cdist-type__consul_agent(7)
cdist-type__consul_agent - manage the consul agent
Configure and manage the consul agent.
-
acl-datacenter
-
only used by servers. This designates the datacenter which is authoritative
for ACL information.
-
acl-default-policy
-
either "allow" or "deny"; defaults to "allow". The default policy controls the
behavior of a token when there is no matching rule.
-
acl-down-policy
-
either "allow", "deny" or "extend-cache"; "extend-cache" is the default.
-
acl-master-token
-
only used for servers in the acl_datacenter. This token will be created with
management-level permissions if it does not exist. It allows operators to
bootstrap the ACL system with a token ID that is well-known.
-
acl-token
-
when provided, the agent will use this token when making requests to the
Consul servers.
-
acl-ttl
-
used to control Time-To-Live caching of ACLs.
-
bind-addr
-
sets the bind address for cluster communication
-
bootstrap-expect
-
sets server to expect bootstrap mode
-
ca-file-source
-
path to a PEM encoded certificate authority file which will be uploaded and
configure using the ca_file config option.
-
cert-file-source
-
path to a PEM encoded certificate file which will be uploaded and
configure using the cert_file config option.
-
client-addr
-
sets the address to bind for client access
-
datacenter
-
datacenter of the agent
-
encrypt
-
provides the gossip encryption key
-
group
-
the primary group for the agent
-
json-config
-
path to a partial json config file without leading { and trailing }.
If json-config is - (dash), take what was written to stdin as the file content.
-
key-file-source
-
path to a PEM encoded private key file which will be uploaded and
configure using the key_file config option.
-
node-name
-
name of this node. Must be unique in the cluster
-
retry-join
-
address to attempt joining every retry_interval until at least one join works.
Can be specified multiple times.
-
user
-
the user to run the agent as
-
state
-
if the agent is present or absent. Defaults to present.
Currently state=absent is not working due to some dependency issues.
-
disable-remote-exec
-
disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
-
disable-update-check
-
disables automatic checking for security bulletins and new version releases
-
leave-on-terminate
-
gracefully leave cluster on SIGTERM
-
rejoin-after-leave
-
rejoin the cluster using the previous state after leaving
-
server
-
used to control if an agent is in server or client mode
-
syslog
-
enables logging to syslog
-
verify-incoming
-
enforce the use of TLS and verify a client’s authenticity on incomming connections
-
verify-outgoing
-
enforce the use of TLS and verify the peers authenticity on outgoing connections
# configure as server, bootstrap and rejoin
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
# configure as server, bootstrap and rejoin with ssl support
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03 \
--ca-file-source /path/to/ca.pem \
--cert-file-source /path/to/cert.pem \
--key-file-source /path/to/key.pem \
--verify-incoming \
--verify-outgoing
# configure as client and try joining existing cluster
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
Copyright (C) 2015 Steven Armstrong. Free use of this software is
granted under the terms of the GNU General Public License version 3 (GPLv3).