blob: 13bba8b144cb030cf17b0f0953aa61e728c110ee (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
---
# file: roles/consul/defaults/main.yaml
# Inst - Prerequisites.
packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
packages_base:
- "curl"
- "unzip"
packages_by_distro:
ubuntu:
- []
packages_by_arch:
aarch64:
- []
x86_64:
- []
# Inst - Consul Map.
consul_architecture_map:
amd64: "amd64"
x86_64: "amd64"
armv7l: "arm"
aarch64: "arm64"
32-bit: "386"
64-bit: "amd64"
consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
consul_version: "1.9.5"
consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
consul_force_update: false
# Inst - System paths.
consul_bin_dir: "/usr/local/bin"
consul_config_dir: "/etc/consul.d"
consul_data_dir: "/var/consul"
consul_inst_dir: "/opt"
consul_lockfile: "/var/lock/subsys/consul"
consul_run_dir: "/var/run/consul"
consul_ssl_dir: "/etc/consul.d/ssl"
# Conf - Service.
consul_node_role: "both"
consul_restart_handler_state: "restarted"
nomad_restart_handler_state: "restarted"
systemd_resolved_state: "stopped"
consul_service_mgr: ""
# Conf - User and group.
consul_group: "consul"
consul_group_state: "present"
consul_user: "consul"
consul_user_state: "present"
# Conf - base.hcl
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
consul_client_addr: "0.0.0.0"
consul_datacenter: "dc1"
consul_disable_update_check: true
consul_enable_debug: false
consul_enable_syslog: true
consul_log_level: "INFO"
consul_node_name: "{{ inventory_hostname }}"
consul_retry_join: true
consul_bootstrap_expect: 2
consul_encrypt: ""
consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
consul_verify_incoming: false
consul_verify_outgoing: false
consul_vefify_server_hostname: false
consul_allow_tls: false
consul_ui_config:
enabled: true
consul_recursors:
- 1.1.1.1
- 8.8.8.8
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
- src: "{{ file_consul_server_0_pem }}"
dest: "{{ consul_cert_file }}"
- src: "{{ file_consul_server_0_key_pem }}"
dest: "{{ consul_key_file }}"
# Conf - ports.hcl
consul_port_dns: 53
consul_port_http: 8500
consul_port_https: 8501
consul_port_grpc: 8502
consul_port_serf_lan: 8301
consul_port_serf_wan: 8302
consul_port_server: 8300
# Conf - services.json
consul_services: false
|
