2020-08-30 00:22:52 +00:00
|
|
|
datacenter = "{{ main_dc_name }}"
|
2020-08-30 07:33:20 +00:00
|
|
|
primary_datacenter = "{{ main_dc_name }}"
|
2020-08-30 00:22:52 +00:00
|
|
|
domain = "{{ consul_domain }}"
|
2020-08-30 07:33:20 +00:00
|
|
|
node_name = "{{ inventory_hostname_short }}"
|
2020-08-27 19:23:27 +00:00
|
|
|
server = true
|
|
|
|
bootstrap_expect = 3
|
|
|
|
ui = true
|
|
|
|
|
2022-11-06 02:11:23 +00:00
|
|
|
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:gossip ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
2020-08-27 19:23:27 +00:00
|
|
|
|
|
|
|
verify_outgoing = true
|
|
|
|
verify_server_hostname = true
|
2020-10-01 02:16:38 +00:00
|
|
|
verify_incoming_https = false
|
|
|
|
verify_incoming_rpc = true
|
2020-08-30 00:22:52 +00:00
|
|
|
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
2020-08-27 19:23:27 +00:00
|
|
|
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
|
|
|
|
key_file = "{{ consul_config_path }}/certs/consul-server.key"
|
|
|
|
|
|
|
|
auto_encrypt {
|
|
|
|
allow_tls = true
|
|
|
|
}
|
|
|
|
|
2020-08-21 04:26:07 +00:00
|
|
|
bind_addr = "{{ ansible_default_ipv4.address }}"
|
|
|
|
start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"]
|
2020-08-27 19:23:27 +00:00
|
|
|
|
2020-08-21 04:26:07 +00:00
|
|
|
data_dir = "/opt/consul"
|
|
|
|
log_level = "INFO"
|
2020-08-21 04:34:41 +00:00
|
|
|
raft_protocol = 3
|
2020-08-27 19:23:27 +00:00
|
|
|
|
2020-09-21 01:42:35 +00:00
|
|
|
enable_local_script_checks = true
|
|
|
|
|
2020-08-21 04:26:07 +00:00
|
|
|
addresses {
|
2020-10-13 02:39:23 +00:00
|
|
|
http = "127.0.0.1"
|
2020-10-01 02:16:38 +00:00
|
|
|
https = "0.0.0.0"
|
|
|
|
dns = "0.0.0.0"
|
|
|
|
}
|
|
|
|
|
|
|
|
ports {
|
2020-10-13 02:39:23 +00:00
|
|
|
http = 8500
|
2020-10-01 02:16:38 +00:00
|
|
|
https = 8501
|
2020-08-21 04:26:07 +00:00
|
|
|
}
|
2020-08-27 19:23:27 +00:00
|
|
|
|
2020-08-21 04:26:07 +00:00
|
|
|
performance {
|
|
|
|
raft_multiplier = 1
|
|
|
|
}
|
2020-08-27 19:23:27 +00:00
|
|
|
|
|
|
|
acl {
|
|
|
|
enabled = true
|
|
|
|
default_policy = "deny"
|
|
|
|
enable_token_persistence = true
|
|
|
|
tokens {
|
2022-11-06 02:11:23 +00:00
|
|
|
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:server-acl-token ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt') }}"
|
2020-08-27 19:23:27 +00:00
|
|
|
}
|
|
|
|
}
|