jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-12 00:03:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
ansible-roles/roles/consul/templates/consul.hcl.j2
Daniel Berteaud fc993adf3d Update to 2024-10-08 16:00
2024-10-08 16:00:13 +02:00

192 lines
5.4 KiB
Django/Jinja
Raw Blame History

data_dir = "{{ consul_root_dir }}/data"
bind_addr = "0.0.0.0"
client_addr = "0.0.0.0"
advertise_addr = "{{ consul_conf.advertise_addr }}"
{% if consul_conf.datacenter is defined %}
datacenter = "{{ consul_conf.datacenter }}"
{% endif %}
{% if consul_conf.primary_datacenter is defined %}
primary_datacenter = "{{ consul_conf.primary_datacenter }}"
{% endif %}
{% if consul_conf.node_name is defined %}
node_name = {{ consul_conf.node_name }}
{% endif %}
ports {
{% for service in consul_services.keys() | list %}
{% if service not in ['sidecar', 'expose'] and consul_services[service].port is defined %}
{{ service }} = {{ consul_services[service].port }}
{% elif service in ['sidecar', 'expose'] %}
{{ service }}_min_port = {{ consul_services[service].port | split(':') | first }}
{{ service }}_max_port = {{ consul_services[service].port | split(':') | last }}
{% endif %}
{% endfor %}
}
retry_join = [
{% for server in consul_servers %}
"{{ server }}",
{% endfor %}
]
{% if consul_conf.server %}
server = true
bootstrap_expect = {{ consul_conf.bootstrap_expect }}
performance {
raft_multiplier = {{ consul_conf.performance.raft_multiplier }}
}
{% endif %}
{% if consul_conf.raft_logstore is defined %}
raft_logstore {
{% for key in ['backend'] %}
{% if consul_conf.raft_logstore[key] is defined %}
{{ key }} = "{{ consul_conf.raft_logstore[key] }}"
{% endif %}
{% endfor %}
{% if consul_conf.raft_logstore.disable_log_cache is defined %}
disable_log_cache = {{ consul_conf.raft_logstore.disable_log_cache | ternary('true', 'false') }}
{% endif %}
{% if consul_conf.raft_logstore.boltdb is defined and consul_conf.raft_logstore.boltdb.no_freelist_sync is defined %}
boltdb {
no_freelist_sync = {{ consul_conf.raft_logstore.boltdb.no_freelist_sync | ternary('true', 'false') }}
}
{% endif %}
{% if consul_conf.raft_logstore.wal is defined and consul_conf.raft_logstore.wal.segment_size_mb is defined %}
wal {
segment_size_mb = {{ consul_conf.raft_logstore.wal.segment_size_mb }}
}
{% endif %}
}
{% endif %}
{% for key in ['raft_protocol', 'raft_snapshot_interval'] %}
{% if consul_conf[key] is defined %}
{{ key }} = "{{ consul_conf[key] }}"
{% endif %}
{% endfor %}
{% for key in ['raft_snapshot_threshold', 'raft_trailing_logs'] %}
{% if consul_conf.raft_logstore[key] is defined %}
{{ key }} = {{ consul_conf.raft_logstore[key] }}
{% endif %}
{% endfor %}
{% if consul_conf.encrypt is defined %}
encrypt = "{{ consul_conf.encrypt }}"
{% endif %}
ui_config {
enabled = {{ consul_conf.ui_config.enabled | ternary('true', 'false') }}
}
recursors = [
{% for dns in consul_conf.recursors %}
"{{ dns }}",
{% endfor %}
]
{% if consul_conf.domain is defined %}
domain = "{{ consul_conf.domain }}"
{% endif %}
{% if consul_conf.alt_domain is defined %}
alt_domain = "{{ consul_conf.alt_domain }}"
{% endif %}
telemetry {
prometheus_retention_time = "{{ consul_conf.telemetry.prometheus_retention_time }}"
disable_hostname = true
}
{% if consul_conf.connect.enabled %}
connect {
enabled = true
{% if consul_conf.connect.ca_provider is defined %}
ca_provider = "{{ consul_conf.connect.ca_provider }}"
ca_config {
{% for key in ['address', 'token', 'root_pki_path', 'intermediate_pki_path'] %}
{% if consul_conf.connect.ca_config[key] is defined %}
{{ key }} = "{{ consul_conf.connect.ca_config[key] }}"
{% endif %}
{% endfor %}
{% if consul_conf.connect.ca_config.auth_method is defined %}
auth_method {
{% if consul_conf.connect.ca_config.auth_method.approle is defined %}
type = "approle"
params {
{% for key in ['role_id', 'secret_id'] %}
{{ key }} = "{{ consul_conf.connect.ca_config.auth_method.approle[key] }}"
{% endfor %}
}
{% endif %}
}
{% endif %}
}
{% endif %}
}
{% endif %}
acl {
{% for key in ['enabled', 'enable_token_persistence'] %}
{% if consul_conf.acl[key] is defined %}
{{ key }} = {{ consul_conf.acl[key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
{% for key in ['token_ttl', 'policy_ttl', 'role_ttl', 'default_policy', 'down_policy', 'enable_key_list_policy'] %}
{% if consul_conf.acl[key] is defined %}
{{ key }} = "{{ consul_conf.acl[key] }}"
{% endif %}
{% endfor %}
tokens {
{% for key in ['initial_management', 'default', 'agent', 'agent_recovery', 'replication', 'config_file_service_registration', 'dns'] %}
{% if consul_conf.acl.tokens[key] is defined %}
{{ key }} = "{{ consul_conf.acl.tokens[key] }}"
{% endif %}
{% endfor %}
}
}
{% if consul_conf.tls.enabled %}
{% if consul_conf.server %}
# TLS settings
tls {
{% for section in ['defaults', 'grpc', 'https', 'internal_rpc'] %}
{% if consul_conf.tls[section] is defined %}
{{ section }} {
{% for key in ['ca_file', 'ca_path', 'cert_file', 'key_file', 'tls_min_version', 'tls_cipher_suites'] %}
{% if consul_conf.tls[section][key] is defined %}
{{ key }} = "{{ consul_conf.tls[section][key] }}"
{% endif %}
{% endfor %}
{% for key in ['verify_incoming', 'verify_outgoing', 'verify_server_hostname'] %}
{% if consul_conf.tls[section][key] is defined %}
{{ key }} = {{ consul_conf.tls[section][key] | ternary('true', 'false') }}
{% endif %}
{% endfor %}
}
{% endif %}
{% endfor %}
}
# auto_encrypt, to distribute certificates from servers to clients
auto_encrypt {
allow_tls = true
}
{% else %}
auto_encrypt {
tls = true
}
{% endif %}
{% endif %}
limits {
{% for key in ['http_max_conns_per_client'] %}
{% if consul_conf.limits[key] is defined %}
{{ key }} = {{ consul_conf.limits[key] }}
{% endif %}
{% endfor %}
}
Reference in New Issue View Git Blame Copy Permalink