hashipi

Raspberry Pi Test Cluster for HashiCorp Vault, Nomad and Consul
git clone https://git.in0rdr.ch/hashipi.git
Log | Files | Refs | README

commit 39dfc081645856cb82bb8d7ad111b3bb7daf032f
parent e0429a3c255a93e80050bea832b2a84a359eed7a
Author: Andreas Gruhler <agruhl@gmx.ch>
Date:   Sat, 18 Feb 2023 22:13:46 +0100

feat(consul): fix deprecated tls options

Diffstat:
Mconsul.sh | 32++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/consul.sh b/consul.sh @@ -77,18 +77,26 @@ cat << EOF > /etc/consul.d/server.hcl server = true bootstrap_expect = 3 -# Auto-encrypt RPC - -# "verify rpc only", because ui=true -ui = true -verify_incoming = false -verify_incoming_rpc = true -verify_outgoing = true -verify_server_hostname = true - -ca_file = "/opt/consul/tls/consul-agent-ca.pem" -cert_file = "/opt/consul/tls/dc1-server-consul.pem" -key_file = "/opt/consul/tls/dc1-server-consul-key.pem" +ui_config { + enabled = true +} + +tls { + defaults { + verify_incoming = false + verify_outgoing = true + ca_file = "/opt/consul/tls/consul-agent-ca.pem" + cert_file = "/opt/consul/tls/dc1-server-consul.pem" + key_file = "/opt/consul/tls/dc1-server-consul-key.pem" + } + + # Auto-encrypt RPC + # "verify rpc only", because ui enabled + internal_rpc { + verify_incoming = true + verify_server_hostname = true + } +} EOF # Configure systemd service unit