34 lines
883 B
Django/Jinja
34 lines
883 B
Django/Jinja
datacenter = "{{ consul_dc }}"
|
|
domain = "consul"
|
|
|
|
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['gossip'] }}"
|
|
|
|
verify_incoming = false
|
|
verify_outgoing = true
|
|
verify_server_hostname = true
|
|
ca_file = "{{ consul_config_path }}/certs/consul-agent-ca.pem"
|
|
|
|
auto_encrypt {
|
|
tls = true
|
|
}
|
|
|
|
bind_addr = "{{ ansible_default_ipv4.address }}"
|
|
start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"]
|
|
|
|
data_dir = "/opt/consul"
|
|
log_level = "INFO"
|
|
raft_protocol = 3
|
|
|
|
addresses {
|
|
http = "0.0.0.0"
|
|
}
|
|
|
|
acl {
|
|
enabled = true
|
|
default_policy = "deny"
|
|
enable_token_persistence = true
|
|
tokens {
|
|
agent = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data')['server-acl-token'] }}"
|
|
}
|
|
}
|