datacenter = "{{ consul_dc }}" domain = "consul" server = true bootstrap_expect = 3 ui = true encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}" verify_incoming = true verify_outgoing = true verify_server_hostname = true ca_file = "{{ consul_config_path }}/certs/consul-agent-ca.pem" cert_file = "{{ consul_config_path }}/certs/consul-server.pem" key_file = "{{ consul_config_path }}/certs/consul-server.key" auto_encrypt { allow_tls = true } bind_addr = "{{ ansible_default_ipv4.address }}" start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"] data_dir = "/opt/consul" log_level = "INFO" raft_protocol = 3 addresses { http = "0.0.0.0" } performance { raft_multiplier = 1 } acl { enabled = true default_policy = "deny" enable_token_persistence = true tokens { agent = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['server-acl-token'] }}" } }