2017-08-23 23:56:05 +00:00
|
|
|
---
|
2020-02-06 23:45:31 +00:00
|
|
|
layout: docs
|
|
|
|
page_title: acl Stanza - Agent Configuration
|
|
|
|
sidebar_title: acl
|
|
|
|
description: >-
|
|
|
|
The "acl" stanza configures the Nomad agent to enable ACLs and tune various
|
|
|
|
parameters.
|
2017-08-23 23:56:05 +00:00
|
|
|
---
|
|
|
|
|
|
|
|
# `acl` Stanza
|
|
|
|
|
2020-02-06 23:45:31 +00:00
|
|
|
<Placement groups={['acl']} />
|
2017-08-23 23:56:05 +00:00
|
|
|
|
2020-03-13 17:16:01 +00:00
|
|
|
The `acl` stanza configures the Nomad agent to enable ACLs and tunes various
|
|
|
|
ACL parameters. Learn more about configuring Nomad's ACL system in the [Secure
|
|
|
|
Nomad with Access Control guide][secure-guide].
|
2017-08-23 23:56:05 +00:00
|
|
|
|
|
|
|
```hcl
|
|
|
|
acl {
|
|
|
|
enabled = true
|
|
|
|
token_ttl = "30s"
|
|
|
|
policy_ttl = "60s"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
## `acl` Parameters
|
|
|
|
|
|
|
|
- `enabled` `(bool: false)` - Specifies if ACL enforcement is enabled. All other
|
|
|
|
client configuration options depend on this value.
|
|
|
|
|
|
|
|
- `token_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for
|
|
|
|
cached ACL tokens. This does not affect servers, since they do not cache tokens.
|
|
|
|
Setting this value lower reduces how stale a token can be, but increases
|
|
|
|
the request load against servers. If a client cannot reach a server, for example
|
|
|
|
because of an outage, the TTL will be ignored and the cached value used.
|
|
|
|
|
|
|
|
- `policy_ttl` `(string: "30s")` - Specifies the maximum time-to-live (TTL) for
|
|
|
|
cached ACL policies. This does not affect servers, since they do not cache policies.
|
|
|
|
Setting this value lower reduces how stale a policy can be, but increases
|
|
|
|
the request load against servers. If a client cannot reach a server, for example
|
|
|
|
because of an outage, the TTL will be ignored and the cached value used.
|
|
|
|
|
|
|
|
- `replication_token` `(string: "")` - Specifies the Secret ID of the ACL token
|
|
|
|
to use for replicating policies and tokens. This is used by servers in non-authoritative
|
|
|
|
region to mirror the policies and tokens into the local region.
|
2020-03-13 17:16:01 +00:00
|
|
|
|
|
|
|
[secure-guide]: https://learn.hashicorp.com/nomad/acls/fundamentals
|