consul#
Purpose
Install Consul.
Configure Consul Service Mesh.
Configure Consul & Vault integration.
Role defaults#
Version of the consul package to install. Used to determine which archive to install according to the suffix, like in the official release repository. For example, valid values are: ‘1.16.4’, ‘1.17.0+ent’, ‘1.17.2+ent.fips1402’, etc.
hs_consul_version: "1.17.2"
Local paths#
Path to local directory containing secrets to be uploaded to nodes.
hs_consul_local_secrets_dir: "{{ hs_workspace_secrets_dir }}"
Path to local directory where to download Consul binary before upload.
hs_consul_local_cache_dir: "{{ hs_workspace_root }}"
[CONSUL ENTREPRISE] Path to local file containing the license.
hs_consul_local_license_file: ""
hs_consul_local_ca_cert: "{{ hs_workspace_secrets_dir }}/ca.cert.pem"
Path to local node certificate.
hs_consul_node_cert: "{{ hs_consul_local_secrets_dir }}/self.cert.pem"
Path to local node fullchain certificate.
hs_consul_node_cert_fullchain: "{{ hs_consul_local_secrets_dir }}/self.fullchain.cert.pem"
Path to local node certificate private key.
hs_consul_node_cert_private_key: "{{ hs_consul_local_secrets_dir }}/self.cert.key"
hs_consul_terraform_work_dir: >-
{{
hs_workspace_tf_modules_dir
| default(lookup('env', 'PWD') + '/terraform')
}}
hs_consul_datacenter_name: "{{ hs_workspace | default('datacenter1') }}"
hs_consul_node_name: "{{ inventory_hostname | regex_replace('_', '-') }}"
hs_consul_connect_token: ~
HTTPS listener
hs_consul_https_listen_ipv4: "0.0.0.0"
hs_consul_api_port: "8501"
GRPC listener
hs_consul_grpc_listen_ipv4: "0.0.0.0"
hs_consul_grpc_tls_port: "8503"
hs_consul_grpc_port: "8502"
hs_consul_prometheus_enabled: true
hs_consul_connect_root_pki_path: "consul_connect_pki_root"
hs_consul_connect_intermediate_pki_path: "consul_connect_pki_inter"
API address of the vault service
hs_consul_vault_address: "https://vault.{{ hs_consul_domain }}:8200"
hs_consul_domain: "{{ public_domain }}"
hs_consul_node_fqdn: "{{ hs_consul_node_name }}.{{ hs_consul_domain }}"
hs_consul_service_fqdn: "consul.{{ hs_consul_domain }}"
hs_consul_external_url: "https://{{ hs_consul_service_fqdn }}"
hs_consul_bootstrap_expect: "{{ groups[hs_consul_inventory_masters_group] | length }}"
hs_consul_advertise_addr: "{{ ansible_default_ipv4.address }}"
hs_consul_use_custom_ca: false
hs_consul_acl_default_policy: deny
hs_consul_acl_auto_encrypt_token: ~
Remote location of certificates files for Consul TLS endpoints.
hs_consul_self_private_key: "{{ __hs_consul_tls_dir }}/self.cert.key"
hs_consul_self_certificate: "{{ __hs_consul_tls_dir }}/self.fullchain.cert.pem"
hs_consul_ca_certificate: "{{ __hs_consul_certs_truststore_dir }}/consul.ca.crt"
hs_consul_vault_root_ca_certificate: "{{ __hs_consul_certs_truststore_dir }}/vault.root_ca.crt"
hs_consul_inventory_masters_group: "hashistack_masters"
hs_consul_inventory_minions_group: "hashistack_minions"