infra/ansible/roles/consul_server/templates/consul.hcl.j2

48 lines
1.3 KiB
Text
Raw Normal View History

datacenter = "{{ main_dc_name }}"
primary_datacenter = "{{ main_dc_name }}"
domain = "{{ consul_domain }}"
node_name = "{{ inventory_hostname_short }}"
2020-08-27 19:23:27 +00:00
server = true
bootstrap_expect = 3
ui = true
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
2020-08-27 19:23:27 +00:00
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
key_file = "{{ consul_config_path }}/certs/consul-server.key"
auto_encrypt {
allow_tls = true
}
2020-08-21 04:26:07 +00:00
bind_addr = "{{ ansible_default_ipv4.address }}"
start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"]
2020-08-27 19:23:27 +00:00
2020-08-21 04:26:07 +00:00
data_dir = "/opt/consul"
log_level = "INFO"
2020-08-21 04:34:41 +00:00
raft_protocol = 3
2020-08-27 19:23:27 +00:00
enable_local_script_checks = true
2020-08-21 04:26:07 +00:00
addresses {
http = "0.0.0.0"
dns = "0.0.0.0"
2020-08-21 04:26:07 +00:00
}
2020-08-27 19:23:27 +00:00
2020-08-21 04:26:07 +00:00
performance {
raft_multiplier = 1
}
2020-08-27 19:23:27 +00:00
acl {
enabled = true
default_policy = "deny"
enable_token_persistence = true
tokens {
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['server-acl-token'] }}"
2020-08-27 19:23:27 +00:00
}
}