--- consul_init_server: "{{ (inventory_hostname == groups['consul_servers'][0]) | bool }}" ##################### # consul api config # ##################### consul_api_addr: "{{ consul_api_scheme }}://{{ api_interface_address }}:{{ consul_api_port[consul_api_scheme] }}" consul_api_scheme: "{{ 'https' if consul_enable_tls else 'http' }}" consul_api_port: http: 8500 https: 8501 consul_grpc_port: http: 8502 https: 8503 ########## # Consul # ########## consul_config_dir: "{{ hashistack_remote_config_dir }}/consul.d" consul_data_dir: "/opt/consul" consul_certs_dir: "{{ consul_config_dir }}/tls" consul_logs_dir: "{{ hashistack_remote_log_dir }}/consul" consul_envoy_install: false consul_envoy_version: latest consul_extra_files: true # consul_extra_files_list: [] consul_env_variables: {} ####################### # extra configuration # ####################### # You should prioritize adding configuration # to the configuration entries below, this # option should be used to add pieces of configuration not # available through standard variables. # consul_extra_configuration: {} ########### # general # ########### # consul_domain: consul # consul_datacenter: dc1 # consul_primary_datacenter: "{{ consul_datacenter }}" # consul_gossip_encryption_key: "{{ _credentials.consul.gossip_encryption_key }}" # consul_enable_script_checks: false ####################### # leave configuration # ####################### consul_leave_on_terminate: true consul_rejoin_after_leave: true ###################### # join configuration # ###################### consul_join_configuration: retry_join: | {{ groups['consul_servers'] | map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) | list | to_json | from_json }} retry_interval: 30s retry_max: 0 ######################## # server configuration # ######################## consul_enable_server: "{{ 'consul_servers' in group_names }}" consul_bootstrap_expect: "{{ (groups['consul_servers'] | length) }}" #################### # ui configuration # #################### consul_ui_configuration: enabled: "{{ consul_enable_server }}" ######################### # address configuration # ######################### consul_bind_addr: "0.0.0.0" consul_advertise_addr: "{{ api_interface_address }}" consul_address_configuration: client_addr: "{{ consul_bind_addr }}" bind_addr: "{{ consul_advertise_addr }}" advertise_addr: "{{ consul_advertise_addr }}" ##################### # ACL configuration # ##################### consul_acl_configuration: enabled: true default_policy: "deny" enable_token_persistence: true tokens: agent: "{{ _credentials.consul.tokens.agent.secret_id }}" consul_default_agent_policy: | node_prefix "" { policy = "write" } service_prefix "" { policy = "read" } ############################## # service mesh configuration # ############################## consul_mesh_configuration: enabled: true ##################### # DNS configuration # ##################### consul_dns_configuration: allow_stale: true enable_truncate: true only_passing: true ################ # internal tls # ################ # consul_enable_tls: false consul_tls_configuration: defaults: ca_file: "/etc/ssl/certs/ca-certificates.crt" cert_file: "{{ consul_certs_dir }}/fullchain.crt" key_file: "{{ consul_certs_dir }}/cert.key" verify_incoming: false verify_outgoing: true internal_rpc: verify_server_hostname: true consul_certificates_extra_files_dir: - src: "{{ hashistack_sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}" dest: "{{ consul_certs_dir }}" ########################### # telemetry configuration # ########################### consul_enable_prometheus_metrics: false consul_prometheus_retention_time: 60s consul_telemetry_configuration: {} ########### # logging # ########### # consul_log_level: info consul_enable_log_to_file: "{{ enable_log_to_file | bool }}" consul_log_to_file_configuration: log_file: "{{ consul_logs_dir }}/consul.log" log_rotate_duration: 24h log_rotate_max_files: 30