cdist−type__consul_agent − Manage the consul agent
Configure and manage the consul agent.
None.
acl−datacenter
only used by servers. This designates the datacenter which is authoritative for ACL information.
acl−default−policy
either "allow" or "deny"; defaults to "allow". The default policy controls the behavior of a token when there is no matching rule.
acl−down−policy
either "allow", "deny" or "extend−cache"; "extend−cache" is the default.
acl−master−token
only used for servers in the acl_datacenter. This token will be created with management−level permissions if it does not exist. It allows operators to bootstrap the ACL system with a token ID that is well−known.
acl−token
when provided, the agent will use this token when making requests to the Consul servers.
acl−ttl
used to control Time−To−Live caching of ACLs.
bind−addr
sets the bind address for cluster communication
bootstrap−expect
sets server to expect bootstrap mode
ca−file−source
path to a PEM encoded certificate authority file which will be uploaded and configure using the ca_file config option.
cert−file−source
path to a PEM encoded certificate file which will be uploaded and configure using the cert_file config option.
client−addr
sets the address to bind for client access
datacenter
datacenter of the agent
encrypt
provides the gossip encryption key
group |
the primary group for the agent |
json−config
path to a partial json config file without leading { and trailing }. If json−config is '−' (dash), take what was written to stdin as the file content.
key−file−source
path to a PEM encoded private key file which will be uploaded and configure using the key_file config option.
node−name
name of this node. Must be unique in the cluster
retry−join
address to attempt joining every retry_interval until at least one join works. Can be specified multiple times.
user |
the user to run the agent as |
||
state |
if the agent is 'present' or 'absent'. Defaults to 'present'. Currently state=absent is not working due to some dependency issues. |
disable−remote−exec
disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
disable−update−check
disables automatic checking for security bulletins and new version releases
leave−on−terminate
gracefully leave cluster on SIGTERM
rejoin−after−leave
rejoin the cluster using the previous state after leaving
server |
used to control if an agent is in server or client mode |
enable−syslog
enables logging to syslog
verify−incoming
enforce the use of TLS and verify a client's authenticity on incoming connections
verify−outgoing
enforce the use of TLS and verify the peers authenticity on outgoing connections
# configure as server, bootstrap and rejoin hostname="$(cat "$__global/explorer/hostname")" __consul_agent \ −−datacenter dc1 \ −−node−name "${hostname%%.*}" \ −−disable−update−check \ −−server \ −−rejoin−after−leave \ −−bootstrap−expect 3 \ −−retry−join consul−01 \ −−retry−join consul−02 \ −−retry−join consul−03 # configure as server, bootstrap and rejoin with ssl support hostname="$(cat "$__global/explorer/hostname")" __consul_agent \ −−datacenter dc1 \ −−node−name "${hostname%%.*}" \ −−disable−update−check \ −−server \ −−rejoin−after−leave \ −−bootstrap−expect 3 \ −−retry−join consul−01 \ −−retry−join consul−02 \ −−retry−join consul−03 \ −−ca−file−source /path/to/ca.pem \ −−cert−file−source /path/to/cert.pem \ −−key−file−source /path/to/key.pem \ −−verify−incoming \ −−verify−outgoing # configure as client and try joining existing cluster __consul_agent \ −−datacenter dc1 \ −−node−name "${hostname%%.*}" \ −−disable−update−check \ −−retry−join consul−01 \ −−retry−join consul−02 \ −−retry−join consul−03
consul documentation at: <- http://www.consul.io/docs/agent/options.html>.
Steven Armstrong <steven−cdist−−@−−armstrong.cc>
Copyright (C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.