luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

Merge pull request #1283 from hashicorp/d-consul-configs

Browse source 
Document consul configuration
This commit is contained in:
Alex Dadgar 2016-06-14 16:51:56 -07:00 committed by GitHub
parent bdbbf2cd2c edef5e763a
commit 6221be5df3
6 changed files with 114 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
command/agent/config-test-fixtures/basic.hcl
View file

@ -96,6 +96,7 @@ consul {
ca_file = "/path/to/ca/file" ca_file = "/path/to/ca/file"
cert_file = "/path/to/cert/file" cert_file = "/path/to/cert/file"
key_file = "/path/to/key/file" key_file = "/path/to/key/file"
server_auto_join = true server_auto_join = false
client_auto_join = true client_auto_join = false
auto_advertise = false
} }

2
command/agent/config.go
View file

@ -394,6 +394,8 @@ func DefaultConfig() *Config {
ServerServiceName: "nomad", ServerServiceName: "nomad",
ClientServiceName: "nomad-client", ClientServiceName: "nomad-client",
AutoAdvertise: true, AutoAdvertise: true,
ServerAutoJoin: true,
ClientAutoJoin: true,
Timeout: 5 * time.Second, Timeout: 5 * time.Second,
}, },
Client: &ClientConfig{ Client: &ClientConfig{

5
command/agent/config_parse_test.go
View file

@ -113,8 +113,9 @@ func TestConfig_Parse(t *testing.T) {
CAFile: "/path/to/ca/file", CAFile: "/path/to/ca/file",
CertFile: "/path/to/cert/file", CertFile: "/path/to/cert/file",
KeyFile: "/path/to/key/file", KeyFile: "/path/to/key/file",
ServerAutoJoin: true, ServerAutoJoin: false,
ClientAutoJoin: true, ClientAutoJoin: false,
AutoAdvertise: false,
}, },
HTTPAPIResponseHeaders: map[string]string{ HTTPAPIResponseHeaders: map[string]string{
"Access-Control-Allow-Origin": "*", "Access-Control-Allow-Origin": "*",

2
nomad/structs/config/consul.go
View file

@ -35,7 +35,7 @@ type ConsulConfig struct {
// Timeout is used by Consul HTTP Client // Timeout is used by Consul HTTP Client
Timeout time.Duration `mapstructure:"timeout"` Timeout time.Duration `mapstructure:"timeout"`
// Token is used to provide a per-request ACL token.This options overrides // Token is used to provide a per-request ACL token. This options overrides
// the agent's default token // the agent's default token
Token string `mapstructure:"token"` Token string `mapstructure:"token"`

