2015-02-24 12:10:17 +00:00
|
|
|
cdist-type__consul_agent(7)
|
|
|
|
===========================
|
|
|
|
|
2016-06-23 14:08:59 +00:00
|
|
|
NAME
|
|
|
|
----
|
|
|
|
cdist-type__consul_agent - Manage the consul agent
|
2015-02-24 12:10:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
DESCRIPTION
|
|
|
|
-----------
|
|
|
|
Configure and manage the consul agent.
|
|
|
|
|
|
|
|
|
|
|
|
REQUIRED PARAMETERS
|
|
|
|
-------------------
|
|
|
|
None.
|
|
|
|
|
|
|
|
|
|
|
|
OPTIONAL PARAMETERS
|
|
|
|
-------------------
|
2016-05-20 06:50:56 +00:00
|
|
|
acl-datacenter
|
2015-03-05 15:39:14 +00:00
|
|
|
only used by servers. This designates the datacenter which is authoritative
|
|
|
|
for ACL information.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
acl-default-policy
|
2015-03-05 15:39:14 +00:00
|
|
|
either "allow" or "deny"; defaults to "allow". The default policy controls the
|
|
|
|
behavior of a token when there is no matching rule.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
acl-down-policy
|
2015-03-05 15:39:14 +00:00
|
|
|
either "allow", "deny" or "extend-cache"; "extend-cache" is the default.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
acl-master-token
|
2015-03-05 15:39:14 +00:00
|
|
|
only used for servers in the acl_datacenter. This token will be created with
|
|
|
|
management-level permissions if it does not exist. It allows operators to
|
|
|
|
bootstrap the ACL system with a token ID that is well-known.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
acl-token
|
2015-03-05 15:39:14 +00:00
|
|
|
when provided, the agent will use this token when making requests to the
|
|
|
|
Consul servers.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
acl-ttl
|
2015-03-05 15:39:14 +00:00
|
|
|
used to control Time-To-Live caching of ACLs.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
bind-addr
|
2015-02-24 12:10:17 +00:00
|
|
|
sets the bind address for cluster communication
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
bootstrap-expect
|
2015-02-24 12:10:17 +00:00
|
|
|
sets server to expect bootstrap mode
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
ca-file-source
|
2015-02-24 12:10:17 +00:00
|
|
|
path to a PEM encoded certificate authority file which will be uploaded and
|
|
|
|
configure using the ca_file config option.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
cert-file-source
|
2015-02-24 12:10:17 +00:00
|
|
|
path to a PEM encoded certificate file which will be uploaded and
|
|
|
|
configure using the cert_file config option.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
client-addr
|
2015-02-24 12:10:17 +00:00
|
|
|
sets the address to bind for client access
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
datacenter
|
2015-02-24 12:10:17 +00:00
|
|
|
datacenter of the agent
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
encrypt
|
2015-02-24 12:10:17 +00:00
|
|
|
provides the gossip encryption key
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
group
|
2015-02-24 12:10:17 +00:00
|
|
|
the primary group for the agent
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
json-config
|
2015-02-24 12:10:17 +00:00
|
|
|
path to a partial json config file without leading { and trailing }.
|
|
|
|
If json-config is '-' (dash), take what was written to stdin as the file content.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
key-file-source
|
2015-02-24 12:10:17 +00:00
|
|
|
path to a PEM encoded private key file which will be uploaded and
|
|
|
|
configure using the key_file config option.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
node-name
|
2015-02-24 12:10:17 +00:00
|
|
|
name of this node. Must be unique in the cluster
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
retry-join
|
2015-02-24 12:10:17 +00:00
|
|
|
address to attempt joining every retry_interval until at least one join works.
|
|
|
|
Can be specified multiple times.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
user
|
2015-02-24 12:10:17 +00:00
|
|
|
the user to run the agent as
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
state
|
2015-02-24 12:10:17 +00:00
|
|
|
if the agent is 'present' or 'absent'. Defaults to 'present'.
|
|
|
|
Currently state=absent is not working due to some dependency issues.
