From 16629d0b8e7838a39c8f473d5d148242ac5590c3 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Wed, 31 Jan 2018 20:26:19 +0300
Subject: [PATCH] Vault should use cert auth for etcd

---
 roles/vault/defaults/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
index 3e41cb00c..0640fddc2 100644
--- a/roles/vault/defaults/main.yml
+++ b/roles/vault/defaults/main.yml
@@ -66,6 +66,8 @@ vault_config:
       ha_enabled: "true"
       redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
       tls_ca_file: "{{ vault_etcd_cert_dir }}/ca.pem"
+      tls_cert_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}.pem"
+      tls_key_file: "{{ vault_etcd_cert_dir}}/node-{{ inventory_hostname }}-key.pem"
   cluster_name: "kubernetes-vault"
   default_lease_ttl: "{{ vault_default_lease_ttl }}"
   max_lease_ttl: "{{ vault_max_lease_ttl }}"
-- 
GitLab