---
#####################################################
#                                                   #
#                Editable                           #
#                                                   #
#####################################################

consul_domain: consul
consul_datacenter: dc1
consul_primary_datacenter: dc1
consul_leave_on_terminate: true
consul_rejoin_after_leave: true
consul_enable_script_checks: true
consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"

################################
# consul address configuration #
################################

consul_address_configuration:
  # The address to which Consul will bind client interfaces,
  # including the HTTP and DNS servers.
  client_addr: "0.0.0.0"
  # The address that should be bound to for internal cluster communications.
  bind_addr: "{{ api_interface_address }}"
  # The advertise address is used to change the address that we advertise to other nodes in the cluster.
  advertise_addr: "{{ api_interface_address }}"

############################
# consul ACL configuration #
############################

consul_acl_configuration:
  enabled: true
  default_policy: "deny" # can be allow or deny
  enable_token_persistence: true

############################
# consul DNS configuration #
############################

consul_dns_configuration:
  allow_stale: true
  enable_truncate: true
  only_passing: true

###########################
# consul ui configuration #
###########################

consul_ui_configuration:
  enabled: "{{ 'consul_servers' in group_names }}"

#####################################
# consul service mesh configuration #
#####################################

consul_mesh_configuration:
  enabled: true

#######################
# extra configuration #
#######################

consul_extra_configuration: {}

#####################################################
#                                                   #
#                Non-Editable                       #
#                                                   #
#####################################################

##########################
# consul haproxy backend #
##########################

consul_haproxy_frontends:
  - name: consul_external
    options:
      - description consul external http frontend
      - mode http
      - bind :80
      - acl is_consul hdr(host) -i {{ consul_fqdn }}
      - use_backend consul_external if is_consul

consul_haproxy_backends:
  - name: consul_external
    options: "{{ consul_external_backend_options + consul_external_backend_servers }}"

consul_external_backend_options:
  - description consul external http backend
  - option forwardfor
  - option httpchk
  - http-check send meth GET uri /

consul_external_backend_servers: |
  [
    {% for host in groups['consul_servers'] %}
      'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.http }} check inter 5s'{% if not loop.last %},{% endif %}
    {% endfor %}
  ]

############################
# consul ACL configuration #
############################

consul_default_agent_policy: |
  agent_prefix "" {
    policy = "write"
  }
  node_prefix "" {
    policy = "write"
  }
  service_prefix "" {
    policy = "read"
  }

#########################
# consul role variables #
#########################

hashi_consul_start_service: true
hashi_consul_version: "{{ consul_versions[deployment_method] }}"
hashi_consul_deploy_method: "{{ deployment_method }}"
hashi_consul_env_variables: {}
hashi_cosul_config_dir: "/etc/consul.d"
hashi_consul_data_dir: "/opt/consul"
hashi_consul_extra_files: false
hashi_consul_extra_files_src: "{{ sub_configuration_directories.consul_servers }}/config"
hashi_consul_extra_files_dst: "{{ hashi_consul_config_dir }}/config"
hashi_consul_envoy_install: false
hashi_consul_envoy_version: v1.27.2
hashi_consul_configuration:
  domain: "{{ consul_domain }}"
  datacenter: "{{ consul_datacenter }}"
  primary_datacenter: "{{ consul_primary_datacenter }}"
  data_dir: "{{ hashi_consul_data_dir }}"
  encrypt: "{{ consul_gossip_encryption_key }}"
  server: "{{ 'consul_servers' in group_names }}"
  retry_join: "{{
    groups['consul_servers'] |
    map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
    list |
    to_json |
    from_json
    }}"
  ui_config: "{{ consul_ui_configuration }}"
  connect: "{{ consul_mesh_configuration }}"
  leave_on_terminate: "{{ consul_leave_on_terminate }}"
  rejoin_after_leave: "{{ consul_rejoin_after_leave }}"
  enable_script_checks: "{{ consul_enable_script_checks }}"
  enable_syslog: "{{ deployment_method == 'host' }}"
  log_level: INFO
  acl: "{{ consul_acl_configuration }}"
  dns_config: "{{ consul_dns_configuration }}"
  ports:
    dns: 8600
    http: 8500
    https: -1
    grpc: 8502
    grpc_tls: 8503
    server: 8300
    serf_lan: 8301
    serf_wan: 8302
    sidecar_min_port: 21000
    sidecar_max_port: 21255
    expose_min_port: 21500
    expose_max_port: 21755

# this is used to circumvent jinja limitation to convert string to integer
hashi_consul_configuration_string: |
  bootstrap_expect: {{ (groups['consul_servers'] | length) }}