153 lines
4.0 KiB
Django/Jinja
153 lines
4.0 KiB
Django/Jinja
data_dir = "{{ consul_root_dir }}/data"
|
|
bind_addr = "0.0.0.0"
|
|
client_addr = "0.0.0.0"
|
|
|
|
advertise_addr = "{{ consul_conf.advertise_addr }}"
|
|
|
|
{% if consul_conf.datacenter is defined %}
|
|
datacenter = "{{ consul_conf.datacenter }}"
|
|
{% endif %}
|
|
|
|
{% if consul_conf.primary_datacenter is defined %}
|
|
primary_datacenter = "{{ consul_conf.primary_datacenter }}"
|
|
{% endif %}
|
|
|
|
{% if consul_conf.node_name is defined %}
|
|
node_name = {{ consul_conf.node_name }}
|
|
{% endif %}
|
|
|
|
ports {
|
|
{% for service in consul_services.keys() | list %}
|
|
{% if service not in ['sidecar', 'expose'] and consul_services[service].port is defined %}
|
|
{{ service }} = {{ consul_services[service].port }}
|
|
{% elif service in ['sidecar', 'expose'] %}
|
|
{{ service }}_min_port = {{ consul_services[service].port | split(':') | first }}
|
|
{{ service }}_max_port = {{ consul_services[service].port | split(':') | last }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
}
|
|
|
|
retry_join = [
|
|
{% for server in consul_servers %}
|
|
"{{ server }}",
|
|
{% endfor %}
|
|
]
|
|
|
|
{% if consul_conf.server %}
|
|
server = true
|
|
bootstrap_expect = {{ consul_conf.bootstrap_expect }}
|
|
performance {
|
|
raft_multiplier = {{ consul_conf.performance.raft_multiplier }}
|
|
}
|
|
{% endif %}
|
|
|
|
{% if consul_conf.encrypt is defined %}
|
|
encrypt = "{{ consul_conf.encrypt }}"
|
|
{% endif %}
|
|
|
|
ui_config {
|
|
enabled = {{ consul_conf.ui_config.enabled | ternary('true', 'false') }}
|
|
}
|
|
|
|
recursors = [
|
|
{% for dns in consul_conf.recursors %}
|
|
"{{ dns }}",
|
|
{% endfor %}
|
|
]
|
|
|
|
{% if consul_conf.domain is defined %}
|
|
domain = "{{ consul_conf.domain }}"
|
|
{% endif %}
|
|
{% if consul_conf.alt_domain is defined %}
|
|
alt_domain = "{{ consul_conf.alt_domain }}"
|
|
{% endif %}
|
|
|
|
telemetry {
|
|
prometheus_retention_time = "{{ consul_conf.telemetry.prometheus_retention_time }}"
|
|
}
|
|
|
|
{% if consul_conf.connect.enabled %}
|
|
connect {
|
|
enabled = true
|
|
{% if consul_conf.connect.ca_provider is defined %}
|
|
ca_provider = "{{ consul_conf.connect.ca_provider }}"
|
|
ca_config {
|
|
{% for key in ['address', 'token', 'root_pki_path', 'intermediate_pki_path'] %}
|
|
{% if consul_conf.connect.ca_config[key] is defined %}
|
|
{{ key }} = "{{ consul_conf.connect.ca_config[key] }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% if consul_conf.connect.ca_config.auth_method is defined %}
|
|
auth_method {
|
|
{% if consul_conf.connect.ca_config.auth_method.approle is defined %}
|
|
type = "approle"
|
|
params {
|
|
{% for key in ['role_id', 'secret_id'] %}
|
|
{{ key }} = "{{ consul_conf.connect.ca_config.auth_method.approle[key] }}"
|
|
{% endfor %}
|
|
}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
|
|
acl {
|
|
{% for key in ['enabled', 'enable_token_persistence'] %}
|
|
{% if consul_conf.acl[key] is defined %}
|
|
{{ key }} = {{ consul_conf.acl[key] | ternary('true', 'false') }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
default_policy = "{{ consul_conf.acl.default_policy }}"
|
|
tokens {
|
|
{% for key in ['initial_management', 'default', 'agent', 'agent_recovery', 'replication', 'config_file_service_registration'] %}
|
|
{% if consul_conf.acl.tokens[key] is defined %}
|
|
{{ key }} = "{{ consul_conf.acl.tokens[key] }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
}
|
|
}
|
|
|
|
{% if consul_conf.tls.enabled %}
|
|
{% if consul_conf.server %}
|
|
# TLS settings
|
|
tls {
|
|
{% for section in ['defaults', 'grpc', 'https', 'internal_rpc'] %}
|
|
{% if consul_conf.tls[section] is defined %}
|
|
{{ section }} {
|
|
{% for key in ['ca_file', 'ca_path', 'cert_file', 'key_file', 'tls_min_version', 'tls_cipher_suites'] %}
|
|
{% if consul_conf.tls[section][key] is defined %}
|
|
{{ key }} = "{{ consul_conf.tls[section][key] }}"
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% for key in ['verify_incoming', 'verify_outgoing', 'verify_server_hostname'] %}
|
|
{% if consul_conf.tls[section][key] is defined %}
|
|
{{ key }} = {{ consul_conf.tls[section][key] | ternary('true', 'false') }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
}
|
|
{% endif %}
|
|
{% endfor %}
|
|
}
|
|
|
|
# auto_encrypt, to distribute certificates from servers to clients
|
|
auto_encrypt {
|
|
allow_tls = true
|
|
}
|
|
{% else %}
|
|
auto_encrypt {
|
|
tls = true
|
|
}
|
|
{% endif %}
|
|
{% endif %}
|
|
|
|
limits {
|
|
{% for key in ['http_max_conns_per_client'] %}
|
|
{%- if consul_conf.limits[key] is defined %}
|
|
{{ key }} = {{ consul_conf.limits[key] }}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
}
|