luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

alphabetize config options in docs. Fixes #221

This commit is contained in:
Joseph Anthony Pasquale Holsten 2014-08-31 02:03:01 +00:00
parent d280f1635d
commit 6d382465b8
1 changed files with 71 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
website/source/docs/agent/options.html.markdown
View File

@ -164,34 +164,47 @@ definitions support being updated during a reload.
#### Configuration Key Reference
* `acl_datacenter` - Only used by servers. This designates the datacenter which
is authoritative for ACL information. It must be provided to enable ACLs.
All servers and datacenters must agree on the ACL datacenter.
* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The
default policy controls the behavior of a token when there is no matching
rule. In "allow" mode, ACLs are a blacklist: any operation not specifically
prohibited is allowed. In "deny" mode, ACLs are a whilelist: any operation not
specifically allowed is blocked.
* `acl_down_policy` - Either "allow", "deny" or "extend-cache" which is the
default. In the case that the policy for a token cannot be read from the
`acl_datacenter` or leader node, the down policy is applied. In "allow" mode,
all actions are permitted, "deny" restricts all operations, and "extend-cache"
allows any cached ACLs to be used, ignoring their TTL values. If a non-cached
ACL is used, "extend-cache" acts like "deny".
* `acl_master_token` - Only used for servers in the `acl_datacenter`. This token
will be created if it does not exist with management level permissions. It allows
operators to bootstrap the ACL system with a token ID that is well-known.
* `acl_token` - When provided, the agent will use this token when making requests
to the Consul servers. Clients can override this token on a per-request basis
by providing the ?token parameter. When not provided, the empty token is used
which maps to the 'anonymous' ACL policy.
* `acl_ttl` - Used to control Time-To-Live caching of ACLs. By default this
is 30 seconds. This setting has a major performance impact: reducing it will
cause more frequent refreshes, while increasing it reduces the number of caches.
However, because the caches are not actively invalidated, ACL policy may be stale
up to the TTL value.
* `advertise_addr` - Equivalent to the `-advertise` command-line flag.
* `bootstrap` - Equivalent to the `-bootstrap` command-line flag.
* `bootstrap_expect` - Equivalent to the `-bootstrap-expect` command-line flag.
* `bind_addr` - Equivalent to the `-bind` command-line flag.
* `client_addr` - Equivalent to the `-client` command-line flag.
* `datacenter` - Equivalent to the `-dc` command-line flag.
* `data_dir` - Equivalent to the `-data-dir` command-line flag.
* `log_level` - Equivalent to the `-log-level` command-line flag.
* `node_name` - Equivalent to the `-node` command-line flag.
* `protocol` - Equivalent to the `-protocol` command-line flag.
* `server` - Equivalent to the `-server` command-line flag.
* `ui_dir` - Equivalent to the `-ui-dir` command-line flag.
* `advertise_addr` - Equivalent to the `-advertise` command-line flag.
* `enable_syslog` - Equivalent to the `-syslog` command-line flag.
* `rejoin_after_leave` - Equivalent to the `-rejoin` command-line flag.
* `ca_file` - This provides a the file path to a PEM encoded certificate authority.
The certificate authority is used to check the authenticity of client and server
connections with the appropriate `verify_incoming` or `verify_outgoing` flags.
@ -208,23 +221,16 @@ definitions support being updated during a reload.
reduce write pressure. If a check ever changes state, the new state and associated
output is syncronized immediately. To disable this behavior, set the value to "0s".
* `domain` - By default, Consul responds to DNS queries in the "consul." domain.
This flag can be used to change that domain. All queries in this domain are assumed
to be handled by Consul, and will not be recursively resolved.
* `client_addr` - Equivalent to the `-client` command-line flag.
* `datacenter` - Equivalent to the `-dc` command-line flag.
* `data_dir` - Equivalent to the `-data-dir` command-line flag.
* `dns_config` - This object allows a number of sub-keys to be set which can tune
how DNS queries are perfomed. See this guide on [DNS caching](/docs/guides/dns-cache.html).
The following sub-keys are available:
* `node_ttl` - By default, this is "0s", which means all node lookups are served with
a 0 TTL value. This can be set to allow node lookups to set a TTL value, which enables
DNS caching. This should be specified with the "s" suffix for second, or "m" for minute.
* `service_ttl` - This is a sub-object, which allows for setting a TTL on service lookups
with a per-service policy. The "*" wildcard service can be specified and is used when
there is no specific policy available for a service. By default, all services are served
with a 0 TTL value. Setting this enables DNS caching.
* `allow_stale` - Enables a stale query for DNS information. This allows any Consul
server to service the request, instead of only the leader. The advantage of this is
you get linear read scalability with Consul servers. By default, this is false, meaning
@ -236,9 +242,24 @@ definitions support being updated during a reload.
if a Consul server is more than 5 seconds behind the leader, the query will be
re-evaluated on the leader to get more up-to-date results.
* `node_ttl` - By default, this is "0s", which means all node lookups are served with
a 0 TTL value. This can be set to allow node lookups to set a TTL value, which enables
DNS caching. This should be specified with the "s" suffix for second, or "m" for minute.
