f030a22c7c
This change provides an initial pass at setting up the configuration necessary to enable use of Connect with Consul ACLs. Operators will be able to pass in a Consul Token through `-consul-token` or `$CONSUL_TOKEN` in the `job run` and `job revert` commands (similar to Vault tokens). These values are not actually used yet in this changeset.
316 lines
6.8 KiB
JSON
316 lines
6.8 KiB
JSON
{
|
|
"acl": [
|
|
{
|
|
"enabled": true,
|
|
"policy_ttl": "60s",
|
|
"replication_token": "foobar",
|
|
"token_ttl": "60s"
|
|
}
|
|
],
|
|
"addresses": [
|
|
{
|
|
"http": "127.0.0.1",
|
|
"rpc": "127.0.0.2",
|
|
"serf": "127.0.0.3"
|
|
}
|
|
],
|
|
"advertise": [
|
|
{
|
|
"rpc": "127.0.0.3",
|
|
"serf": "127.0.0.4"
|
|
}
|
|
],
|
|
"autopilot": [
|
|
{
|
|
"cleanup_dead_servers": true,
|
|
"disable_upgrade_migration": true,
|
|
"enable_custom_upgrades": true,
|
|
"enable_redundancy_zones": true,
|
|
"last_contact_threshold": "12705s",
|
|
"max_trailing_logs": 17849,
|
|
"server_stabilization_time": "23057s"
|
|
}
|
|
],
|
|
"bind_addr": "192.168.0.1",
|
|
"client": [
|
|
{
|
|
"alloc_dir": "/tmp/alloc",
|
|
"chroot_env": [
|
|
{
|
|
"/opt/myapp/bin": "/bin",
|
|
"/opt/myapp/etc": "/etc"
|
|
}
|
|
],
|
|
"client_max_port": 2000,
|
|
"client_min_port": 1000,
|
|
"cpu_total_compute": 4444,
|
|
"disable_remote_exec": true,
|
|
"enabled": true,
|
|
"gc_disk_usage_threshold": 82,
|
|
"gc_inode_usage_threshold": 91,
|
|
"gc_interval": "6s",
|
|
"gc_max_allocs": 50,
|
|
"gc_parallel_destroys": 6,
|
|
"host_volume": [
|
|
{
|
|
"tmp": [
|
|
{
|
|
"path": "/tmp"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"max_kill_timeout": "10s",
|
|
"meta": [
|
|
{
|
|
"baz": "zip",
|
|
"foo": "bar"
|
|
}
|
|
],
|
|
"network_interface": "eth0",
|
|
"network_speed": 100,
|
|
"no_host_uuid": false,
|
|
"node_class": "linux-medium-64bit",
|
|
"options": [
|
|
{
|
|
"baz": "zip",
|
|
"foo": "bar"
|
|
}
|
|
],
|
|
"reserved": [
|
|
{
|
|
"cpu": 10,
|
|
"disk": 10,
|
|
"memory": 10,
|
|
"reserved_ports": "1,100,10-12"
|
|
}
|
|
],
|
|
"server_join": [
|
|
{
|
|
"retry_interval": "15s",
|
|
"retry_join": [
|
|
"1.1.1.1",
|
|
"2.2.2.2"
|
|
],
|
|
"retry_max": 3
|
|
}
|
|
],
|
|
"servers": [
|
|
"a.b.c:80",
|
|
"127.0.0.1:1234"
|
|
],
|
|
"state_dir": "/tmp/client-state",
|
|
"stats": [
|
|
{
|
|
"collection_interval": "5s",
|
|
"data_points": 35
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"consul": [
|
|
{
|
|
"address": "127.0.0.1:9500",
|
|
"allow_unauthenticated": true,
|
|
"auth": "username:pass",
|
|
"auto_advertise": true,
|
|
"ca_file": "/path/to/ca/file",
|
|
"cert_file": "/path/to/cert/file",
|
|
"checks_use_advertise": true,
|
|
"client_auto_join": true,
|
|
"client_http_check_name": "nomad-client-http-health-check",
|
|
"client_service_name": "nomad-client",
|
|
"key_file": "/path/to/key/file",
|
|
"server_auto_join": true,
|
|
"server_http_check_name": "nomad-server-http-health-check",
|
|
"server_rpc_check_name": "nomad-server-rpc-health-check",
|
|
"server_serf_check_name": "nomad-server-serf-health-check",
|
|
"server_service_name": "nomad",
|
|
"ssl": true,
|
|
"token": "token1",
|
|
"verify_ssl": true
|
|
}
|
|
],
|
|
"data_dir": "/tmp/nomad",
|
|
"datacenter": "dc2",
|
|
"disable_anonymous_signature": true,
|
|
"disable_update_check": true,
