45 lines
885 B
Django/Jinja
45 lines
885 B
Django/Jinja
# Vault Configuration for {{ inventory_hostname }}
|
|
|
|
# Storage backend - Consul
|
|
storage "consul" {
|
|
address = "127.0.0.1:8500"
|
|
path = "vault/"
|
|
|
|
# Consul datacenter
|
|
datacenter = "{{ vault_datacenter }}"
|
|
|
|
# Service registration
|
|
service = "vault"
|
|
service_tags = "vault-server"
|
|
|
|
# Session TTL
|
|
session_ttl = "15s"
|
|
lock_wait_time = "15s"
|
|
}
|
|
|
|
# Listener configuration
|
|
listener "tcp" {
|
|
address = "0.0.0.0:8200"
|
|
tls_disable = 1
|
|
}
|
|
|
|
# API address - 使用Tailscale网络地址
|
|
api_addr = "http://{{ ansible_host }}:8200"
|
|
|
|
# Cluster address - 使用Tailscale网络地址
|
|
cluster_addr = "http://{{ ansible_host }}:8201"
|
|
|
|
# UI
|
|
ui = true
|
|
|
|
# Cluster name
|
|
cluster_name = "{{ vault_cluster_name }}"
|
|
|
|
# Disable mlock for development (remove in production)
|
|
disable_mlock = true
|
|
|
|
# Log level
|
|
log_level = "INFO"
|
|
|
|
# Plugin directory
|
|
plugin_directory = "/opt/vault/plugins" |