From 52dafc8347b25dd5e3740ac66664d00c3f28a944 Mon Sep 17 00:00:00 2001 From: Joseph Anthony Pasquale Holsten Date: Sun, 31 Aug 2014 02:03:01 +0000 Subject: [PATCH] alphabetize config options in docs. Fixes #221 --- .../source/docs/agent/options.html.markdown | 141 +++++++++--------- 1 file changed, 71 insertions(+), 70 deletions(-) diff --git a/website/source/docs/agent/options.html.markdown b/website/source/docs/agent/options.html.markdown index 0a7540d427..8d91bf0268 100644 --- a/website/source/docs/agent/options.html.markdown +++ b/website/source/docs/agent/options.html.markdown @@ -164,34 +164,47 @@ definitions support being updated during a reload. #### Configuration Key Reference +* `acl_datacenter` - Only used by servers. This designates the datacenter which + is authoritative for ACL information. It must be provided to enable ACLs. + All servers and datacenters must agree on the ACL datacenter. + +* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The + default policy controls the behavior of a token when there is no matching + rule. In "allow" mode, ACLs are a blacklist: any operation not specifically + prohibited is allowed. In "deny" mode, ACLs are a whilelist: any operation not + specifically allowed is blocked. + +* `acl_down_policy` - Either "allow", "deny" or "extend-cache" which is the + default. In the case that the policy for a token cannot be read from the + `acl_datacenter` or leader node, the down policy is applied. In "allow" mode, + all actions are permitted, "deny" restricts all operations, and "extend-cache" + allows any cached ACLs to be used, ignoring their TTL values. If a non-cached + ACL is used, "extend-cache" acts like "deny". + +* `acl_master_token` - Only used for servers in the `acl_datacenter`. This token + will be created if it does not exist with management level permissions. It allows + operators to bootstrap the ACL system with a token ID that is well-known. + +* `acl_token` - When provided, the agent will use this token when making requests + to the Consul servers. Clients can override this token on a per-request basis + by providing the ?token parameter. When not provided, the empty token is used + which maps to the 'anonymous' ACL policy. + + +* `acl_ttl` - Used to control Time-To-Live caching of ACLs. By default this + is 30 seconds. This setting has a major performance impact: reducing it will + cause more frequent refreshes, while increasing it reduces the number of caches. + However, because the caches are not actively invalidated, ACL policy may be stale + up to the TTL value. + +* `advertise_addr` - Equivalent to the `-advertise` command-line flag. + * `bootstrap` - Equivalent to the `-bootstrap` command-line flag. * `bootstrap_expect` - Equivalent to the `-bootstrap-expect` command-line flag. * `bind_addr` - Equivalent to the `-bind` command-line flag. -* `client_addr` - Equivalent to the `-client` command-line flag. - -* `datacenter` - Equivalent to the `-dc` command-line flag. - -* `data_dir` - Equivalent to the `-data-dir` command-line flag. - -* `log_level` - Equivalent to the `-log-level` command-line flag. - -* `node_name` - Equivalent to the `-node` command-line flag. - -* `protocol` - Equivalent to the `-protocol` command-line flag. - -* `server` - Equivalent to the `-server` command-line flag. - -* `ui_dir` - Equivalent to the `-ui-dir` command-line flag. - -* `advertise_addr` - Equivalent to the `-advertise` command-line flag. - -* `enable_syslog` - Equivalent to the `-syslog` command-line flag. - -* `rejoin_after_leave` - Equivalent to the `-rejoin` command-line flag. - * `ca_file` - This provides a the file path to a PEM encoded certificate authority. The certificate authority is used to check the authenticity of client and server connections with the appropriate `verify_incoming` or `verify_outgoing` flags. @@ -208,23 +221,16 @@ definitions support being updated during a reload. reduce write pressure. If a check ever changes state, the new state and associated output is syncronized immediately. To disable this behavior, set the value to "0s". -* `domain` - By default, Consul responds to DNS queries in the "consul." domain. - This flag can be used to change that domain. All queries in this domain are assumed - to be handled by Consul, and will not be recursively resolved. +* `client_addr` - Equivalent to the `-client` command-line flag. + +* `datacenter` - Equivalent to the `-dc` command-line flag. + +* `data_dir` - Equivalent to the `-data-dir` command-line flag. * `dns_config` - This object allows a number of sub-keys to be set which can tune how DNS queries are perfomed. See this guide on [DNS caching](/docs/guides/dns-cache.html). The following sub-keys are available: - * `node_ttl` - By default, this is "0s", which means all node lookups are served with - a 0 TTL value. This can be set to allow node lookups to set a TTL value, which enables - DNS caching. This should be specified with the "s" suffix for second, or "m" for minute. - - * `service_ttl` - This is a sub-object, which allows for setting a TTL on service lookups - with a per-service policy. The "*" wildcard service can be specified and is used when - there is no specific policy available for a service. By default, all services are served - with a 0 TTL value. Setting this enables DNS caching. - * `allow_stale` - Enables a stale query for DNS information. This allows any Consul server to service the request, instead of only the leader. The advantage of this is you get linear read scalability with Consul servers. By default, this is false, meaning @@ -236,9 +242,24 @@ definitions support being updated during a reload. if a Consul server is more than 5 seconds behind the leader, the query will be re-evaluated on the leader to get more up-to-date results. + * `node_ttl` - By default, this is "0s", which means all node lookups are served with + a 0 TTL value. This can be set to allow node lookups to set a TTL value, which