Skip to content

feat: add additional TCP localhost listener and leader_ca #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jun 9, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion galaxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ namespace: stackhpc
name: hashicorp
description: >
Hashicorp Vault/Consul deployment and configuration
version: "2.7.0"
version: "2.7.1"
readme: "README.md"
authors:
- "Michał Nasiadka"
Expand Down
1 change: 1 addition & 0 deletions roles/openbao/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ Role variables
* `openbao_ca_cert`: Path to CA certificate used to verify OpenBao server TLS cert
* `openbao_tls_key`: Path to TLS key to use by OpenBao
* `openbao_tls_cert`: Path to TLS cert to use by OpenBao
* `openbao_tls_ca`: Path to TLS CA certificate that can be used by peers to validate the leaders TLS
* `openbao_log_keys`: Whether to log the root token and unseal keys in the Ansible output. Default `false`
* `openbao_set_keys_fact`: Whether to set a `openbao_keys` fact containing the root token and unseal keys. Default `false`
* `openbao_write_keys_file`: Whether to write the root token and unseal keys to a file. Default `false`
Expand Down
12 changes: 11 additions & 1 deletion roles/openbao/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ openbao_cluster_name: ""

openbao_tls_key: ""
openbao_tls_cert: ""
openbao_tls_ca: ""

openbao_protocol: "{{ 'https' if openbao_tls_key and openbao_tls_cert else 'http' }}"

Expand Down Expand Up @@ -44,15 +45,24 @@ openbao_config: >
{% else %}
"tls_disable": "true"
{% endif %}
}{% if not openbao_bind_addr.startswith('127.') %},
},
{
"tcp": {
"address": "127.0.0.1:8200",
"tls_disable": "true"
}
{% endif %}
}],
"storage": {
"raft": {
"node_id": "raft_{{ inventory_hostname }}",
"path": "/openbao/file",
{% if openbao_raft_leaders | length > 0 %}
"retry_join": {
"leader_api_addr": "{{ openbao_protocol }}://{{ openbao_raft_leaders | first }}:{{ openbao_api_port }}"
"leader_api_addr": "{{ openbao_protocol }}://{{ openbao_raft_leaders | first }}:{{ openbao_api_port }}"{% if openbao_tls_ca %},
"leader_ca_cert_file": "/openbao/config/{{ openbao_tls_ca }}"
{% endif %}
}
{% endif %}
}
Expand Down
Loading