consul/defaults/main.yaml
2023-08-09 17:18:03 +03:00

60 lines
2.0 KiB
YAML

consul_version: "1.15.4"
consul_config_path: "/etc/consul.d"
consul_data_path: "/opt/consul"
consul_user: "consul"
consul_group: "consul"
consul_install_official_repo: true
consul_cluster_group: "consul"
consul_server_group: "consul_server"
consul_agent_group: "consul_agent"
consul_config: {}
consul_default_config:
bind_addr: "{{ ansible_default_ipv4.address }}"
server: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
ui_config:
enabled: "{{ true if inventory_hostname in groups[consul_server_group] else false }}"
log_level: info
retry_join: "{{ groups[consul_server_group] | default([])}}"
retry_interval: "30s"
datacenter: "main"
bootstrap_expect: "{{ groups[consul_server_group]|length|int if inventory_hostname in groups[consul_server_group] else omit }}"
performance:
raft_multiplier: 1
acl:
enabled: false
default_policy: "deny"
down_policy: "extend-cache"
enable_token_persistence: true
consul_ssl: false
consul_ssl_path: "/etc/consul.d/ssl"
consul_self_signed_cert: false
consul_self_signed_cert_name: "consul-tls"
consul_server_ssl_config: {}
consul_server_ssl_default_config:
ports:
https: 8501
verify_incoming: true
verify_outgoing: true
verify_server_hostname: false
ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
auto_encrypt:
allow_tls: true
consul_agent_ssl_config: {}
consul_agent_ssl_default_config:
ports:
https: 8501
verify_incoming: true
verify_outgoing: true
verify_server_hostname: false
ca_file: "{{ consul_ssl_path }}/CA-{{ consul_self_signed_cert_name }}.crt"
cert_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.crt"
key_file: "{{ consul_ssl_path }}/{{ consul_self_signed_cert_name }}.key"
is_virtualenv: "{{ lookup('env','VIRTUAL_ENV') | default('') }}"