docs: specify manual server metadata intervention (#18483)

This commit is contained in:
Dan Bond 2023-08-16 10:37:53 -07:00 committed by GitHub
parent 9bd47ee5f6
commit 3ee89050e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions

View File

@ -549,9 +549,9 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
- `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`. - `https_handshake_timeout` - Configures the limit for how long the HTTPS server in both client and server agents will wait for a client to complete a TLS handshake. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). Default value is `5s`.
- `request_limits` - This object specifies configurations that limit the rate of RPC and gRPC requests on the Consul server. Limiting the rate of gRPC and RPC requests also limits HTTP requests to the Consul server. - `request_limits` - This object specifies configurations that limit the rate of RPC and gRPC requests on the Consul server. Limiting the rate of gRPC and RPC requests also limits HTTP requests to the Consul server.
- `mode` - String value that specifies an action to take if the rate of requests exceeds the limit. You can specify the following values: - `mode` - String value that specifies an action to take if the rate of requests exceeds the limit. You can specify the following values:
- `permissive`: The server continues to allow requests and records an error in the logs. - `permissive`: The server continues to allow requests and records an error in the logs.
- `enforcing`: The server stops accepting requests and records an error in the logs. - `enforcing`: The server stops accepting requests and records an error in the logs.
- `disabled`: Limits are not enforced or tracked. This is the default value for `mode`. - `disabled`: Limits are not enforced or tracked. This is the default value for `mode`.
- `read_rate` - Integer value that specifies the number of read requests per second. Default is `-1` which represents infinity. - `read_rate` - Integer value that specifies the number of read requests per second. Default is `-1` which represents infinity.
- `write_rate` - Integer value that specifies the number of write requests per second. Default is `-1` which represents infinity. - `write_rate` - Integer value that specifies the number of write requests per second. Default is `-1` which represents infinity.
- `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`. - `rpc_handshake_timeout` - Configures the limit for how long servers will wait after a client TCP connection is established before they complete the connection handshake. When TLS is used, the same timeout applies to the TLS handshake separately from the initial protocol negotiation. All Consul clients should perform this immediately on establishing a new connection. This should be kept conservative as it limits how many connections an unauthenticated attacker can open if `verify_incoming` is being using to authenticate clients (strongly recommended in production). When `verify_incoming` is true on servers, this limits how long the connection socket and associated goroutines will be held open before the client successfully authenticates. Default value is `5s`.
@ -741,8 +741,9 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
- `server` Equivalent to the [`-server` command-line flag](/consul/docs/agent/config/cli-flags#_server). - `server` Equivalent to the [`-server` command-line flag](/consul/docs/agent/config/cli-flags#_server).
- `server_rejoin_age_max` - controls the allowed maximum age of a stale server attempting to rejoin a cluster. - `server_rejoin_age_max` - controls the allowed maximum age of a stale server attempting to rejoin a cluster.
If a server is not running for this period, then it will refuse to start up again until an operator intervenes. This is to protect If the server has not ran during this period, it will refuse to start up again until an operator intervenes by manually deleting the `server_metadata.json`
clusters from instability caused by decommissioned servers accidentally being started again. file located in the data dir.
This is to protect clusters from instability caused by decommissioned servers accidentally being started again.
Note: the default value is 168h (equal to 7d) and the minimum value is 6h. Note: the default value is 168h (equal to 7d) and the minimum value is 6h.
- `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.** - `non_voting_server` - **This field is deprecated in Consul 1.9.1. See the [`read_replica`](#read_replica) field instead.**