* `service_ttl` - This is a sub-object, which allows for setting a TTL on service lookups
with a per-service policy. The "*" wildcard service can be specified and is used when
there is no specific policy available for a service. By default, all services are served
with a 0 TTL value. Setting this enables DNS caching.
* `domain` - By default, Consul responds to DNS queries in the "consul." domain.
This flag can be used to change that domain. All queries in this domain are assumed
to be handled by Consul, and will not be recursively resolved.
* `enable_debug` - When set, enables some additional debugging features. Currently,
only used to set the runtime profiling HTTP endpoints.
* `enable_syslog` - Equivalent to the `-syslog` command-line flag.
* `encrypt` - Equivalent to the `-encrypt` command-line flag.
* `key_file` - This provides a the file path to a PEM encoded private key.
@ -249,6 +270,10 @@ definitions support being updated during a reload.
it will send a Leave message to the rest of the cluster and gracefully
leave. Defaults to false.
* `log_level` - Equivalent to the `-log-level` command-line flag.
* `node_name` - Equivalent to the `-node` command-line flag.
* `ports` - This is a nested object that allows setting the bind ports
for the following keys:
* `dns` - The DNS server, -1 to disable. Default 8600.
@ -258,11 +283,21 @@ definitions support being updated during a reload.
* `serf_wan` - The Serf WAN port. Default 8302.
* `server` - Server RPC address. Default 8300.
* `protocol` - Equivalent to the `-protocol` command-line flag.
* `recursor` - This flag provides an address of an upstream DNS server that is used to
recursively resolve queries if they are not inside the service domain for consul. For example,
a node can use Consul directly as a DNS server, and if the record is outside of the "consul." domain,
the query will be resolved upstream using this server.
* `rejoin_after_leave` - Equivalent to the `-rejoin` command-line flag.
* `server` - Equivalent to the `-server` command-line flag.
* `server_name` - When give, this overrides the `node_name` for the TLS certificate.
It can be used to ensure that the certificate name matches the hostname we
declare.
* `skip_leave_on_interrupt` - This is the similar to`leave_on_terminate` but
only affects interrupt handling. By default, an interrupt causes Consul to
gracefully leave, but setting this to true disables that. Defaults to false.
@ -271,10 +306,6 @@ definitions support being updated during a reload.
* `start_join` - An array of strings specifying addresses of nodes to
join upon startup.
* `server_name` - When give, this overrides the `node_name` for the TLS certificate.
It can be used to ensure that the certificate name matches the hostname we
declare.
* `statsite_addr` - This provides the address of a statsite instance. If provided
Consul will stream various telemetry information to that instance for aggregation.
This can be used to capture various runtime information.
@ -282,6 +313,8 @@ definitions support being updated during a reload.
* `syslog_facility` - When `enable_syslog` is provided, this controls which
facility messages are sent to. By default, `LOCAL0` will be used.
* `ui_dir` - Equivalent to the `-ui-dir` command-line flag.
* `verify_incoming` - If set to True, Consul requires that all incoming
connections make use of TLS, and that the client provides a certificate signed
by the Certificate Authority from the `ca_file`. By default, this is false, and
@ -294,38 +327,6 @@ definitions support being updated during a reload.
will not make use of TLS for outgoing connections. This applies to clients and servers,
as both will make outgoing connections.
* `acl_datacenter` - Only used by servers. This designates the datacenter which
is authoritative for ACL information. It must be provided to enable ACLs.
All servers and datacenters must agree on the ACL datacenter.
* `acl_token` - When provided, the agent will use this token when making requests
to the Consul servers. Clients can override this token on a per-request basis
by providing the ?token parameter. When not provided, the empty token is used
which maps to the 'anonymous' ACL policy.
* `acl_master_token` - Only used for servers in the `acl_datacenter`. This token
will be created if it does not exist with management level permissions. It allows
operators to bootstrap the ACL system with a token ID that is well-known.
* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The
default policy controls the behavior of a token when there is no matching
rule. In "allow" mode, ACLs are a blacklist: any operation not specifically
prohibited is allowed. In "deny" mode, ACLs are a whilelist: any operation not
specifically allowed is blocked.
* `acl_down_policy` - Either "allow", "deny" or "extend-cache" which is the
default. In the case that the policy for a token cannot be read from the
`acl_datacenter` or leader node, the down policy is applied. In "allow" mode,
all actions are permitted, "deny" restricts all operations, and "extend-cache"
allows any cached ACLs to be used, ignoring their TTL values. If a non-cached
ACL is used, "extend-cache" acts like "deny".
* `acl_ttl` - Used to control Time-To-Live caching of ACLs. By default this
is 30 seconds. This setting has a major performance impact: reducing it will
cause more frequent refreshes, while increasing it reduces the number of caches.
However, because the caches are not actively invalidated, ACL policy may be stale
up to the TTL value.
* `watches` - Watches is a list of watch specifications.
These allow an external process to be automatically invoked when a particular
data view is updated. See the [watch documentation](/docs/agent/watches.html) for