|
|
"enable_debug": true,
|
|
"enable_syslog": true,
|
|
"http_api_response_headers": [
|
|
{
|
|
"Access-Control-Allow-Origin": "*"
|
|
}
|
|
],
|
|
"leave_on_interrupt": true,
|
|
"leave_on_terminate": true,
|
|
"log_file": "/var/log/nomad.log",
|
|
"log_json": true,
|
|
"log_level": "ERR",
|
|
"name": "my-web",
|
|
"plugin": [
|
|
{
|
|
"docker": [
|
|
{
|
|
"args": [
|
|
"foo",
|
|
"bar"
|
|
],
|
|
"config": [
|
|
{
|
|
"foo": "bar",
|
|
"nested": [
|
|
{
|
|
"bam": 2
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"exec": [
|
|
{
|
|
"config": [
|
|
{
|
|
"foo": true
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"plugin_dir": "/tmp/nomad-plugins",
|
|
"ports": [
|
|
{
|
|
"http": 1234,
|
|
"rpc": 2345,
|
|
"serf": 3456
|
|
}
|
|
],
|
|
"region": "foobar",
|
|
"sentinel": [
|
|
{
|
|
"import": [
|
|
{
|
|
"foo": [
|
|
{
|
|
"args": [
|
|
"a",
|
|
"b",
|
|
"c"
|
|
],
|
|
"path": "foo"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"bar": [
|
|
{
|
|
"args": [
|
|
"x",
|
|
"y",
|
|
"z"
|
|
],
|
|
"path": "bar"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"server": [
|
|
{
|
|
"authoritative_region": "foobar",
|
|
"bootstrap_expect": 5,
|
|
"data_dir": "/tmp/data",
|
|
"deployment_gc_threshold": "12h",
|
|
"enabled": true,
|
|
"enabled_schedulers": [
|
|
"test"
|
|
],
|
|
"encrypt": "abc",
|
|
"eval_gc_threshold": "12h",
|
|
"heartbeat_grace": "30s",
|
|
"job_gc_interval": "3m",
|
|
"job_gc_threshold": "12h",
|
|
"max_heartbeats_per_second": 11,
|
|
"min_heartbeat_ttl": "33s",
|
|
"node_gc_threshold": "12h",
|
|
"non_voting_server": true,
|
|
"num_schedulers": 2,
|
|
"protocol_version": 3,
|
|
"raft_protocol": 3,
|
|
"redundancy_zone": "foo",
|
|
"rejoin_after_leave": true,
|
|
"retry_interval": "15s",
|
|
"retry_join": [
|
|
"1.1.1.1",
|
|
"2.2.2.2"
|
|
],
|
|
"retry_max": 3,
|
|
"server_join": [
|
|
{
|
|
"retry_interval": "15s",
|
|
"retry_join": [
|
|
"1.1.1.1",
|
|
"2.2.2.2"
|
|
],
|
|
"retry_max": 3
|
|
}
|
|
],
|
|
"start_join": [
|
|
"1.1.1.1",
|
|
"2.2.2.2"
|
|
],
|
|
"upgrade_version": "0.8.0"
|
|
}
|
|
],
|
|
"syslog_facility": "LOCAL1",
|
|
"telemetry": [
|
|
{
|
|
"backwards_compatible_metrics": true,
|
|
"collection_interval": "3s",
|
|
"disable_hostname": true,
|
|
"disable_tagged_metrics": true,
|
|
"prometheus_metrics": true,
|
|
"publish_allocation_metrics": true,
|
|
"publish_node_metrics": true,
|
|
"statsd_address": "127.0.0.1:2345",
|
|
"statsite_address": "127.0.0.1:1234"
|
|
}
|
|
],
|
|
"tls": [
|
|
{
|
|
"ca_file": "foo",
|
|
"cert_file": "bar",
|
|
"http": true,
|
|
"key_file": "pipe",
|
|
"rpc": true,
|
|
"rpc_upgrade_mode": true,
|
|
"tls_cipher_suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
|
"tls_min_version": "tls12",
|
|
"tls_prefer_server_cipher_suites": true,
|
|
"verify_https_client": true,
|
|
"verify_server_hostname": true
|
|
}
|
|
],
|
|
"vault": [
|
|
{
|
|
"address": "127.0.0.1:9500",
|
|
"allow_unauthenticated": true,
|
|
"ca_file": "/path/to/ca/file",
|
|
"ca_path": "/path/to/ca",
|
|
"cert_file": "/path/to/cert/file",
|
|
"create_from_role": "test_role",
|
|
"enabled": false,
|
|
"key_file": "/path/to/key/file",
|
|
"task_token_ttl": "1s",
|
|
"tls_server_name": "foobar",
|
|
"tls_skip_verify": true,
|
|
"token": "12345"
|
|
}
|
|
]
|
|
}
|