datacenter = "{{ main_dc_name }}" domain = "{{ consul_domain }}" encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}" verify_incoming = false verify_outgoing = true verify_server_hostname = true ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}" auto_encrypt { tls = true } bind_addr = "{{ ansible_default_ipv4.address }}" start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"] data_dir = "/opt/consul" log_level = "INFO" raft_protocol = 3 addresses { http = "0.0.0.0" } acl { enabled = true default_policy = "deny" enable_token_persistence = true tokens { agent = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['server-acl-token'] }}" } }