initial upload

roles/consul/templates/etc_consul.d_00-base_config.hcl.j2

@@ -0,0 +1,83 @@
+# {{ ansible_managed }}
+
+# Logging
+enable_syslog = true
+log_level = "INFO"
+disable_update_check = true
+
+# Basics
+data_dir = "{{ consul_data_dir }}"
+datacenter = "{{ datacenter_id }}"
+server = {{ 'false' if consul_server else 'true' }}
+ui = true
+
+# Network
+{% if consul_bootstrap_expect > 0 %}
+encrypt = "{{ consul_encrypt_key }}"
+{% endif %}
+client_addr = "{{ consul_client_addr }}"
+bind_addr = "{{ network_private_ip }}"
+advertise_addr = "{{ network_private_ip }}"
+retry_join = [
+{% for peer in consul_servers if peer != ansible_hostname and hostvars[peer].datacenter_id == datacenter_id %}
+    "{{ hostvars[peer].network_private_ip }}"{{ ',' if not loop.last else '' }}
+{% endfor %}
+]
+{% if consul_server %}
+{%   if consul_bootstrap_expect > 0 %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+{%   endif %}
+rejoin_after_leave = true
+retry_join_wan = [
+{%   for peer in consul_servers if hostvars[peer].datacenter_id != datacenter_id %}
+   "{{ hostvars[peer].network_private_ip }}"{{ ',' if not loop.last else '' }}
+{%   endfor %}
+]
+{% endif %}
+
+# TLS
+#ports {
+#  https = 8501
+#}
+#key_file = "/etc/letsencrypt/live/{{ ansible_hostname }}.maruntiel.net/privkey1.pem"
+#cert_file = "/etc/letsencrypt/live/{{ ansible_hostname }}.maruntiel.net/fullchain1.pem"
+#ca_file = "/etc/letsencrypt/live/{{ ansible_hostname }}.maruntiel.net/chain1.pem"
+#verify_incoming = true
+#verify_outgoing = true
+#tls_min_version = "tls12"
+
+# Features
+enable_script_checks = true
+disable_remote_exec = true
+
+# ACLs
+#{% if consul_acl_datacenter is defined and consul_acl_datacenter %}
+#acl_datacenter = "{{ consul_acl_datacenter }}"
+#acl_default_policy = "deny"
+#acl_down_policy = "extend-cache"
+#acl_agent_token = "{{ consul_acl_agent_token }}"
+#acl_token = "{{ consul_acl_token }}"
+#{%   if datacenter_id != consul_acl_datacenter %}
+#acl_replication_token = "{{ consul_acl_replication_token | default(consul_acl_master_token) }}"
+#{%   endif %}
+#{% endif %}
+
+# DNS
+dns_config {
+  node_ttl = "60s"
+  service_ttl {
+    "*" = "15s"
+  }
+}
+
+# Metadata
+node_meta {
+  architecture = "{{ ansible_userspace_architecture }}"
+  product_name = "{{ ansible_system_vendor|replace(' Inc.', '') }} {{ ansible_product_name }}"
+  virtualization_role = "{{ ansible_virtualization_role }}"
+}
+
+# Consul Stats
+telemetry {
+  disable_hostname = true
+}