---
#####################################################
#                                                   #
#                Consul Configuration               #
#                                                   #
#####################################################

consul_domain: consul
consul_datacenter: dc1
consul_primary_datacenter: dc1
consul_leave_on_terminate: true
consul_rejoin_after_leave: true
consul_enable_script_checks: true

########################
# consul haproxy backend
########################
consul_haproxy_frontends:
  - name: consul_internal
    options:
      - description consul internal gossip frontend
      - mode tcp
      - option tcplog
      - bind :{{ hashi_consul_configuration.ports.serf_lan }}
      - default_backend consul_internal
  - name: consul_external
    options:
      - description consul external http frontend
      - mode http
      - bind :80
      - default_backend consul_external

consul_haproxy_backends:
  - name: consul_internal
    options: "{{ consul_internal_backend_options + consul_internal_backend_servers }}"
  - name: consul_external
    options: "{{ consul_external_backend_options + consul_external_backend_servers }}"

consul_internal_backend_options:
  - description consul internal gossip backend

consul_internal_backend_servers: |
  [
    {% for host in groups['consul_servers'] %}
      'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.serf_lan }} check inter 3s'{% if not loop.last %},{% endif %}
    {% endfor %}
  ]

consul_external_backend_options:
  - description consul external http backend
  - option forwardfor
  - option httpchk
  - http-check send meth GET uri /

consul_external_backend_servers: |
  [
    {% for host in groups['consul_servers'] %}
      'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.http }} check inter 5s'{% if not loop.last %},{% endif %}
    {% endfor %}
  ]

##############################
# consul address configuration
##############################

consul_address_configuration:
  # The address to which Consul will bind client interfaces,
  # including the HTTP and DNS servers.
  client_addr: "0.0.0.0"
  # The address that should be bound to for internal cluster communications.
  bind_addr: "{{ api_interface_address }}"
  # The advertise address is used to change the address that we advertise to other nodes in the cluster.
  advertise_addr: "{{ api_interface_address }}"

##########################
# consul ACL configuration
##########################

consul_acl_configuration:
  enabled: true
  default_policy: "deny" # can be allow or deny
  enable_token_persistence: true

consul_default_agent_policy: |
  agent_prefix "" {
    policy = "write"
  }
  node_prefix "" {
    policy = "write"
  }
  service_prefix "" {
    policy = "read"
  }

##########################
# consul DNS configuration
##########################

consul_dns_configuration:
  allow_stale: true
  enable_truncate: true
  only_passing: true

#########################
# consul ui configuration
#########################

consul_ui_configuration:
  enabled: true

###################################
# consul service mesh configuration
###################################

consul_mesh_configuration:
  enabled: true

#####################
# extra configuration
#####################

consul_extra_configuration: {}

###############
# configuration
###############

hashi_consul_start_service: true
hashi_consul_version: latest
hashi_consul_deploy_method: "{{ deployment_method }}"
hashi_consul_env_variables: {}
hashi_cosul_config_dir: "/etc/consul.d"
hashi_consul_data_dir: "/opt/consul"
hashi_consul_extra_files: false
hashi_consul_extra_files_src: "{{ sub_configuration_directories.consul_servers }}/config"
hashi_consul_extra_files_dst: "{{ hashi_consul_config_dir }}/config"
hashi_consul_envoy_install: false
hashi_consul_envoy_version: v1.27.2
hashi_consul_configuration:
  domain: "{{ consul_domain }}"
  datacenter: "{{ consul_datacenter }}"
  primary_datacenter: "{{ consul_primary_datacenter }}"
  data_dir: "{{ hashi_consul_data_dir }}"
  encrypt: "" # "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
  server: "{{ 'consul_servers' in group_names }}"
  retry_join: "{{
    groups['consul_servers'] |
    map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
    list |
    to_json |
    from_json
    }}"
  ui_config: "{{ consul_ui_configuration }}"
  connect: "{{ consul_mesh_configuration }}"
  leave_on_terminate: true
  rejoin_after_leave: true
  enable_script_checks: true
  enable_syslog: "{{ deployment_method == 'host' }}"
  log_level: INFO
  acl: "{{ consul_acl_configuration }}"
  dns_config: "{{ consul_dns_configuration }}"
  ports:
    dns: 8600
    http: 8500
    https: -1
    grpc: 8502
    grpc_tls: 8503
    server: 8300
    serf_lan: 8301
    serf_wan: 8302
    sidecar_min_port: 21000
    sidecar_max_port: 21255
    expose_min_port: 21500
    expose_max_port: 21755

# this is used to circumvent jinja limitation to convert string to integer
hashi_consul_configuration_string: |
  bootstrap_expect: {{ (groups['consul_servers'] | length) }}