55 lines
1.5 KiB
Django/Jinja
55 lines
1.5 KiB
Django/Jinja
datacenter = "{{ main_dc_name }}"
|
|
primary_datacenter = "{{ main_dc_name }}"
|
|
domain = "{{ consul_domain }}"
|
|
node_name = "{{ inventory_hostname_short }}"
|
|
server = true
|
|
bootstrap_expect = 3
|
|
ui = true
|
|
|
|
encrypt = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['gossip'] }}"
|
|
|
|
verify_outgoing = true
|
|
verify_server_hostname = true
|
|
verify_incoming_https = false
|
|
verify_incoming_rpc = true
|
|
ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"
|
|
cert_file = "{{ consul_config_path }}/certs/consul-server.pem"
|
|
key_file = "{{ consul_config_path }}/certs/consul-server.key"
|
|
|
|
auto_encrypt {
|
|
allow_tls = true
|
|
}
|
|
|
|
bind_addr = "{{ ansible_default_ipv4.address }}"
|
|
start_join = ["{{ groups['consul_server'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join('","') }}"]
|
|
|
|
data_dir = "/opt/consul"
|
|
log_level = "INFO"
|
|
raft_protocol = 3
|
|
|
|
enable_local_script_checks = true
|
|
|
|
addresses {
|
|
http = "127.0.0.1"
|
|
https = "0.0.0.0"
|
|
dns = "0.0.0.0"
|
|
}
|
|
|
|
ports {
|
|
http = 8500
|
|
https = 8501
|
|
}
|
|
|
|
performance {
|
|
raft_multiplier = 1
|
|
}
|
|
|
|
acl {
|
|
enabled = true
|
|
default_policy = "deny"
|
|
enable_token_persistence = true
|
|
tokens {
|
|
default = "{{ lookup('hashi_vault', 'secret=kv/data/consul:data ca_cert=/etc/pki/certs/MaskedName_Root_CA.crt')['server-acl-token'] }}"
|
|
}
|
|
}
|