From 0d2d46f4371a424b3e7c476a472d1dcc098b36d7 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Wed, 24 Aug 2022 18:19:04 +0200
Subject: [PATCH] skip consul tls verify for diplonat and tricot (should be
 reverted?)

---
 cluster/prod/app/core/deploy/core.hcl                | 4 ++--
 cluster/prod/app/frontend/deploy/frontend-tricot.hcl | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cluster/prod/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl
index b87f15d..b2acb43 100644
--- a/cluster/prod/app/core/deploy/core.hcl
+++ b/cluster/prod/app/core/deploy/core.hcl
@@ -18,7 +18,7 @@ job "core" {
       driver = "docker"
 
       config {
-        image = "lxpz/amd64_diplonat:3"
+        image = "lxpz/amd64_diplonat:4"
         network_mode = "host"
         readonly_rootfs = true
         volumes = [
@@ -54,7 +54,7 @@ DIPLONAT_REFRESH_TIME=60
 DIPLONAT_EXPIRATION_TIME=300
 DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
 DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
-DIPLONAT_CONSUL_CA_CERT=/etc/diplonat/consul.crt
+DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
 DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
 DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
 RUST_LOG=debug
diff --git a/cluster/prod/app/frontend/deploy/frontend-tricot.hcl b/cluster/prod/app/frontend/deploy/frontend-tricot.hcl
index 904e9fb..fcc7c46 100644
--- a/cluster/prod/app/frontend/deploy/frontend-tricot.hcl
+++ b/cluster/prod/app/frontend/deploy/frontend-tricot.hcl
@@ -19,7 +19,7 @@ job "frontend" {
       driver = "docker"
 
       config {
-        image = "lxpz/amd64_tricot:41"
+        image = "lxpz/amd64_tricot:42"
         network_mode = "host"
         readonly_rootfs = true
         ports = [ "http_port", "https_port" ]
@@ -41,8 +41,8 @@ job "frontend" {
       }
 
       template {
-        data = "{{ key \"secrets/consul/consul.crt\" }}"
-        destination = "secrets/consul.crt"
+        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
+        destination = "secrets/consul-ca.crt"
       }
 
       template {
@@ -61,7 +61,7 @@ TRICOT_NODE_NAME={{ env "attr.unique.consul.name" }}
 TRICOT_LETSENCRYPT_EMAIL=alex@adnab.me
 TRICOT_ENABLE_COMPRESSION=true
 TRICOT_CONSUL_HOST=https://consul.service.prod.consul:8501
-TRICOT_CONSUL_CA_CERT=/etc/tricot/consul.crt
+TRICOT_CONSUL_TLS_SKIP_VERIFY=true
 TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
 TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
 TRICOT_HTTP_BIND_ADDR=[::]:80