consul/defaults/main.yaml

consul_version: 1.12.4
consul_config_path: "/etc/consul.d"
consul_data_path: "/opt/consul"
consul_user: consul
consul_group: consul
consul_install_repo: yes

consul_cluster_group: consul
consul_server_group: consul_server
consul_agent_group: consul_agent

consul_config: {}
consul_default_config:
  bind_addr: "{{ ansible_default_ipv4.address }}"
  server: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
  ui_config: 
    enabled: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
  log_level: info
  retry_join: "{{ groups[consul_server_group] | default([])}}"
  retry_interval: 30s
  datacenter: "main"
  bootstrap_expect: "{{ groups[consul_server_group]|length|int if inventory_hostname in groups[consul_server_group] else omit }}" 
  performance:
    raft_multiplier: 1
  acl:
    enabled: false
    default_policy: deny
    down_policy: extend-cache
    enable_token_persistence: true

consul_ssl: no
consul_ssl_path: "/etc/consul.d/ssl"
consul_self_signed_cert: no
consul_self_signed_cert_name: "consul-tls"
consul_server_ssl_config: {}
consul_server_ssl_default_config:
  ports:
    https: 8501
  verify_incoming: true
  verify_outgoing: true
  verify_server_hostname: false
  ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
  cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
  key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
  auto_encrypt:
   allow_tls: true

consul_agent_ssl_config: {}
consul_agent_ssl_default_config:
  ports:
    https: 8501
  verify_incoming: true
  verify_outgoing: true
  verify_server_hostname: false
  ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
  cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
  key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"

is_virtualenv: "{{ lookup('env','VIRTUAL_ENV') | default('') }}"