Ben Vincent
60834ced00
- add consul-cni package - enable grpc for consul servers - enable consul connect for consul servers - set recursors for consul - add ports to consul agent (grpc, dns, http for nomad) Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/314
99 lines
2.4 KiB
YAML
99 lines
2.4 KiB
YAML
---
|
|
profiles::consul::server::members_lookup: true
|
|
profiles::consul::server::data_dir: /data/consul
|
|
profiles::consul::server::addresses:
|
|
dns: "%{::networking.ip}"
|
|
http: "%{::networking.ip}"
|
|
https: "%{::networking.ip}"
|
|
grpc: "%{::networking.ip}"
|
|
grpc_tls: "%{::networking.ip}"
|
|
profiles::consul::server::ports:
|
|
grpc: 8502
|
|
dns: 8600
|
|
http: 8500
|
|
https: -1
|
|
profiles::consul::server::acl:
|
|
enabled: true
|
|
default_policy: 'deny'
|
|
down_policy: 'extend-cache'
|
|
tokens:
|
|
initial_management: "%{alias('profiles::consul::server::acl_tokens_initial_management')}"
|
|
default: "%{alias('profiles::consul::server::acl_tokens_default')}"
|
|
replication: "%{alias('profiles::consul::server::acl_tokens_replication')}"
|
|
|
|
# additional altnames
|
|
profiles::pki::vault::alt_names:
|
|
- consul.main.unkin.net
|
|
- consul.service.consul
|
|
- consul
|
|
|
|
# manage a simple nginx reverse proxy
|
|
profiles::nginx::simpleproxy::nginx_vhost: 'consul.service.consul'
|
|
profiles::nginx::simpleproxy::nginx_aliases:
|
|
- consul
|
|
- consul.main.unkin.net
|
|
profiles::nginx::simpleproxy::proxy_port: 8500
|
|
profiles::nginx::simpleproxy::proxy_path: '/'
|
|
|
|
profiles::consul::prepared_query::rules:
|
|
vault:
|
|
ensure: 'present'
|
|
service_name: 'vault'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
puppet:
|
|
ensure: 'present'
|
|
service_name: 'puppet'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
puppetca:
|
|
ensure: 'present'
|
|
service_name: 'puppetca'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
edgecache:
|
|
ensure: 'present'
|
|
service_name: 'edgecache'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
puppetdbapi:
|
|
ensure: 'present'
|
|
service_name: 'puppetdbapi'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
puppetboard:
|
|
ensure: 'present'
|
|
service_name: 'puppetboard'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
git:
|
|
ensure: 'present'
|
|
service_name: 'git'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
ntp:
|
|
ensure: 'present'
|
|
service_name: 'ntp'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
grafana:
|
|
ensure: 'present'
|
|
service_name: 'grafana'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|
|
droneci:
|
|
ensure: 'present'
|
|
service_name: 'droneci'
|
|
service_failover_n: 3
|
|
service_only_passing: true
|
|
ttl: 10
|