# This is the configuration file for the etcd server.

# Human-readable name for this member.
{% if taskserv.etcd_name == "$hostname" %}
name: '{{server.hostname}}'
{%- else %}
name: '{{taskserv.etcd_name}}'
{%- endif %}

# Path to the data directory.
data-dir: {{taskserv.data_dir}} 
#/var/lib/etcd

# Path to the dedicated wal directory.
wal-dir:

# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000

# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100

# Time (in milliseconds) for an election to timeout.
election-timeout: 1000

# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0

{% set str_peer_port = "" ~ taskserv.peer_port %}
{% set str_cli_port = "" ~ taskserv.cli_port %}
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: "{%- if taskserv.listen_peers is containing("$network_private_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.listen_peers | replace(from="$servers:$network_private_ip",to=server.network_private_ip) | replace(from="$peer_port", to=str_peer_port)}}
{%- elif taskserv.listen_peers is containing("$network_public_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.listen_peers | replace(from="$servers:$network_public_ip",to=server.ip_addresses.pub) | replace(from="$peer_port", to=str_peer_port)}}
{%- else -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.listen_peers | replace(from="$servers",to=server.hostname) | replace(from="$peer_port", to=str_peer_port)}}
{%- endif %}"

# List of comma separated URLs to listen on for client traffic.

listen-client-urls: "{%- if taskserv.listen_clients is containing("$network_private_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.listen_clients | replace(from="$servers:$network_private_ip",to=server.network_private_ip) | replace(from="$cli_port", to=str_cli_port)}}
{%- elif taskserv.listen_clients is containing("$network_public_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.listen_clients | replace(from="$servers:$network_public_ip",to=server.ip_addresses.pub) | replace(from="$cli_port", to=str_cli_port)}}
{%- else -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.listen_clients | replace(from="$servers",to=server.hostname) | replace(from="$cli_port", to=str_cli_port)}}
{%- endif %}"

# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5

# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5

# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:

# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.

initial-advertise-peer-urls: "{%- if taskserv.adv_listen_peers is containing("$network_private_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.adv_listen_peers | replace(from="$servers:$network_private_ip",to=server.network_private_ip) | replace(from="$peer_port", to=str_peer_port)}}
{%- elif taskserv.adv_listen_peers is containing("$network_public_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.adv_listen_peers | replace(from="$servers:$network_public_ip",to=server.ip_addresses.pub) | replace(from="$peer_port", to=str_peer_port)}}
{%- else -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.adv_listen_peers | replace(from="$servers",to=server.hostname) | replace(from="$peer_port", to=str_peer_port)}}
{%- endif %}"

# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: "{%- if taskserv.adv_listen_clients is containing("$network_private_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.adv_listen_clients | replace(from="$servers:$network_private_ip",to=server.network_private_ip) | replace(from="$cli_port", to=str_cli_port)}}
{%- elif taskserv.adv_listen_clients is containing("$network_public_ip") -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.adv_listen_clients | replace(from="$servers:$network_public_ip",to=settings[loop.index0].ip_addresses.pub) | replace(from="$cli_port", to=str_cli_port)}}
{%- else -%}
  {{taskserv.etcd_protocol}}://{{ taskserv.adv_listen_clients | replace(from="$servers",to=server.hostname) | replace(from="$cli_port", to=str_cli_port)}}
{%- endif %}"

# Discovery URL used to bootstrap the cluster.
discovery: {{discovery_url | default(value="")}}

# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'