148
website/source/docs/agent/config.html.md
View file

@ -67,6 +67,11 @@ client {
} }
} }
consul {
# Consul's HTTP Address
address = "1.2.3.4:8500"
}
atlas { atlas {
infrastructure = "hashicorp/mars" infrastructure = "hashicorp/mars"
token = "atlas.v1.AFE84330943" token = "atlas.v1.AFE84330943"
@ -170,6 +175,11 @@ nodes, unless otherwise specified:
reachable from all server nodes. It is not required that clients can reach reachable from all server nodes. It is not required that clients can reach
this address. this address.
* `consul`: The `consul` configuration block changes how Nomad interacts with
Consul. Nomad can automatically advertise Nomad services via Consul, and can
automatically bootstrap itself using Consul. For more details see the [`consul`
section](#consul_options).
* `telemetry`: Used to control how the Nomad agent exposes telemetry data to * `telemetry`: Used to control how the Nomad agent exposes telemetry data to
external metrics collection servers. This is a key/value mapping and supports external metrics collection servers. This is a key/value mapping and supports
the following keys: the following keys:
@ -209,6 +219,97 @@ nodes, unless otherwise specified:
} }
``` ```
* `atlas`: See the [`atlas` options](#atlas_options) for more details.
## <a id="consul_options"></a>Consul Options
The following options are used to configure [Consul](https://www.consul.io)
integration and are entirely optional.
* `consul`: The top-level config key used to contain all Consul-related
configuration options. The value is a key/value map which supports the
following keys:
<br>
* `address`: The address to the local Consul agent given in the format of
`host:port`. Defaults to `127.0.0.1:8500`, which is the same as the Consul
default HTTP address.
* `token`: Token is used to provide a per-request ACL token. This options
overrides the Consul Agent's default token.
* `auth`: The auth information to use for http access to the Consul Agent
given as `username:password`.
* `ssl`: This boolean option sets the transport scheme to talk to the Consul
Agent as `https`. Defaults to `false`.
* `verify_ssl`: This option enables SSL verification when the transport
scheme for the Consul API client is `https`. Defaults to `true`.
* `ca_file`: Optional path to the CA certificate used for Consul
communication, defaults to the system bundle if not specified.
* `cert_file`: The path to the certificate used for Consul communication. If
this is set then you need to also set `key_file`.
* `key_file`: The path to the private key used for Consul communication. If
this is set then you need to also set `cert_file`.
* `server_service_name`: The name of the service that Nomad registers servers
with. Defaults to `nomad`.
* `client_service_name`: The name of the service that Nomad registers clients
with. Defaults to `nomad-client`.
* `auto_advertise`: When enabled Nomad advertises its services to Consul. The
services are named according to `server_service_name` and
`client_service_name`. Nomad Servers and Clients advertise their respective
services, each tagged appropriately with either `http` or `rpc` tag. Nomad
Servers also advertise a `serf` tagged service. Defaults to `true`.
* `server_auto_join`: Servers will automatically discover and join other
Nomad Servers by searching for the Consul service name defined in the
`server_service_name` option. This search only happens if the Server does
not have a leader. Defaults to `true`.
* `client_auto_join`: Client will automatically discover Servers in the
Client's region by searching for the Consul service name defined in the
`server_service_name` option. The search occurs if the Client is not
registered with any Servers or it is unable to heartbeat to the leader of
the region, in which case it may be partitioned and searches for other
Servers. Defaults to `true`
When `server_auto_join`, `client_auto_join` and `auto_advertise` are all
enabled, which is by default, and Consul is available, the Nomad cluster will
self-bootstrap.
## <a id="atlas_options"></a>Atlas Options
**NOTE**: Nomad integration with Atlas is awaiting release of Atlas features
for Nomad support. Nomad currently only validates configuration options for
Atlas but does not use them.
See [#183](https://github.com/hashicorp/nomad/issues/183) for more details.
The following options are used to configure [Atlas](https://atlas.hashicorp.com)
integration and are entirely optional.
* `atlas`: The top-level config key used to contain all Atlas-related
configuration options. The value is a key/value map which supports the
following keys:
<br>
* <a id="infrastructure">`infrastructure`</a>: The Atlas infrastructure name to
connect this agent to. This value should be of the form
`<org>/<infrastructure>`, and requires a valid [token](#token) authorized on
the infrastructure.
* <a id="token">`token`</a>: The Atlas token to use for authentication. This
token should have access to the provided [infrastructure](#infrastructure).
* <a id="join">`join`</a>: A boolean indicating if the auto-join feature of
Atlas should be enabled. Defaults to `false`.
* `endpoint`: The address of the Atlas instance to connect to. Defaults to the
public Atlas endpoint and is only used if both
[infrastructure](#infrastructure) and [token](#token) are provided.
## Server-specific Options ## Server-specific Options
The following options are applicable to server agents only and need not be The following options are applicable to server agents only and need not be
@ -328,30 +429,13 @@ configured on server nodes.
to reserve on all fingerprinted network devices. Ranges can be to reserve on all fingerprinted network devices. Ranges can be