enables + DNS caching. This should be specified with the "s" suffix for second, or "m" for minute. + + * `service_ttl` - This is a sub-object, which allows for setting a TTL on service lookups + with a per-service policy. The "*" wildcard service can be specified and is used when + there is no specific policy available for a service. By default, all services are served + with a 0 TTL value. Setting this enables DNS caching. + +* `domain` - By default, Consul responds to DNS queries in the "consul." domain. + This flag can be used to change that domain. All queries in this domain are assumed + to be handled by Consul, and will not be recursively resolved. + * `enable_debug` - When set, enables some additional debugging features. Currently, only used to set the runtime profiling HTTP endpoints. +* `enable_syslog` - Equivalent to the `-syslog` command-line flag. + * `encrypt` - Equivalent to the `-encrypt` command-line flag. * `key_file` - This provides a the file path to a PEM encoded private key. @@ -249,6 +270,10 @@ definitions support being updated during a reload. it will send a Leave message to the rest of the cluster and gracefully leave. Defaults to false. +* `log_level` - Equivalent to the `-log-level` command-line flag. + +* `node_name` - Equivalent to the `-node` command-line flag. + * `ports` - This is a nested object that allows setting the bind ports for the following keys: * `dns` - The DNS server, -1 to disable. Default 8600. @@ -258,11 +283,21 @@ definitions support being updated during a reload. * `serf_wan` - The Serf WAN port. Default 8302. * `server` - Server RPC address. Default 8300. +* `protocol` - Equivalent to the `-protocol` command-line flag. + * `recursor` - This flag provides an address of an upstream DNS server that is used to recursively resolve queries if they are not inside the service domain for consul. For example, a node can use Consul directly as a DNS server, and if the record is outside of the "consul." domain, the query will be resolved upstream using this server. +* `rejoin_after_leave` - Equivalent to the `-rejoin` command-line flag. + +* `server` - Equivalent to the `-server` command-line flag. + +* `server_name` - When give, this overrides the `node_name` for the TLS certificate. + It can be used to ensure that the certificate name matches the hostname we + declare. + * `skip_leave_on_interrupt` - This is the similar to`leave_on_terminate` but only affects interrupt handling. By default, an interrupt causes Consul to gracefully leave, but setting this to true disables that. Defaults to false. @@ -271,10 +306,6 @@ definitions support being updated during a reload. * `start_join` - An array of strings specifying addresses of nodes to join upon startup. -* `server_name` - When give, this overrides the `node_name` for the TLS certificate. - It can be used to ensure that the certificate name matches the hostname we - declare. - * `statsite_addr` - This provides the address of a statsite instance. If provided Consul will stream various telemetry information to that instance for aggregation. This can be used to capture various runtime information. @@ -282,6 +313,8 @@ definitions support being updated during a reload. * `syslog_facility` - When `enable_syslog` is provided, this controls which facility messages are sent to. By default, `LOCAL0` will be used. +* `ui_dir` - Equivalent to the `-ui-dir` command-line flag. + * `verify_incoming` - If set to True, Consul requires that all incoming connections make use of TLS, and that the client provides a certificate signed by the Certificate Authority from the `ca_file`. By default, this is false, and @@ -294,38 +327,6 @@ definitions support being updated during a reload. will not make use of TLS for outgoing connections. This applies to clients and servers, as both will make outgoing connections. -* `acl_datacenter` - Only used by servers. This designates the datacenter which - is authoritative for ACL information. It must be provided to enable ACLs. - All servers and datacenters must agree on the ACL datacenter. - -* `acl_token` - When provided, the agent will use this token when making requests - to the Consul servers. Clients can override this token on a per-request basis - by providing the ?token parameter. When not provided, the empty token is used - which maps to the 'anonymous' ACL policy. - -* `acl_master_token` - Only used for servers in the `acl_datacenter`. This token - will be created if it does not exist with management level permissions. It allows - operators to bootstrap the ACL system with a token ID that is well-known. - -* `acl_default_policy` - Either "allow" or "deny", defaults to "allow". The - default policy controls the behavior of a token when there is no matching - rule. In "allow" mode, ACLs are a blacklist: any operation not specifically - prohibited is allowed. In "deny" mode, ACLs are a whilelist: any operation not - specifically allowed is blocked. - -* `acl_down_policy` - Either "allow", "deny" or "extend-cache" which is the - default. In the case that the policy for a token cannot be read from the - `acl_datacenter` or leader node, the down policy is applied. In "allow" mode, - all actions are permitted, "deny" restricts all operations, and "extend-cache" - allows any cached ACLs to be used, ignoring their TTL values. If a non-cached - ACL is used, "extend-cache" acts like "deny". - -* `acl_ttl` - Used to control Time-To-Live caching of ACLs. By default this - is 30 seconds. This setting has a major performance impact: reducing it will - cause more frequent refreshes, while increasing it reduces the number of caches. - However, because the caches are not actively invalidated, ACL policy may be stale - up to the TTL value. - * `watches` - Watches is a list of watch specifications. These allow an external process to be automatically invoked when a particular data view is updated. See the [watch documentation](/docs/agent/watches.html) for