18 lines
459 B
Plaintext
18 lines
459 B
Plaintext
|
#!/bin/sh
|
||
|
|
||
|
set -e
|
||
|
|
||
|
[[- $c := merge .elasticsearch.server .elasticsearch .]]
|
||
|
[[ template "common/vault.mkpki.sh.tpl" $c ]]
|
||
|
|
||
|
vault write [[ $c.vault.pki.path ]]/roles/server \
|
||
|
allowed_domains="[[ .instance ]][[ .consul.suffix ]].service.[[ .consul.domain ]]" \
|
||
|
allow_bare_domains=true \
|
||
|
allow_subdomains=true \
|
||
|
allow_localhost=false \
|
||
|
allow_ip_sans=true \
|
||
|
server_flag=true \
|
||
|
client_flag=true \
|
||
|
allow_wildcard_certificates=false \
|
||
|
max_ttl=720h
|