the security-setup script

The security-setup script is located in the root of the project. It will set up authentication and authorization for you, as described in the component documentation. When components are updated, you can run it again, as many times as you want. It will only set the variables it needs to.

After you’ve set up security with the script, you can include it in your playbook runs by specifying the -e or --extra-vars option, like so:

ansible-playbook --extra-vars=@security.yml your_playbook.yml


If not present, security-setup will create a root CA to generate certificates from. If you want to use your own CA, add the key in ssl/private/cakey.pem and the cert in ssl/cacert.pem.

If you have your own (self)signed certificates, you can put them in ssl/private/your.key.pem and ssl/certs/your.cert.pem. Just override the locations the script generates (for example the consul key and cert would be ssl/private/consul.key.pem and ssl/certs/consul.cert.pem, respectively) and they’ll be used instead of the generated files, and not overridden.

In the event that you need to regenerate a certificate, rename or delete the appropriate CSR and certificate from the certs folder and the private component in private and re-run security-setup.


Run security-setup --help to see a list of options with their default values. Options like --mesos take a boolean argument. You can use the following values in these options:

Value Interpreted as
t True
T True
1 True
True True
true True
f False
F False
0 False
False False
false False