Skip to content

feat: add additional TCP localhost listener and leader_ca #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Jun 9, 2025
Merged

feat: add additional TCP localhost listener and leader_ca #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
80f6eb3
feat: update `galaxy.yml` version to `2.7.1`
jackhodgkiss Jun 9, 2025
c2ce6bd
feat: update `galaxy.yml` version to `2.7.0`
jackhodgkiss May 14, 2025
df62192
feat: add additional `TCP` localhost listener
jackhodgkiss Jun 7, 2025
9377fd7
feat: add support for setting `leader_ca_cert_file`
jackhodgkiss Jun 7, 2025
28a6882
Merge branch 'openbao-localhost-fix' into bump-version
jackhodgkiss Jun 9, 2025
3a5961e
Merge pull request #83 from stackhpc/bump-version
jackhodgkiss Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion galaxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ namespace: stackhpc
name: hashicorp
description: >
Hashicorp Vault/Consul deployment and configuration
version: "2.7.0"
version: "2.7.1"
readme: "README.md"
authors:
- "Michał Nasiadka"
Expand Down
1 change: 1 addition & 0 deletions roles/openbao/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ Role variables
* `openbao_ca_cert`: Path to CA certificate used to verify OpenBao server TLS cert
* `openbao_tls_key`: Path to TLS key to use by OpenBao
* `openbao_tls_cert`: Path to TLS cert to use by OpenBao
* `openbao_tls_ca`: Path to TLS CA certificate that can be used by peers to validate the leaders TLS
* `openbao_log_keys`: Whether to log the root token and unseal keys in the Ansible output. Default `false`
* `openbao_set_keys_fact`: Whether to set a `openbao_keys` fact containing the root token and unseal keys. Default `false`
* `openbao_write_keys_file`: Whether to write the root token and unseal keys to a file. Default `false`
Expand Down
12 changes: 11 additions & 1 deletion roles/openbao/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ openbao_cluster_name: ""

openbao_tls_key: ""
openbao_tls_cert: ""
openbao_tls_ca: ""

openbao_protocol: "{{ 'https' if openbao_tls_key and openbao_tls_cert else 'http' }}"

Expand Down Expand Up @@ -44,15 +45,24 @@ openbao_config: >
{% else %}
"tls_disable": "true"
{% endif %}
}{% if not openbao_bind_addr.startswith('127.') %},
},
{
"tcp": {
"address": "127.0.0.1:8200",
"tls_disable": "true"
}
{% endif %}
}],
"storage": {
"raft": {
"node_id": "raft_{{ inventory_hostname }}",
"path": "/openbao/file",
{% if openbao_raft_leaders | length > 0 %}
"retry_join": {
"leader_api_addr": "{{ openbao_protocol }}://{{ openbao_raft_leaders | first }}:{{ openbao_api_port }}"
"leader_api_addr": "{{ openbao_protocol }}://{{ openbao_raft_leaders | first }}:{{ openbao_api_port }}"{% if openbao_tls_ca %},
"leader_ca_cert_file": "/openbao/config/{{ openbao_tls_ca }}"
{% endif %}
}
{% endif %}
}
Expand Down
Loading