hcp-ansible/playbooks/group_vars/all/consul.yml

---
#####################################################
#                                                   #
#                Consul Configuration               #
#                                                   #
#####################################################

consul_domain: consul
consul_datacenter: dc1
consul_primary_datacenter: dc1
consul_leave_on_terminate: true
consul_rejoin_after_leave: true
consul_enable_script_checks: true

########################
# consul haproxy backend
########################
consul_haproxy_frontends:
  - name: consul_internal
    options:
      - description consul internal gossip frontend
      - mode tcp
      - option tcplog
      - bind :{{ hashi_consul_configuration.ports.serf_lan }}
      - default_backend consul_internal
  - name: consul_external
    options:
      - description consul external http frontend
      - mode http
      - bind :80
      - default_backend consul_external

consul_haproxy_backends:
  - name: consul_internal
    options: "{{ consul_internal_backend_options + consul_internal_backend_servers }}"
  - name: consul_external
    options: "{{ consul_external_backend_options + consul_external_backend_servers }}"

consul_internal_backend_options:
  - description consul internal gossip backend

consul_internal_backend_servers: |
  [
    {% for host in groups['consul_servers'] %}
      'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.serf_lan }} check inter 3s'{% if not loop.last %},{% endif %}
    {% endfor %}
  ]

consul_external_backend_options:
  - description consul external http backend
  - option forwardfor
  - option httpchk
  - http-check send meth GET uri /

consul_external_backend_servers: |
  [
    {% for host in groups['consul_servers'] %}
      'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.http }} check inter 5s'{% if not loop.last %},{% endif %}
    {% endfor %}
  ]

##############################
# consul address configuration
##############################

consul_address_configuration:
  # The address to which Consul will bind client interfaces,
  # including the HTTP and DNS servers.
  client_addr: "0.0.0.0"
  # The address that should be bound to for internal cluster communications.
  bind_addr: "{{ api_interface_address }}"
  # The advertise address is used to change the address that we advertise to other nodes in the cluster.
  advertise_addr: "{{ api_interface_address }}"

##########################
# consul ACL configuration
##########################

consul_acl_configuration:
  enabled: true
  default_policy: "deny" # can be allow or deny
  enable_token_persistence: true

consul_default_agent_policy: |
  agent_prefix "" {
    policy = "write"
  }
  node_prefix "" {
    policy = "write"
  }
  service_prefix "" {
    policy = "read"
  }

##########################
# consul DNS configuration
##########################

consul_dns_configuration:
  allow_stale: true
  enable_truncate: true
  only_passing: true

#########################
# consul ui configuration
#########################

consul_ui_configuration:
  enabled: true

###################################
# consul service mesh configuration
###################################

consul_mesh_configuration:
  enabled: true

#####################
# extra configuration
#####################

consul_extra_configuration: {}

###############
# configuration
###############

hashi_consul_start_service: true
hashi_consul_version: latest
hashi_consul_deploy_method: "{{ deployment_method }}"
hashi_consul_env_variables: {}
hashi_cosul_config_dir: "/etc/consul.d"
hashi_consul_data_dir: "/opt/consul"
hashi_consul_extra_files: false
hashi_consul_extra_files_src: "{{ sub_configuration_directories.consul_servers }}/config"
hashi_consul_extra_files_dst: "{{ hashi_consul_config_dir }}/config"
hashi_consul_envoy_install: false
hashi_consul_envoy_version: v1.27.2
hashi_consul_configuration:
  domain: "{{ consul_domain }}"
  datacenter: "{{ consul_datacenter }}"
  primary_datacenter: "{{ consul_primary_datacenter }}"
  data_dir: "{{ hashi_consul_data_dir }}"
  encrypt: "" # "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
  server: "{{ 'consul_servers' in group_names }}"
  retry_join: "{{
    groups['consul_servers'] |
    map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
    list |
    to_json |
    from_json
    }}"
  ui_config: "{{ consul_ui_configuration }}"
  connect: "{{ consul_mesh_configuration }}"
  leave_on_terminate: true
  rejoin_after_leave: true
  enable_script_checks: true
  enable_syslog: "{{ deployment_method == 'host' }}"
  log_level: INFO
  acl: "{{ consul_acl_configuration }}"
  dns_config: "{{ consul_dns_configuration }}"
  ports:
    dns: 8600
    http: 8500
    https: -1
    grpc: 8502
    grpc_tls: 8503
    server: 8300
    serf_lan: 8301
    serf_wan: 8302
    sidecar_min_port: 21000
    sidecar_max_port: 21255
    expose_min_port: 21500
    expose_max_port: 21755

# this is used to circumvent jinja limitation to convert string to integer
hashi_consul_configuration_string: |
  bootstrap_expect: {{ (groups['consul_servers'] | length) }}
feat(deploy): add haproxy deployment, integrate with consul 2024-03-17 09:57:02 +00:00			`---`
			`#####################################################`
			`# #`
			`# Consul Configuration #`
			`# #`
			`#####################################################`

			`consul_domain: consul`
			`consul_datacenter: dc1`
			`consul_primary_datacenter: dc1`
			`consul_leave_on_terminate: true`
			`consul_rejoin_after_leave: true`
			`consul_enable_script_checks: true`

