02 +0200

feat: go-sockaddr template for ha advertise addrs

Diffstat:
Mvault.sh | 11++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/vault.sh b/vault.sh @@ -85,11 +85,16 @@ listener "tcp" { # # https://www.vaultproject.io/docs/configuration#high-availability-parameters # https://www.vaultproject.io/docs/concepts/ha#client-redirection - +# +# This uses a go-sockaddr template to fetch the actual ip for an interface. +# This is the address registered in the Consul service. If this is not an ip +# here, requests to the Consul DNS will also not return an A record (only +# CNAME). This leads to problems with Haproxy server-template. +# # API_ADDR for client redirection (fallback, if request forwarding is disabled) -api_addr = "https://$HOSTNAME:8200" +api_addr = "https://{{GetInterfaceIP \"eth0\"}}:8200" # CLUSTER_ADDR: Vault listens for server-to-server cluster requests -cluster_addr = "https://$HOSTNAME:8201" +cluster_addr = "https://{{GetInterfaceIP \"eth0\"}}:8201" storage "consul" { address = "https://127.0.0.1:8501"