--- ##################################################### # # # Non-Editable # # # ##################################################### ##################### # consul api config # ##################### consul_api_addr: "{{ consul_api_scheme }}://{{ api_interface_address }}:{{ consul_api_port[consul_api_scheme] }}" consul_api_scheme: "{{ 'https' if consul_enable_tls else 'http' }}" consul_api_port: http: 8500 https: 8501 ########################## # consul haproxy backend # ########################## consul_haproxy_frontend_options: - acl is_consul hdr(host) -i {{ consul_fqdn }} - use_backend consul_external if is_consul consul_haproxy_backends: - name: consul_external options: "{{ consul_external_backend_options + consul_external_backend_servers }}" consul_external_backend_options: - description consul external http backend - option forwardfor - option httpchk - http-check send meth GET uri / - default-server inter 2s fastinter 1s downinter 1s consul_external_backend_servers: | [ {% for host in groups['consul_servers'] %} 'server consul-{{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hostvars[host].consul_api_port[consul_api_scheme] }} check {{ 'ssl verify none ' if consul_enable_tls }}inter 5s'{% if not loop.last %},{% endif %} {% endfor %} ] ############################ # consul ACL configuration # ############################ consul_default_agent_policy: | node_prefix "" { policy = "write" } service_prefix "" { policy = "read" } ####################### # consul internal tls # ####################### consul_certificates_directory: "{{ hashicorp_consul_config_dir }}/tls" consul_certificates_extra_files_dir: - src: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}" dest: "{{ consul_certificates_directory }}" ######################### # consul role variables # ######################### hashicorp_consul_start_service: true hashicorp_consul_service_name: "consul" hashicorp_consul_version: "{{ consul_version }}" hashicorp_consul_env_variables: {} hashicorp_consul_config_dir: "/etc/consul.d" hashicorp_consul_data_dir: "/opt/consul" hashicorp_consul_extra_files: true hashicorp_consul_extra_files_list: "{{ ([] + (consul_certificates_extra_files_dir if consul_enable_tls else []) + consul_extra_files_list) | unique | sort }}" hashicorp_consul_envoy_install: false hashicorp_consul_envoy_version: v1.27.2 hashicorp_consul_configuration: domain: "{{ consul_domain }}" datacenter: "{{ consul_datacenter }}" primary_datacenter: "{{ consul_primary_datacenter }}" data_dir: "{{ hashicorp_consul_data_dir }}" encrypt: "{{ _credentials.consul.gossip_encryption_key }}" server: "{{ 'consul_servers' in group_names }}" retry_join: "{{ groups['consul_servers'] | map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) | list | to_json | from_json }}" ui_config: "{{ consul_ui_configuration }}" connect: "{{ consul_mesh_configuration }}" leave_on_terminate: "{{ consul_leave_on_terminate }}" rejoin_after_leave: "{{ consul_rejoin_after_leave }}" enable_script_checks: "{{ consul_enable_script_checks }}" enable_syslog: true acl: "{{ consul_acl_configuration }}" dns_config: "{{ consul_dns_configuration }}" ports: dns: 8600 server: 8300 serf_lan: 8301 serf_wan: 8302 sidecar_min_port: 21000 sidecar_max_port: 21255 expose_min_port: 21500 expose_max_port: 21755 # this is used to circumvent jinja limitation to convert string to integer hashicorp_consul_configuration_string: | ports: http: {{ (consul_api_port.http|int) if not consul_enable_tls else ('-1' | int) }} https: {{ (consul_api_port.https|int) if consul_enable_tls else ('-1' | int) }} grpc: {{ ('8502'|int) if not consul_enable_tls else ('-1' | int) }} grpc_tls: {{ ('8503'|int) if consul_enable_tls else ('-1' | int) }} hashicorp_consul_servers_configuration_string: | bootstrap_expect: {{ (groups['consul_servers'] | length) }}