data_dir = "{{ consul_root_dir }}/data" bind_addr = "0.0.0.0" client_addr = "0.0.0.0" advertise_addr = "{{ consul_conf.advertise_addr }}" {% if consul_conf.datacenter is defined %} datacenter = "{{ consul_conf.datacenter }}" {% endif %} {% if consul_conf.primary_datacenter is defined %} primary_datacenter = "{{ consul_conf.primary_datacenter }}" {% endif %} {% if consul_conf.node_name is defined %} node_name = {{ consul_conf.node_name }} {% endif %} ports { {% for service in consul_services.keys() | list %} {% if service not in ['sidecar', 'expose'] and consul_services[service].port is defined %} {{ service }} = {{ consul_services[service].port }} {% elif service in ['sidecar', 'expose'] %} {{ service }}_min_port = {{ consul_services[service].port | split(':') | first }} {{ service }}_max_port = {{ consul_services[service].port | split(':') | last }} {% endif %} {% endfor %} } retry_join = [ {% for server in consul_servers %} "{{ server }}", {% endfor %} ] {% if consul_conf.server %} server = true bootstrap_expect = {{ consul_conf.bootstrap_expect }} performance { raft_multiplier = {{ consul_conf.performance.raft_multiplier }} } {% endif %} {% if consul_conf.encrypt is defined %} encrypt = "{{ consul_conf.encrypt }}" {% endif %} ui_config { enabled = {{ consul_conf.ui_config.enabled | ternary('true', 'false') }} } recursors = [ {% for dns in consul_conf.recursors %} "{{ dns }}", {% endfor %} ] {% if consul_conf.domain is defined %} domain = "{{ consul_conf.domain }}" {% endif %} {% if consul_conf.alt_domain is defined %} alt_domain = "{{ consul_conf.alt_domain }}" {% endif %} telemetry { prometheus_retention_time = "{{ consul_conf.telemetry.prometheus_retention_time }}" } {% if consul_conf.connect.enabled %} connect { enabled = true {% if consul_conf.connect.ca_provider is defined %} ca_provider = "{{ consul_conf.connect.ca_provider }}" ca_config { {% for key in ['address', 'token', 'root_pki_path', 'intermediate_pki_path'] %} {% if consul_conf.connect.ca_config[key] is defined %} {{ key }} = "{{ consul_conf.connect.ca_config[key] }}" {% endif %} {% endfor %} {% if consul_conf.connect.ca_config.auth_method is defined %} auth_method { {% if consul_conf.connect.ca_config.auth_method.approle is defined %} type = "approle" params { {% for key in ['role_id', 'secret_id'] %} {{ key }} = "{{ consul_conf.connect.ca_config.auth_method.approle[key] }}" {% endfor %} } {% endif %} } {% endif %} } {% endif %} } {% endif %} acl { {% for key in ['enabled', 'enable_token_persistence'] %} {% if consul_conf.acl[key] is defined %} {{ key }} = {{ consul_conf.acl[key] | ternary('true', 'false') }} {% endif %} {% endfor %} default_policy = "{{ consul_conf.acl.default_policy }}" tokens { {% for key in ['initial_management', 'default', 'agent', 'agent_recovery', 'replication', 'config_file_service_registration'] %} {% if consul_conf.acl.tokens[key] is defined %} {{ key }} = "{{ consul_conf.acl.tokens[key] }}" {% endif %} {% endfor %} } } {% if consul_conf.tls.enabled %} {% if consul_conf.server %} # TLS settings tls { {% for section in ['defaults', 'grpc', 'https', 'internal_rpc'] %} {% if consul_conf.tls[section] is defined %} {{ section }} { {% for key in ['ca_file', 'ca_path', 'cert_file', 'key_file', 'tls_min_version', 'tls_cipher_suites'] %} {% if consul_conf.tls[section][key] is defined %} {{ key }} = "{{ consul_conf.tls[section][key] }}" {% endif %} {% endfor %} {% for key in ['verify_incoming', 'verify_outgoing', 'verify_server_hostname'] %} {% if consul_conf.tls[section][key] is defined %} {{ key }} = {{ consul_conf.tls[section][key] | ternary('true', 'false') }} {% endif %} {% endfor %} } {% endif %} {% endfor %} } # auto_encrypt, to distribute certificates from servers to clients auto_encrypt { allow_tls = true } {% else %} auto_encrypt { tls = true } {% endif %} {% endif %} limits { {% for key in ['http_max_conns_per_client'] %} {%- if consul_conf.limits[key] is defined %} {{ key }} = {{ consul_conf.limits[key] }} {%- endif %} {%- endfor %} }