--- # Version of consul to deploy consul_version: 1.12.3 # URL from where the consul archive will be downloaded consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip # Expected sha256 of the archive consul_archive_sha256: 620a47cfba34bdf918b4c3238d22f6318b29403888cfd927c6006a4ac1b1c9f6 # user account under which consul will run (will be created if needed) consul_user: consul # Root directory where consul will be installed consul_root_dir: /opt/consul # List of consul servers name or IP consul_servers: [] # Consul configuration (which will be converted to JSON) # The configuration is splited in a base conf and an extra conf, so you can override part of the config easily consul_base_conf: client_addr: 0.0.0.0 log_level: INFO bind_addr: 0.0.0.0 # Recursive DNS resolver to which non authoritative queries will be sent recursors: "{{ ansible_dns.nameservers }}" # Domain handled by consul, on which services will be published # All queries in this domain are assumed to be handled by Consul and will not be recursively resolved # domain: consul. # An optional alternative domain # alt_domain: consul.example.org. # Address that is advertised to the other nodes advertise_addr: "{{ ansible_default_ipv4.address }}" # You can also advertise the WAN addr # advertise_addr_wan: x.x.x.x # You can define the datacenter in which this agent is running. The default value is dc1 # datacenter: dc1 # Node name, which should be uniq in the region. Default is the hostname # node_name: nomade-fr-zone-c # Arbitrary metadata # node_meta: # instance_type: t2.medium # env: staging node_meta: {} # Optional encryption key for the gossip protocol # You can generate one with cinsul keygen. The key should be the same on all the members # encrypt: WSnGbK30nI6K/xk9w+AAtk0Y3RMXKoAlsj4VEICqi0I= retry_join: "{{ consul_servers }}" bootstrap_expect: "{{ consul_servers | length }}" server: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" ui_config: enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" performance: raft_multiplier: 1 telemetry: prometheus_retention_time: 1h connect: enabled: False consul_extra_conf: {} consul_host_conf: {} consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}" # For example # consul_extra_conf: # datacenter: my-dc # domain: dev.example.org # encrypt: WSnGbK30nI6K/xk9w+AAtk0Y3RMXKoAlsj4VEICqi0I= # ui_config: # enabled: False # List of services exposed by consul, the ports they use, and the list of IP # for which the service is accessible at the firewall level (if iptables_manage == True) consul_base_services: dns: port: 8600 src_ip: [] proto: [tcp,udp] http: port: 8500 src_ip: [] proto: [tcp] https: port: 8501 src_ip: [] proto: [tcp] grpc: port: 8502 src_ip: [] proto: [tcp] serf_lan: port: 8301 src_ip: [] proto: [tcp,udp] serf_wan: port: 8302 src_ip: [] proto: [tcp,udp] server: port: 8300 src_ip: [] proto: [tcp] sidecar: port: 21000:21255 src_ip: [] proto: [tcp] expose: port: 21500:21755 src_ip: [] proto: [tcp] consul_extra_services: {} consul_host_services: {} consul_services: "{{ consul_base_services | combine(consul_extra_services, recursive=True) | combine(consul_host_services, recursive=True) }}"