Bertrand Lanson
b7bd59d5fa
All checks were successful
development / Check commit compliance (push) Successful in 31s
128 lines
4.2 KiB
YAML
128 lines
4.2 KiB
YAML
---
|
|
#####################################################
|
|
# #
|
|
# Non-Editable #
|
|
# #
|
|
#####################################################
|
|
|
|
consul_init_server: "{{ (inventory_hostname == groups['consul_servers'][0]) | bool }}"
|
|
|
|
#####################
|
|
# consul api config #
|
|
#####################
|
|
|
|
consul_api_addr: "{{ consul_api_scheme }}://{{ api_interface_address }}:{{ consul_api_port[consul_api_scheme] }}"
|
|
consul_api_scheme: "{{ 'https' if consul_enable_tls else 'http' }}"
|
|
consul_api_port:
|
|
http: 8500
|
|
https: 8501
|
|
|
|
##########################
|
|
# consul haproxy backend #
|
|
##########################
|
|
|
|
consul_haproxy_frontend_options:
|
|
- acl is_consul hdr(host) -i {{ consul_fqdn }}
|
|
- use_backend consul_external if is_consul
|
|
|
|
consul_haproxy_backends:
|
|
- name: consul_external
|
|
options: "{{ consul_external_backend_options + consul_external_backend_servers }}"
|
|
|
|
consul_external_backend_options:
|
|
- description consul external http backend
|
|
- option forwardfor
|
|
- option httpchk
|
|
- http-check send meth GET uri /
|
|
- default-server inter 2s fastinter 1s downinter 1s
|
|
|
|
consul_external_backend_servers: |
|
|
[
|
|
{% for host in groups['consul_servers'] %}
|
|
'server consul-{{ hostvars[host].api_interface_address }} {{ hostvars[host].api_interface_address }}:{{ hostvars[host].consul_api_port[consul_api_scheme] }} check {{ 'ssl verify none ' if consul_enable_tls }}inter 5s'{% if not loop.last %},{% endif %}
|
|
{% endfor %}
|
|
]
|
|
|
|
############################
|
|
# consul ACL configuration #
|
|
############################
|
|
|
|
consul_default_agent_policy: |
|
|
node_prefix "" {
|
|
policy = "write"
|
|
}
|
|
service_prefix "" {
|
|
policy = "read"
|
|
}
|
|
|
|
#######################
|
|
# consul internal tls #
|
|
#######################
|
|
|
|
consul_certificates_directory: "{{ hashicorp_consul_config_dir }}/tls"
|
|
consul_certificates_extra_files_dir:
|
|
- src: "{{ sub_configuration_directories['certificates'] }}/consul/{{ inventory_hostname }}"
|
|
dest: "{{ consul_certificates_directory }}"
|
|
|
|
#########################
|
|
# consul role variables #
|
|
#########################
|
|
|
|
hashicorp_consul_start_service: true
|
|
hashicorp_consul_service_name: "consul"
|
|
hashicorp_consul_version: "{{ consul_version }}"
|
|
hashicorp_consul_env_variables: {}
|
|
hashicorp_consul_config_dir: "/etc/consul.d"
|
|
hashicorp_consul_data_dir: "/opt/consul"
|
|
hashicorp_consul_extra_files: true
|
|
hashicorp_consul_extra_files_list: "{{ ([] +
|
|
(consul_certificates_extra_files_dir if consul_enable_tls else []) +
|
|
consul_extra_files_list)
|
|
| unique
|
|
| sort
|
|
}}"
|
|
hashicorp_consul_envoy_install: false
|
|
hashicorp_consul_envoy_version: v1.27.2
|
|
hashicorp_consul_configuration:
|
|
domain: "{{ consul_domain }}"
|
|
datacenter: "{{ consul_datacenter }}"
|
|
primary_datacenter: "{{ consul_primary_datacenter }}"
|
|
data_dir: "{{ hashicorp_consul_data_dir }}"
|
|
encrypt: "{{ _credentials.consul.gossip_encryption_key }}"
|
|
server: "{{ 'consul_servers' in group_names }}"
|
|
retry_join: "{{
|
|
groups['consul_servers'] |
|
|
map('extract', hostvars, ['consul_address_configuration', 'bind_addr']) |
|
|
list |
|
|
to_json |
|
|
from_json
|
|
}}"
|
|
ui_config: "{{ consul_ui_configuration }}"
|
|
connect: "{{ consul_mesh_configuration }}"
|
|
leave_on_terminate: "{{ consul_leave_on_terminate }}"
|
|
rejoin_after_leave: "{{ consul_rejoin_after_leave }}"
|
|
enable_script_checks: "{{ consul_enable_script_checks }}"
|
|
enable_syslog: true
|
|
acl: "{{ consul_acl_configuration }}"
|
|
dns_config: "{{ consul_dns_configuration }}"
|
|
ports:
|
|
dns: 8600
|
|
server: 8300
|
|
serf_lan: 8301
|
|
serf_wan: 8302
|
|
sidecar_min_port: 21000
|
|
sidecar_max_port: 21255
|
|
expose_min_port: 21500
|
|
expose_max_port: 21755
|
|
|
|
# this is used to circumvent jinja limitation to convert string to integer
|
|
hashicorp_consul_configuration_string: |
|
|
ports:
|
|
http: {{ (consul_api_port.http|int) if not consul_enable_tls else ('-1' | int) }}
|
|
https: {{ (consul_api_port.https|int) if consul_enable_tls else ('-1' | int) }}
|
|
grpc: {{ ('8502'|int) if not consul_enable_tls else ('-1' | int) }}
|
|
grpc_tls: {{ ('8503'|int) if consul_enable_tls else ('-1' | int) }}
|
|
|
|
hashicorp_consul_servers_configuration_string: |
|
|
bootstrap_expect: {{ (groups['consul_servers'] | length) }}
|