datacenter = "{{ consul_dc }}" domain = "consul" encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}" verify_incoming = false verify_outgoing = true verify_server_hostname = true ca_file = "{{ consul_config_path }}/certs/consul-agent-ca.pem" auto_encrypt { tls = true } bind_addr = "{{ ansible_default_ipv4.address }}" start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"] data_dir = "/opt/consul" log_level = "INFO" raft_protocol = 3 addresses { http = "0.0.0.0" } acl { enabled = true default_policy = "deny" enable_token_persistence = true tokens { agent = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['server-acl-token'] }}" } }