specified by using a hyphen separated the two inclusive ends. specified by using a hyphen separated the two inclusive ends.
### Client Options Map <a id="options_map"></a> ### <a id="options_map"></a>Client Options Map
The following is not an exhaustive list of options that can be passed to the The following is not an exhaustive list of options that can be passed to the
Client, but rather the set of options that configure the Client and not the Client, but rather the set of options that configure the Client and not the
drivers. To find the options supported by an individual driver, see the drivers drivers. To find the options supported by an individual driver, see the drivers
documentation [here](/docs/drivers/index.html) documentation [here](/docs/drivers/index.html)
* `consul.address`: The address to the local Consul agent given in the format of
`host:port`. The default is the same as the Consul default address,
`127.0.0.1:8500`.
* `consul.token`: Token is used to provide a per-request ACL token.This options
overrides the agent's default token
* `consul.auth`: The auth information to use for http access to the Consul
Agent.
* `consul.ssl`: This boolean option sets the transport scheme to talk to the Consul
Agent as `https`. This option is unset by default and so the default transport
scheme for the consul api client is `http`.
* `consul.verifyssl`: This option enables SSL verification when the transport
scheme for the Consul API client is `https`. This is set to true by default.
* `driver.whitelist`: A comma separated list of whitelisted drivers (e.g. * `driver.whitelist`: A comma separated list of whitelisted drivers (e.g.
"docker,qemu"). If specified, drivers not in the whitelist will be disabled. "docker,qemu"). If specified, drivers not in the whitelist will be disabled.
If the whitelist is empty, all drivers are fingerprinted and enabled where If the whitelist is empty, all drivers are fingerprinted and enabled where
@ -387,33 +471,7 @@ documentation [here](/docs/drivers/index.html)
If specified, fingerprinters not in the whitelist will be disabled. If the If specified, fingerprinters not in the whitelist will be disabled. If the
whitelist is empty, all fingerprinters are used. whitelist is empty, all fingerprinters are used.
## Atlas Options ## <a id="cli"></a>Command-line Options
**NOTE**: Nomad integration with Atlas is awaiting release of Atlas features
for Nomad support. Nomad currently only validates configuration options for
Atlas but does not use them.
See [#183](https://github.com/hashicorp/nomad/issues/183) for more details.
The following options are used to configure [Atlas](https://atlas.hashicorp.com)
integration and are entirely optional.
* `atlas`: The top-level config key used to contain all Atlas-related
configuration options. The value is a key/value map which supports the
following keys:
<br>
* <a id="infrastructure">`infrastructure`</a>: The Atlas infrastructure name to
connect this agent to. This value should be of the form
`<org>/<infrastructure>`, and requires a valid [token](#token) authorized on
the infrastructure.
* <a id="token">`token`</a>: The Atlas token to use for authentication. This
token should have access to the provided [infrastructure](#infrastructure).
* <a id="join">`join`</a>: A boolean indicating if the auto-join feature of
Atlas should be enabled. Defaults to `false`.
* `endpoint`: The address of the Atlas instance to connect to. Defaults to the
public Atlas endpoint and is only used if both
[infrastructure](#infrastructure) and [token](#token) are provided.
## Command-line Options <a id="cli"></a>
A subset of the available Nomad agent configuration can optionally be passed in A subset of the available Nomad agent configuration can optionally be passed in
via CLI arguments. The `agent` command accepts the following arguments: via CLI arguments. The `agent` command accepts the following arguments:

33
website/source/docs/jobspec/servicediscovery.html.md
View file

@ -20,37 +20,8 @@ Nomad does not currently run Consul for you.
## Configuration ## Configuration
* `consul.address`: This is a Nomad client configuration which can be used to To configure Consul integration please see the Agent's configuration
override the default Consul Agent HTTP port that Nomad uses to connect to [here](/docs/agent/config.html#consul_options).
Consul. The default for this is `127.0.0.1:8500`.
* `consul.token`: Token is used to provide a per-request ACL token.This options
overrides the agent's default token
* `consul.auth`: The auth information to use for http access to the Consul
Agent.
* `consul.ssl`: This boolean option sets the transport scheme to talk to the Consul
Agent as `https`. This option is unset by default and so the default transport
scheme for the consul api client is `http`.
* `consul.verifyssl`: This option enables SSL verification when the transport
scheme for the Consul API client is `https`. This is set to true by default.
* `consul.tls_ca_file`: The path to the CA certificate used for Consul communication.
Set accordingly to the
[ca_file](https://www.consul.io/docs/agent/options.html#ca_file) setting in
Consul.
* `consul.tls_cert_file`: The path to the certificate for Consul communication. Set
accordingly
[cert_file](https://www.consul.io/docs/agent/options.html#cert_file) in
Consul.
* `consul.tls_key_file`: The path to the private key for Consul communication.
Set accordingly to the
[key_file](https://www.consul.io/docs/agent/options.html#key_file) setting in
Consul.
## Service Definition Syntax ## Service Definition Syntax