147 lines
3.2 KiB
YAML
147 lines
3.2 KiB
YAML
---
|
|
# defaults file for hashicorp_consul
|
|
|
|
consul_version: "latest"
|
|
consul_start_service: true
|
|
consul_config_dir: "/etc/consul.d"
|
|
consul_data_dir: "/opt/consul"
|
|
consul_certs_dir: "{{ consul_config_dir }}/tls"
|
|
consul_logs_dir: "/var/log/consul"
|
|
|
|
consul_envoy_install: false
|
|
consul_envoy_version: latest
|
|
|
|
consul_extra_files: false
|
|
consul_extra_files_list: []
|
|
|
|
consul_env_variables: {}
|
|
|
|
#######################
|
|
# extra configuration #
|
|
#######################
|
|
|
|
# You should prioritize adding configuration
|
|
# to the configuration entries below, this
|
|
# option should be used to add pieces of configuration not
|
|
# available through standard variables.
|
|
|
|
consul_extra_configuration: {}
|
|
|
|
###########
|
|
# general #
|
|
###########
|
|
|
|
consul_domain: consul
|
|
consul_datacenter: dc1
|
|
consul_primary_datacenter: "{{ consul_datacenter }}"
|
|
consul_gossip_encryption_key: "{{ 'mysupersecretgossipencryptionkey'|b64encode }}"
|
|
consul_enable_script_checks: false
|
|
|
|
#######################
|
|
# leave configuration #
|
|
#######################
|
|
|
|
consul_leave_on_terminate: true
|
|
consul_rejoin_after_leave: true
|
|
|
|
######################
|
|
# join configuration #
|
|
######################
|
|
|
|
consul_join_configuration:
|
|
retry_join:
|
|
- "{{ ansible_default_ipv4.address }}"
|
|
retry_interval: 30s
|
|
retry_max: 0
|
|
|
|
########################
|
|
# server configuration #
|
|
########################
|
|
|
|
consul_enable_server: true
|
|
consul_bootstrap_expect: 1
|
|
|
|
####################
|
|
# ui configuration #
|
|
####################
|
|
|
|
consul_ui_configuration:
|
|
enabled: "{{ consul_enable_server }}"
|
|
|
|
#########################
|
|
# address configuration #
|
|
#########################
|
|
|
|
consul_bind_addr: "0.0.0.0"
|
|
consul_advertise_addr: "{{ ansible_default_ipv4.address }}"
|
|
consul_address_configuration:
|
|
client_addr: "{{ consul_bind_addr }}"
|
|
bind_addr: "{{ consul_advertise_addr }}"
|
|
advertise_addr: "{{ consul_advertise_addr }}"
|
|
|
|
#####################
|
|
# ACL configuration #
|
|
#####################
|
|
|
|
consul_acl_configuration:
|
|
enabled: false
|
|
default_policy: "deny"
|
|
enable_token_persistence: true
|
|
# tokens:
|
|
# agent: ""
|
|
|
|
##############################
|
|
# service mesh configuration #
|
|
##############################
|
|
|
|
consul_mesh_configuration:
|
|
enabled: false
|
|
|
|
#####################
|
|
# DNS configuration #
|
|
#####################
|
|
|
|
consul_dns_configuration:
|
|
allow_stale: true
|
|
enable_truncate: true
|
|
only_passing: true
|
|
|
|
################
|
|
# internal tls #
|
|
################
|
|
|
|
consul_enable_tls: false
|
|
consul_tls_configuration:
|
|
defaults:
|
|
ca_file: "/etc/ssl/certs/ca-certificates.crt"
|
|
cert_file: "{{ consul_certs_dir }}/cert.pem"
|
|
key_file: "{{ consul_certs_dir }}/key.pem"
|
|
verify_incoming: false
|
|
verify_outgoing: true
|
|
internal_rpc:
|
|
verify_server_hostname: true
|
|
|
|
consul_certificates_extra_files_dir:
|
|
[]
|
|
# - src: ""
|
|
# dest: "{{ consul_certs_dir }}"
|
|
|
|
###########################
|
|
# telemetry configuration #
|
|
###########################
|
|
|
|
consul_enable_prometheus_metrics: false
|
|
consul_prometheus_retention_time: 60s
|
|
consul_telemetry_configuration: {}
|
|
|
|
###########
|
|
# logging #
|
|
###########
|
|
|
|
consul_log_level: info
|
|
consul_enable_log_to_file: false
|
|
consul_log_to_file_configuration:
|
|
log_file: "{{ consul_logs_dir }}/consul.log"
|
|
log_rotate_duration: 24h
|
|
log_rotate_max_files: 30
|