ansible-vault
ansible-vault copied to clipboard
TLS for Vault clients, but mTLS for Raft backend?
Howdy. If I'm reading the code correctly in /templates/vault_backend_raft.j2
, when you set "vault_tls_disable: false", and specify the TLS certificate files for API client communication, and Integrated Storage (Raft) is also configured, the role will populate the leader_*_cert_file
in the retry_join
stanzas, thereby disabling Raft node-to-node mTLS. Is this correct? And, if so, is there a way to avoid this cleanly? Thanks in advance.
Thanks for this role! It's very functional, and gets us very far along in configuring Vault.