--- # defaults file for consul consul_version: "latest" consul_start_service: true consul_config_dir: "/etc/consul.d" consul_data_dir: "/opt/consul" consul_certs_dir: "{{ consul_config_dir }}/tls" consul_logs_dir: "/var/log/consul" consul_envoy_install: false consul_envoy_version: latest consul_extra_files: false consul_extra_files_list: [] consul_env_variables: {} ####################### # extra configuration # ####################### # You should prioritize adding configuration # to the configuration entries below, this # option should be used to add pieces of configuration not # available through standard variables. consul_extra_configuration: {} ########### # general # ########### consul_domain: consul consul_datacenter: dc1 consul_primary_datacenter: "{{ consul_datacenter }}" consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}" consul_enable_script_checks: false ####################### # leave configuration # ####################### consul_leave_on_terminate: true consul_rejoin_after_leave: true ###################### # join configuration # ###################### consul_join_configuration: retry_join: - "{{ ansible_default_ipv4.address }}" retry_interval: 30s retry_max: 0 ######################## # server configuration # ######################## consul_enable_server: true consul_bootstrap_expect: 1 #################### # ui configuration # #################### consul_ui_configuration: enabled: "{{ consul_enable_server }}" ######################### # address configuration # ######################### consul_bind_addr: "0.0.0.0" consul_advertise_addr: "{{ ansible_default_ipv4.address }}" consul_address_configuration: client_addr: "{{ consul_bind_addr }}" bind_addr: "{{ consul_advertise_addr }}" advertise_addr: "{{ consul_advertise_addr }}" ##################### # ACL configuration # ##################### consul_acl_configuration: enabled: false default_policy: "deny" enable_token_persistence: true # tokens: # agent: "" ############################## # service mesh configuration # ############################## consul_mesh_configuration: enabled: false ##################### # DNS configuration # ##################### consul_dns_configuration: allow_stale: true enable_truncate: true only_passing: true ################ # internal tls # ################ consul_enable_tls: false consul_tls_configuration: defaults: ca_file: "/etc/ssl/certs/ca-certificates.crt" cert_file: "{{ consul_certs_dir }}/cert.pem" key_file: "{{ consul_certs_dir }}/key.pem" verify_incoming: false verify_outgoing: true internal_rpc: verify_server_hostname: true consul_certificates_extra_files_dir: [] # - src: "" # dest: "{{ consul_certs_dir }}" ########################### # telemetry configuration # ########################### consul_enable_prometheus_metrics: false consul_prometheus_retention_time: 60s consul_telemetry_configuration: {} ########### # logging # ########### consul_log_level: info consul_enable_log_to_file: false consul_log_to_file_configuration: log_file: "{{ consul_logs_dir }}/consul.log" log_rotate_duration: 24h log_rotate_max_files: 30