--- ##################################################### # # # Non-Editable # # # ##################################################### ##################### # consul api config # ##################### consul_api_addr: "{{ consul_api_scheme }}://{{ api_interface_address }}:{{ consul_api_port[consul_api_scheme] }}" consul_api_scheme: "{{ 'https' if consul_enable_tls else 'http' }}" consul_api_port: http: 8500 https: 8501 ########################## # consul haproxy backend # ########################## consul_haproxy_frontend_options: - acl is_consul hdr(host) -i {{ consul_fqdn }} - use_backend consul_external if is_consul consul_haproxy_backends: - name: consul_external options: "{{ consul_external_backend_options + consul_external_backend_servers }}" consul_external_backend_options: - description consul external http backend - option forwardfor - option httpchk - http-check send meth GET uri / - default-server inter 2s fastinter 1s downinter 1s consul_external_backend_servers: | [ {% for host in groups['consul_servers'] %} 'server consul-{{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hostvars[host].consul_api_port[consul_api_scheme] }} check {{ 'ssl verify none ' if consul_enable_tls }}inter 5s'{% if not loop.last %},{% endif %} {% endfor %} ] ############################ # consul ACL configuration # ############################ consul_default_agent_policy: | node_prefix "" { policy = "write" } service_prefix "" { policy = "read" } ####################### # consul internal tls # ####################### consul_certificates_directory: "{{ hashi_consul_config_dir }}/tls" consul_certificates_extra_files_dir: - src: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}" dest: "{{ consul_certificates_directory }}" ######################### # consul role variables # ######################### hashi_consul_start_service: true hashi_consul_version: "{{ consul_versions[deployment_method] }}" hashi_consul_deploy_method: "{{ deployment_method }}" hashi_consul_env_variables: {} hashi_consul_config_dir: "/etc/consul.d" hashi_consul_data_dir: "/opt/consul" hashi_consul_extra_files: true hashi_consul_extra_files_list: "{{ ([] + (consul_certificates_extra_files_dir if consul_enable_tls else []) + (vault_plugin_extra_files_dir if vault_enable_plugins else []) + vault_extra_files_list) | unique | sort }}" hashi_consul_extra_container_volumes: "{{ default_container_extra_volumes | union(extra_consul_container_volumes) | unique | sort }}" hashi_consul_envoy_install: false hashi_consul_envoy_version: v1.27.2 hashi_consul_configuration: domain: "{{ consul_domain }}" datacenter: "{{ consul_datacenter }}" primary_datacenter: "{{ consul_primary_datacenter }}" data_dir: "{{ hashi_consul_data_dir }}" encrypt: "{{ consul_gossip_encryption_key }}" server: "{{ 'consul_servers' in group_names }}" retry_join: "{{ groups['consul_servers'] | map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) | list | to_json | from_json }}" ui_config: "{{ consul_ui_configuration }}" connect: "{{ consul_mesh_configuration }}" leave_on_terminate: "{{ consul_leave_on_terminate }}" rejoin_after_leave: "{{ consul_rejoin_after_leave }}" enable_script_checks: "{{ consul_enable_script_checks }}" enable_syslog: "{{ deployment_method == 'host' }}" log_level: INFO acl: "{{ consul_acl_configuration }}" dns_config: "{{ consul_dns_configuration }}" ports: dns: 8600 grpc: 8502 grpc_tls: 8503 server: 8300 serf_lan: 8301 serf_wan: 8302 sidecar_min_port: 21000 sidecar_max_port: 21255 expose_min_port: 21500 expose_max_port: 21755 # this is used to circumvent jinja limitation to convert string to integer hashi_consul_configuration_string: | bootstrap_expect: {{ (groups['consul_servers'] | length) }} ports: http: {{ (consul_api_port.http|int) if not consul_enable_tls else ('-1' | int) }} https: {{ (consul_api_port.https|int) if consul_enable_tls else ('-1' | int) }}