Allow to configure communication from Nomad to Consul over TLS (#129)

- Add TLS related variables to defaults/main.yml
- Update base template
- Update REAME.md with new variables

Author: DaazKu

README.md

@@ -505,6 +505,26 @@ in many Ansible versions, so this feature might not always work.
 - Token to use for consul interaction
 - Default value: **""**
 
+### `nomad_consul_ssl`
+
+- Communicate with Consul over TLS
+- Default value: **false**
+
+### `nomad_consul_ca_file`
+
+- CA certificate used for Consul communication
+- Default value: **""**
+
+### `nomad_consul_cert_file`
+
+- Certificate used for Consul communication. Must also specify `nomad_consul_key_file`.
+- Default value: **""**
+
+### `nomad_consul_key_file`
+
+- Private key used for Consul communication.
+- Default value: **""**
+
 ### `nomad_bootstrap_expect`
 
 - Specifies the number of server nodes to wait for before bootstrapping.

defaults/main.yml

@@ -161,6 +161,10 @@ nomad_consul_token: ""
 nomad_consul_servers_service_name: "nomad-servers"
 nomad_consul_clients_service_name: "nomad-clients"
 nomad_consul_tags: {}
+nomad_consul_ssl: false
+nomad_consul_ca_file: ""
+nomad_consul_cert_file: ""
+nomad_consul_key_file: ""
 
 ### ACLs
 nomad_acl_enabled: "{{ lookup('env', 'NOMAD_ACL_ENABLED') | default('no', true) }}"

templates/base.hcl.j2

@@ -38,6 +38,12 @@ consul {
     # Enabling the server and client to bootstrap using Consul.
     server_auto_join = true
     client_auto_join = true
+
+    # Nomad to Consul TLS configuration
+    ssl = {{ nomad_consul_ssl | bool | lower }}
+    ca_file = "{{ nomad_consul_ca_file }}"
+    cert_file = "{{ nomad_consul_cert_file }}"
+    key_file = "{{ nomad_consul_key_file }}"
 }
 {% endif %}