16.20. cdist-type__consul_agent(7)¶
16.20.1. NAME¶
cdist-type__consul_agent - Manage the consul agent
16.20.2. DESCRIPTION¶
Configure and manage the consul agent.
16.20.3. REQUIRED PARAMETERS¶
None.
16.20.4. OPTIONAL PARAMETERS¶
- acl-datacenter
- only used by servers. This designates the datacenter which is authoritative for ACL information.
- acl-default-policy
- either "allow" or "deny"; defaults to "allow". The default policy controls the behavior of a token when there is no matching rule.
- acl-down-policy
- either "allow", "deny" or "extend-cache"; "extend-cache" is the default.
- acl-master-token
- only used for servers in the acl_datacenter. This token will be created with management-level permissions if it does not exist. It allows operators to bootstrap the ACL system with a token ID that is well-known.
- acl-token
- when provided, the agent will use this token when making requests to the Consul servers.
- acl-ttl
- used to control Time-To-Live caching of ACLs.
- bind-addr
- sets the bind address for cluster communication
- bootstrap-expect
- sets server to expect bootstrap mode
- ca-file-source
- path to a PEM encoded certificate authority file which will be uploaded and configure using the ca_file config option.
- cert-file-source
- path to a PEM encoded certificate file which will be uploaded and configure using the cert_file config option.
- client-addr
- sets the address to bind for client access
- datacenter
- datacenter of the agent
- encrypt
- provides the gossip encryption key
- group
- the primary group for the agent
- json-config
- path to a partial json config file without leading { and trailing }. If json-config is '-' (dash), take what was written to stdin as the file content.
- key-file-source
- path to a PEM encoded private key file which will be uploaded and configure using the key_file config option.
- node-name
- name of this node. Must be unique in the cluster
- retry-join
- address to attempt joining every retry_interval until at least one join works. Can be specified multiple times.
- user
- the user to run the agent as
- state
- if the agent is 'present' or 'absent'. Defaults to 'present'. Currently state=absent is not working due to some dependency issues.
16.20.5. BOOLEAN PARAMETERS¶
- disable-remote-exec
- disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
- disable-update-check
- disables automatic checking for security bulletins and new version releases
- leave-on-terminate
- gracefully leave cluster on SIGTERM
- rejoin-after-leave
- rejoin the cluster using the previous state after leaving
- server
- used to control if an agent is in server or client mode
- enable-syslog
- enables logging to syslog
- verify-incoming
- enforce the use of TLS and verify a client's authenticity on incoming connections
- verify-outgoing
- enforce the use of TLS and verify the peers authenticity on outgoing connections
16.20.6. EXAMPLES¶
# configure as server, bootstrap and rejoin
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
# configure as server, bootstrap and rejoin with ssl support
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--server \
--rejoin-after-leave \
--bootstrap-expect 3 \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03 \
--ca-file-source /path/to/ca.pem \
--cert-file-source /path/to/cert.pem \
--key-file-source /path/to/key.pem \
--verify-incoming \
--verify-outgoing
# configure as client and try joining existing cluster
__consul_agent \
--datacenter dc1 \
--node-name "${hostname%%.*}" \
--disable-update-check \
--retry-join consul-01 \
--retry-join consul-02 \
--retry-join consul-03
16.20.7. SEE ALSO¶
consul documentation at: <http://www.consul.io/docs/agent/options.html>.
16.20.8. AUTHORS¶
Steven Armstrong <steven-cdist--@--armstrong.cc>
16.20.9. COPYING¶
Copyright (C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.