# This is the configuration file for the etcd server.

# Human-readable name for this member.
name: {{ unit_name }}

# Enable API v2 support for flannel and
# certain charm executions.
enable-v2: true

# Path to the data directory.
data-dir: {{ etcd_data_dir }}

{% if wal_path %}
# Path to the dedicated wal directory.
wal-dir: {{ etcd_data_dir }}
{% endif %}
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000

# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100

# Time (in milliseconds) for an election to timeout.
election-timeout: 1000

# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0

# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: https://{{ cluster_bind_address }}:{{ management_port}}
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://127.0.0.1:4001,https://{{ db_bind_address }}:{{ port }}

# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5

# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5

# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors: 

# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: https://{{ cluster_address }}:{{ management_port }}

# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: https://{{ db_address }}:{{ port }}

# Discovery URL used to bootstrap the cluster.
discovery: 

# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'

# HTTP proxy to use for traffic to discovery service.
discovery-proxy: 

# DNS domain used to bootstrap initial cluster.
discovery-srv: 

# Initial cluster configuration for bootstrapping.
initial-cluster: {{ cluster }}

# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: '{{ token }}'

# Initial cluster state ('new' or 'existing').
initial-cluster-state: {{ cluster_state }}

# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: true

# Valid values include 'on', 'readonly', 'off'
proxy: 'off'

# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000

# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000

# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000

# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000

# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0

client-transport-security: 
  # DEPRECATED: Path to the client server TLS CA file.
  # ca-file:  {{ ca_certificate }}

  # Path to the client server TLS cert file.
  cert-file: {{ server_certificate }}

  # Path to the client server TLS key file.
  key-file:  {{ server_key }}

  # Enable client cert authentication.
  client-cert-auth: true

  # Path to the client server TLS trusted CA key file.
  trusted-ca-file: {{ ca_certificate }} 

  # Client TLS using generated certificates
  auto-tls: false

peer-transport-security: 
  # DEPRECATED: Path to the peer server TLS CA file.
  # ca-file: {{ ca_certificate }}

  # Path to the peer server TLS cert file.
  cert-file: {{ server_certificate }}

  # Path to the peer server TLS key file.
  key-file: {{ server_key }}

  # Enable peer client cert authentication.
  client-cert-auth: true

  # Path to the peer server TLS trusted CA key file.
  trusted-ca-file: {{ ca_certificate }}

  # Peer TLS using generated certificates.
  auto-tls: false

# Enable debug-level logging for etcd.
debug: false

{% if loglevel %}
# Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG'.
log-package-levels: 
{% endif %}

# Force to create a new one member cluster.
force-new-cluster: false