From 0192e3f5a5c5e73b528254c4995818bc5788ea9b Mon Sep 17 00:00:00 2001
From: Bruno Mattarollo <bruno@southern-path.com>
Date: Tue, 28 Oct 2014 23:17:26 +1100
Subject: [PATCH] Add support for disabling remote exec

Taking a sensible secure approach and disabling the ability to run
remote exec commands as default
---
 defaults/main.yml        | 1 +
 templates/consul.json.j2 | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index ce3f7b4..4625a55 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -28,3 +28,4 @@ consul_datacenter: "default"
 consul_ui_require_auth: false
 consul_ui_auth_user_file: /etc/htpasswd/consul
 consul_enable_nginx_config: true
+consul_disable_remote_exec: true
diff --git a/templates/consul.json.j2 b/templates/consul.json.j2
index e8d1134..932196a 100644
--- a/templates/consul.json.j2
+++ b/templates/consul.json.j2
@@ -4,6 +4,9 @@
 {% endif %}
 {% if consul_join_at_start is defined and consul_join_at_start %}
   "start_join": {{ consul_servers|to_nice_json }},
+{% endif %}
+{% if consul_disable_remote_exec is defined and consul_disable_remote_exec %}
+  "disable_remote_exec": {{ "true" if consul_disable_remote_exec else "false" }},
 {% endif %}
   "domain": "{{ consul_domain }}",
   "data_dir": "{{ consul_home }}/data",