			`########################`
			`# consul haproxy backend`
			`########################`
			`consul_haproxy_frontends:`
			`- name: consul_internal`
			`options:`
			`- description consul internal gossip frontend`
			`- mode tcp`
			`- option tcplog`
			`- bind :{{ hashi_consul_configuration.ports.serf_lan }}`
			`- default_backend consul_internal`
			`- name: consul_external`
			`options:`
			`- description consul external http frontend`
			`- mode http`
			`- bind :80`
			`- default_backend consul_external`

			`consul_haproxy_backends:`
			`- name: consul_internal`
			`options: "{{ consul_internal_backend_options + consul_internal_backend_servers }}"`
			`- name: consul_external`
			`options: "{{ consul_external_backend_options + consul_external_backend_servers }}"`

			`consul_internal_backend_options:`
			`- description consul internal gossip backend`

			`consul_internal_backend_servers: \|`
			`[`
			`{% for host in groups['consul_servers'] %}`
			`'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.serf_lan }} check inter 3s'{% if not loop.last %},{% endif %}`
			`{% endfor %}`
			`]`

			`consul_external_backend_options:`
			`- description consul external http backend`
			`- option forwardfor`
			`- option httpchk`
			`- http-check send meth GET uri /`

			`consul_external_backend_servers: \|`
			`[`
			`{% for host in groups['consul_servers'] %}`
			`'server {{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hashi_consul_configuration.ports.http }} check inter 5s'{% if not loop.last %},{% endif %}`
			`{% endfor %}`
			`]`

			`##############################`
			`# consul address configuration`
			`##############################`

			`consul_address_configuration:`
			`# The address to which Consul will bind client interfaces,`
			`# including the HTTP and DNS servers.`
			`client_addr: "0.0.0.0"`
			`# The address that should be bound to for internal cluster communications.`
			`bind_addr: "{{ api_interface_address }}"`
			`# The advertise address is used to change the address that we advertise to other nodes in the cluster.`
			`advertise_addr: "{{ api_interface_address }}"`

			`##########################`
			`# consul ACL configuration`
			`##########################`

			`consul_acl_configuration:`
			`enabled: true`
			`default_policy: "deny" # can be allow or deny`
			`enable_token_persistence: true`

			`consul_default_agent_policy: \|`
			`agent_prefix "" {`
			`policy = "write"`
			`}`
			`node_prefix "" {`
			`policy = "write"`
			`}`
			`service_prefix "" {`
			`policy = "read"`
			`}`

			`##########################`
			`# consul DNS configuration`
			`##########################`

			`consul_dns_configuration:`
			`allow_stale: true`
			`enable_truncate: true`
			`only_passing: true`

			`#########################`
			`# consul ui configuration`
			`#########################`

			`consul_ui_configuration:`
			`enabled: true`

			`###################################`
			`# consul service mesh configuration`
			`###################################`

			`consul_mesh_configuration:`
			`enabled: true`

			`#####################`
			`# extra configuration`
			`#####################`

			`consul_extra_configuration: {}`

			`###############`
			`# configuration`
			`###############`

			`hashi_consul_start_service: true`
			`hashi_consul_version: latest`
			`hashi_consul_deploy_method: "{{ deployment_method }}"`
			`hashi_consul_env_variables: {}`
			`hashi_cosul_config_dir: "/etc/consul.d"`
			`hashi_consul_data_dir: "/opt/consul"`
			`hashi_consul_extra_files: false`
			`hashi_consul_extra_files_src: "{{ sub_configuration_directories.consul_servers }}/config"`
			`hashi_consul_extra_files_dst: "{{ hashi_consul_config_dir }}/config"`
			`hashi_consul_envoy_install: false`
			`hashi_consul_envoy_version: v1.27.2`
			`hashi_consul_configuration:`
			`domain: "{{ consul_domain }}"`
			`datacenter: "{{ consul_datacenter }}"`
			`primary_datacenter: "{{ consul_primary_datacenter }}"`
			`data_dir: "{{ hashi_consul_data_dir }}"`
			`encrypt: "" # "{{ 'mysupersecretgossipencryptionkey'\|b64encode }}"`
			`server: "{{ 'consul_servers' in group_names }}"`
			`retry_join: "{{`
			`groups['consul_servers'] \|`
			`map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) \|`
			`list \|`
			`to_json \|`
			`from_json`
			`}}"`
			`ui_config: "{{ consul_ui_configuration }}"`
			`connect: "{{ consul_mesh_configuration }}"`
			`leave_on_terminate: true`
			`rejoin_after_leave: true`
			`enable_script_checks: true`
			`enable_syslog: "{{ deployment_method == 'host' }}"`
			`log_level: INFO`
			`acl: "{{ consul_acl_configuration }}"`
			`dns_config: "{{ consul_dns_configuration }}"`
			`ports:`
			`dns: 8600`
			`http: 8500`
			`https: -1`
			`grpc: 8502`
			`grpc_tls: 8503`
			`server: 8300`
			`serf_lan: 8301`
			`serf_wan: 8302`
			`sidecar_min_port: 21000`
			`sidecar_max_port: 21255`
			`expose_min_port: 21500`
			`expose_max_port: 21755`

			`# this is used to circumvent jinja limitation to convert string to integer`
			`hashi_consul_configuration_string: \|`
			`bootstrap_expect: {{ (groups['consul_servers'] \| length) }}`