74 lines
2.5 KiB
Django/Jinja
74 lines
2.5 KiB
Django/Jinja
cluster_name = "{{ vault_conf.cluster_name }}"
|
|
|
|
log_level = "{{ vault_conf.log_level }}"
|
|
log_format = "{{ vault_conf.log_format }}"
|
|
|
|
plugin_directory = "{{ vault_conf.plugin_directory }}"
|
|
plugin_file_uid = {{ vault_conf.plugin_file_uid }}
|
|
|
|
disable_mlock = {{ vault_conf.disable_mlock | ternary('true', 'false') }}
|
|
|
|
{% for listener in vault_conf.listeners %}
|
|
listener "tcp" {
|
|
address = "{{ listener.address }}"
|
|
cluster_address = "{{ listener.cluster_address }}"
|
|
tls_cert_file = "{{ listener.tls_cert_file }}"
|
|
tls_key_file = "{{ listener.tls_key_file }}"
|
|
{% if listener.x_forwarded_for_authorized_addrs | length > 0 %}
|
|
x_forwarded_for_authorized_addrs = "{{ listener.x_forwarded_for_authorized_addrs | join(',') }}"
|
|
x_forwarded_for_reject_not_present = {{ listener.x_forwarded_for_reject_not_present | ternary('true', 'false') }}
|
|
{% endif %}
|
|
{% if listener.telemetry.unauthenticated_metrics_access %}
|
|
telemetry {
|
|
unauthenticated_metrics_access = true
|
|
}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
|
|
api_addr = "{{ vault_conf.api_addr }}"
|
|
cluster_addr = "{{ vault_conf.cluster_addr }}"
|
|
|
|
storage "raft" {
|
|
path = "{{ vault_conf.storage.raft.path }}"
|
|
node_id = "{{ vault_conf.storage.raft.node_id }}"
|
|
performance_multiplier = {{ vault_conf.storage.raft.performance_multiplier }}
|
|
{% if vault_conf.storage.raft.retry_join | length > 0 %}
|
|
{% for server in vault_conf.storage.raft.retry_join %}
|
|
{% if server.leader_api_addr is defined and server.leader_api_addr != vault_conf.api_addr %}
|
|
retry_join {
|
|
{% for key in server.keys() | list %}
|
|
{{ key }} = "{{ server[key] }}"
|
|
{% endfor %}
|
|
}
|
|
{% else %}
|
|
# Skipping {{ server.leader_api_addr }} as it's ourself
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
|
|
{% if vault_conf.service_registration is defined %}
|
|
service_registration "consul" {
|
|
{% for key in ['address', 'service', 'token', 'tls_ca_file', 'tls_cert_file', 'tls_key_file'] %}
|
|
{% if vault_conf.service_registration[key] is defined %}
|
|
{{ key }} = "{{ vault_conf.service_registration[key] }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% if vault_conf.service_registration.service_tags is defined %}
|
|
service_tags = "{{ vault_conf.service_registration.service_tags | join(',') }}"
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
|
|
ui = {{ vault_conf.ui | ternary('true', 'false') }}
|
|
|
|
telemetry {
|
|
{% for key in ['prometheus_retention_time'] %}
|
|
{{ key }} = "{{ vault_conf.telemetry[key] }}"
|
|
{% endfor %}
|
|
{% for key in ['disable_hostname', 'enable_hostname_label'] %}
|
|
{{ key }} = {{ vault_conf.telemetry[key] | ternary('true', 'false') }}
|
|
{% endfor %}
|
|
}
|