|
|
|
|
|
|
|
|
|
|
|
|
BOOLEAN PARAMETERS
|
|
|
|
------------------
|
2016-05-20 06:50:56 +00:00
|
|
|
disable-remote-exec
|
2015-02-24 12:10:17 +00:00
|
|
|
disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
disable-update-check
|
2015-02-24 12:10:17 +00:00
|
|
|
disables automatic checking for security bulletins and new version releases
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
leave-on-terminate
|
2015-02-24 12:10:17 +00:00
|
|
|
gracefully leave cluster on SIGTERM
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
rejoin-after-leave
|
2015-02-24 12:10:17 +00:00
|
|
|
rejoin the cluster using the previous state after leaving
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
server
|
2015-02-24 12:10:17 +00:00
|
|
|
used to control if an agent is in server or client mode
|
2016-05-20 06:50:56 +00:00
|
|
|
|
2016-10-05 21:22:36 +00:00
|
|
|
enable-syslog
|
2015-02-24 12:10:17 +00:00
|
|
|
enables logging to syslog
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
verify-incoming
|
2016-07-18 17:43:26 +00:00
|
|
|
enforce the use of TLS and verify a client's authenticity on incoming connections
|
2016-05-20 06:50:56 +00:00
|
|
|
|
|
|
|
verify-outgoing
|
2015-02-24 12:10:17 +00:00
|
|
|
enforce the use of TLS and verify the peers authenticity on outgoing connections
|
|
|
|
|
|
|
|
|
|
|
|
EXAMPLES
|
|
|
|
--------
|
|
|
|
|
2016-05-20 06:50:56 +00:00
|
|
|
.. code-block:: sh
|
|
|
|
|
|
|
|
# configure as server, bootstrap and rejoin
|
|
|
|
hostname="$(cat "$__global/explorer/hostname")"
|
|
|
|
__consul_agent \
|
|
|
|
--datacenter dc1 \
|
|
|
|
--node-name "${hostname%%.*}" \
|
|
|
|
--disable-update-check \
|
|
|
|
--server \
|
|
|
|
--rejoin-after-leave \
|
|
|
|
--bootstrap-expect 3 \
|
|
|
|
--retry-join consul-01 \
|
|
|
|
--retry-join consul-02 \
|
|
|
|
--retry-join consul-03
|
|
|
|
|
|
|
|
# configure as server, bootstrap and rejoin with ssl support
|
|
|
|
hostname="$(cat "$__global/explorer/hostname")"
|
|
|
|
__consul_agent \
|
|
|
|
--datacenter dc1 \
|
|
|
|
--node-name "${hostname%%.*}" \
|
|
|
|
--disable-update-check \
|
|
|
|
--server \
|
|
|
|
--rejoin-after-leave \
|
|
|
|
--bootstrap-expect 3 \
|
|
|
|
--retry-join consul-01 \
|
|
|
|
--retry-join consul-02 \
|
|
|
|
--retry-join consul-03 \
|
|
|
|
--ca-file-source /path/to/ca.pem \
|
|
|
|
--cert-file-source /path/to/cert.pem \
|
|
|
|
--key-file-source /path/to/key.pem \
|
|
|
|
--verify-incoming \
|
|
|
|
--verify-outgoing
|
|
|
|
|
|
|
|
# configure as client and try joining existing cluster
|
|
|
|
__consul_agent \
|
|
|
|
--datacenter dc1 \
|
|
|
|
--node-name "${hostname%%.*}" \
|
|
|
|
--disable-update-check \
|
|
|
|
--retry-join consul-01 \
|
|
|
|
--retry-join consul-02 \
|
|
|
|
--retry-join consul-03
|
2015-02-24 12:10:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
SEE ALSO
|
|
|
|
--------
|
2016-06-30 10:09:07 +00:00
|
|
|
consul documentation at: <http://www.consul.io/docs/agent/options.html>.
|
2016-06-17 19:28:16 +00:00
|
|
|
|
|
|
|
|
|
|
|
AUTHORS
|
|
|
|
-------
|
|
|
|
Steven Armstrong <steven-cdist--@--armstrong.cc>
|
2015-02-24 12:10:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
COPYING
|
|
|
|
-------
|
2016-08-10 16:15:54 +00:00
|
|
|
Copyright \(C) 2015 Steven Armstrong. You can redistribute it
|
|
|
|
and/or modify it under the terms of the GNU General Public License as
|
|
|
|
published by the Free Software Foundation, either version 3 of the
|
|
|
|
License, or (at your option) any later version.
|