# HTTP proxy to use for traffic to discovery service.
discovery-proxy:

# DNS domain used to bootstrap initial cluster.
discovery-srv: {{taskserv.discovery_srv | default(value="")}}

# Initial cluster configuration for bootstrapping.
initial-cluster: "{%- if taskserv.initial_peers is starting_with("$servers") -%}
  {%- for srv in defs.servers %} 
    {%- set srv_index = loop.index -%}
    {%- for task in srv.taskservs -%}
      {%- if task.name != "etcd" -%}{% continue %}{% endif %}
      {%- if srv_index > 1 -%},{%- endif -%}
      {%- if taskserv.initial_peers is containing("$network_private_ip") -%}
      {{ srv.hostname }}={{taskserv.etcd_protocol}}://{{ taskserv.initial_peers | replace(from="$servers:$network_private_ip",to=srv.network_private_ip) | replace(from="$peer_port", to=str_peer_port)}}
      {%- elif task.initial_peers is containing("$network_public_ip") -%}
      {{ srv.hostname }}={{taskserv.etcd_protocol}}://{{ taskserv.initial_peers | replace(from="$servers:$network_public_ip",to=settings[loop.index0].ip_addresses.pub) | replace(from="$peer_port", to=str_peer_port)}}
      {%- else -%}
        {%- set full_hostname = srv.hostname ~ "." ~ taskserv.domain_name -%}
      {{ srv.hostname }}={{taskserv.etcd_protocol}}://{{ taskserv.initial_peers | replace(from="$servers",to=full_hostname) | replace(from="$peer_port", to=str_peer_port)}}
      {%- endif -%}
      {% break %}
    {%- endfor -%}
  {%- endfor -%}
{%- else -%}
  {{taskserv.cluster_list}}
{%- endif -%}"
{# {%- endif %} #}

# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-{{taskserv.cluster_name}}-cluster'

# Initial cluster state ('new' or 'existing').
#initial-cluster-state: {% if pos.server == 0 %} 'new' {% else %} 'existing'{% endif %}
initial-cluster-state: new

# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false

# Enable runtime profiling data via HTTP server
enable-pprof: true

# Valid values include 'on', 'readonly', 'off'
proxy: 'off'

# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000

# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000

# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000

# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000

# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0

{% if taskserv.ssl_mode != "" -%}
client-transport-security:
  # Path to the client server TLS cert file.
  cert-file: {{taskserv.certs_path}}/{{taskserv.cluster_name}}.crt

  # Path to the client server TLS key file.
  key-file: {{taskserv.certs_path}}/{{taskserv.cluster_name}}.key

  # Enable client cert authentication.
  client-cert-auth: false

  # Path to the client server TLS trusted CA cert file.
  trusted-ca-file: {{taskserv.certs_path}}/ca.crt

  # Client TLS using generated certificates
  auto-tls: false

peer-transport-security:
  {% if taskserv.hostname == "$hostname" %}
  # Path to the peer server TLS cert file.
  cert-file: {{taskserv.certs_path}}/{{server.hostname}}.crt
  # Path to the peer server TLS key file.
  key-file: {{taskserv.certs_path}}/{{server.hostname}}.key
  {%- else %}
  name: '{{taskserv.hostname}}'
  # Path to the peer server TLS cert file.
  cert-file: {{taskserv.certs_path}}/{{hostname}}.crt
  # Path to the peer server TLS key file.
  key-file: {{taskserv.certs_path}}/{{hostname}}.key
  {%- endif %}

  # Enable peer client cert authentication.
  client-cert-auth: false

  # Path to the peer server TLS trusted CA cert file.
  trusted-ca-file: {{taskserv.certs_path}}/ca.crt

  # Peer TLS using generated certificates.
  auto-tls: false

   # Allowed CN for inter peer authentication.
  allowed-cn:

  # Allowed TLS hostname for inter peer authentication.
  allowed-hostname:

  # The validity period of the self-signed certificate, the unit is year.
  self-signed-cert-validity: 1

{%- endif %}

# Enable debug-level logging for etcd.
debug: false

logger: zap

# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: ['{{taskserv.log_out| default(value="stdout")}}']
log-level: '{{taskserv.log_level | default(value="warn")}}'

# Force to create a new one member cluster.
force-new-cluster: false

auto-compaction-mode: periodic
auto-compaction-retention: "1"

# Limit etcd to a specific set of tls cipher suites
cipher-suites: [
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
]