website: document service and check acl options
This commit is contained in:
parent
2496a70452
commit
af74095584
|
@ -91,6 +91,10 @@ description of the current state of the check. With a script check, the field is
|
|||
set to any output generated by the script. Similarly, an external process updating
|
||||
a TTL check via the HTTP interface can set the `notes` value.
|
||||
|
||||
Checks may also contain a `token` field to provide an ACL token. This token is
|
||||
used for any interaction with the catalog for the check, including
|
||||
[anti-entropy syncs](/docs/internals/anti-entropy.html) and deregistration.
|
||||
|
||||
To configure a check, either provide it as a `-config-file` option to the
|
||||
agent or place it inside the `-config-dir` of the agent. The file must
|
||||
end in the ".json" extension to be loaded by Consul. Check definitions can
|
||||
|
|
|
@ -263,6 +263,13 @@ the state of the check.
|
|||
|
||||
Optionally, a `ServiceID` can be provided to associate the registered check with an existing service provided by the agent.
|
||||
|
||||
This endpoint supports [ACL tokens](/docs/internals/acl.html). If the query
|
||||
string includes a `?token=<token-id>`, the registration will use the provided
|
||||
token to authorize the request. The token is also persisted in the agent's
|
||||
local configuration to enable periodic
|
||||
[anti-entropy](/docs/internal/anti-entropy.html) syncs and seamless agent
|
||||
restarts.
|
||||
|
||||
The return code is 200 on success.
|
||||
|
||||
### <a name="agent_check_deregister"></a> /v1/agent/check/deregister/\<checkId\>
|
||||
|
@ -346,6 +353,13 @@ If `Check` is provided, only one of `Script`, `HTTP`, or `TTL` should be specifi
|
|||
`Script` and `HTTP` also require `Interval`. The created check will be named "service:\<ServiceId\>".
|
||||
There is more information about checks [here](/docs/agent/checks.html).
|
||||
|
||||
This endpoint supports [ACL tokens](/docs/internals/acl.html). If the query
|
||||
string includes a `?token=<token-id>`, the registration will use the provided
|
||||
token to authorize the request. The token is also persisted in the agent's
|
||||
local configuration to enable periodic
|
||||
[anti-entropy](/docs/internal/anti-entropy.html) syncs and seamless agent
|
||||
restarts.
|
||||
|
||||
The return code is 200 on success.
|
||||
|
||||
### <a name="agent_service_deregister"></a> /v1/agent/service/deregister/\<serviceId\>
|
||||
|
|
|
@ -51,6 +51,10 @@ The `port` field can be used as well to make a service-oriented architecture
|
|||
simpler to configure; this way, the address and port of a service can
|
||||
be discovered.
|
||||
|
||||
Services may also contain a `token` field to provide an ACL token. This token is
|
||||
used for any interaction with the catalog for the service, including
|
||||
[anti-entropy syncs](/docs/internals/anti-entropy.html) and deregistration.
|
||||
|
||||
A service can have an associated health check. This is a powerful feature as
|
||||
it allows a web balancer to gracefully remove failing nodes, a database
|
||||
to replace a failed slave, etc. The health check is strongly integrated in
|
||||
|
|
|
@ -189,3 +189,22 @@ This is equivalent to the following JSON input:
|
|||
}
|
||||
```
|
||||
|
||||
## Services and Checks with ACLs
|
||||
|
||||
Consul allows configuring ACL policies which may control access to service and
|
||||
check registration. In order to successfully register a service or check with
|
||||
these types of policies in place, a token with sufficient privileges must be
|
||||
provided to perform the registration into the global catalog. Consul also
|
||||
performs periodic [anti-entropy](/docs/internals/anti-entropy.html) syncs, which
|
||||
may require an ACL token to complete. To accommodate this, Consul provides two
|
||||
methods of configuring ACL tokens to use for registration events:
|
||||
|
||||
1. Using the [acl_token](/docs/agent/options.html#acl_token) configuration
|
||||
directive. This allows a single token to be configured globally and used
|
||||
during all service and check registration operations.
|
||||
2. Providing an ACL token with service and check definitions at
|
||||
registration time. This allows for greater flexibility and enables the use
|
||||
of multiple tokens on the same agent. Examples of what this looks like are
|
||||
available for both [services](/docs/agent/services.html) and
|
||||
[checks](/docs/agent/checks.html). Tokens may also be passed to the
|
||||
[HTTP API](/docs/agent/http.html) for operations that require them.
|
||||
|
|
Loading…
Reference in a new issue