mirror of https://github.com/hashicorp/consul
docs: update redirected links (#16179)
parent
57a91190a9
commit
9edb625331
|
@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/bootstrap](/consul/api-docs/ac
|
|||
The `acl bootstrap` command generates a new token with unlimited privileges to use
|
||||
for management purposes and outputs the token's details. Optionally, you can provide a Secret ID to use instead of generating a completely new token. You can create this bootstrapping token only once and afterwards bootstrapping
|
||||
will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap
|
||||
[reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=docs).
|
||||
[reset procedure](/consul/tutorials/security/access-control-troubleshoot).
|
||||
|
||||
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
|
||||
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
|
||||
|
|
|
@ -57,7 +57,7 @@ consul force-leave ec2-001-staging
|
|||
```
|
||||
|
||||
When run on a server that is part of a
|
||||
[WAN gossip pool](https://learn.hashicorp.com/consul/security-networking/datacenters),
|
||||
[WAN gossip pool](/consul/tutorials/networking/federation-gossip-wan),
|
||||
`force-leave` can remove failed servers in other datacenters from the WAN pool.
|
||||
|
||||
The identifying node-name in a WAN pool is `[node-name].[datacenter]`.
|
||||
|
|
|
@ -22,7 +22,7 @@ uses the [leader election algorithm](/consul/tutorials/developer-configuration/a
|
|||
|
||||
If the lock holder count is more than one, then a semaphore is used instead.
|
||||
A semaphore allows more than a single holder, but this is less efficient than
|
||||
a simple lock. This follows the [semaphore algorithm](https://learn.hashicorp.com/consul/developer-configuration/semaphore).
|
||||
a simple lock. This follows the [semaphore algorithm](/consul/tutorials/developer-configuration/distributed-semaphore).
|
||||
|
||||
To apply a lock to a remote WAN federated datacenter, run the command with the `-datacenter=<name>` flag on a server agent. You cannot use the command with `-datacenter` on client agents because they are unavailable to the remote datacenter.
|
||||
|
||||
|
|
|
@ -49,7 +49,7 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re
|
|||
<Tabs>
|
||||
<Tab heading="Consul K8s CLI (Mac Only)">
|
||||
|
||||
~> **Note:** Refer to the official [Consul K8S CLI documentation](https://www.consul.io/docs/k8s/k8s-cli) to find additional settings.
|
||||
~> **Note:** Refer to the official [Consul K8S CLI documentation](/consul/docs/k8s/k8s-cli) to find additional settings.
|
||||
|
||||
```shell-session
|
||||
$ brew tap hashicorp/tap
|
||||
|
@ -83,5 +83,5 @@ Ensure that the environment you are deploying Consul API Gateway in meets the re
|
|||
****** KEEP ALL PAGE CONTENT ABOVE THIS LINE *******
|
||||
Only Reference style links should be added below this comment
|
||||
--->
|
||||
[tech-specs]: /docs/api-gateway/tech-specs
|
||||
[rel-notes]: /docs/release-notes
|
||||
[tech-specs]: /consul/docs/api-gateway/tech-specs
|
||||
[rel-notes]: /consul/docs/release-notes
|
||||
|
|
|
@ -57,4 +57,4 @@ Consul API Gateway generates this error when the required CRD files have not bee
|
|||
The installation process typically fails after this error message is generated.
|
||||
|
||||
**Resolution:**
|
||||
Install the required CRDs. Refer to the [Consul API Gateway installation instructions](/docs/api-gateway/install#installation) for instructions.
|
||||
Install the required CRDs. Refer to the [Consul API Gateway installation instructions](/consul/docs/api-gateway/install#installation) for instructions.
|
||||
|
|
|
@ -34,7 +34,7 @@ In the event that any individual domain experiences a failure, service failover
|
|||
Service failover across Consul datacenters must be configured in the datacenters before you can use it. Use one of the following methods to configure failover across datacenters:
|
||||
|
||||
- **If you are using Consul service mesh**: Implement failover using [service-resolver configuration entries](/consul/docs/connect/config-entries/service-resolver#failover).
|
||||
- **If you are using Consul service discovery without service mesh**: Implement [geo-redundant failover using prepared queries](consul/tutorials/developer-discovery/automate-geo-failover).
|
||||
- **If you are using Consul service discovery without service mesh**: Implement [geo-redundant failover using prepared queries](/consul/tutorials/developer-discovery/automate-geo-failover).
|
||||
|
||||
### Control plane resiliency
|
||||
|
||||
|
@ -196,7 +196,7 @@ In general, set [`raftboltdb.NoFreelistSync`](/consul/docs/agent/config/config-f
|
|||
- Reduce the amount of data written to disk
|
||||
- Increase the amount of time it takes to load the raft.db file on startup
|
||||
|
||||
We recommend operators optimize networks according to their individual concerns. For example, if your server runs into disk performance issues but Consul servers do not restart often, setting [`raftboltdb.NoFreelistSync`](consul/docs/agent/config/config-files#NoFreelistSync) to `true` may solve your problems. However, the same action causes issues for deployments with large database files and frequent server restarts.
|
||||
We recommend operators optimize networks according to their individual concerns. For example, if your server runs into disk performance issues but Consul servers do not restart often, setting [`raftboltdb.NoFreelistSync`](/consul/docs/agent/config/config-files#NoFreelistSync) to `true` may solve your problems. However, the same action causes issues for deployments with large database files and frequent server restarts.
|
||||
|
||||
#### Raft snapshots
|
||||
|
||||
|
@ -217,7 +217,7 @@ In Consul v1.10 and higher, operators can try to prevent a snapshot install loop
|
|||
- After truncation, the lowest number on `consul.raft.leader.oldestLogAge` should always be at least two times higher than the lowest number for `consul.raft.rpc.installSnapshot`.
|
||||
- If these metrics are too close, increase the number of Raft trailing logs, which increases `consul.raft.leader.oldestLogAge`. Do not set the Raft trailing logs higher than necessary, as it can negatively affect write throughput and latency.
|
||||
|
||||
For more information, refer to [Raft Replication Capacity Issues](h/consul/docs/agent/telemetry#raft-replication-capacity-issues).
|
||||
For more information, refer to [Raft Replication Capacity Issues](/consul/docs/agent/telemetry#raft-replication-capacity-issues).
|
||||
|
||||
## Performance considerations for specific use cases
|
||||
|
||||
|
@ -280,4 +280,4 @@ At scale, using Consul as a backend for Vault results in increased memory and CP
|
|||
|
||||
In situations where Consul handles large amounts of data and has high write throughput, we recommend adding monitoring for the [capacity and health of raft replication on servers](/consul/docs/agent/telemetry#raft-replication-capacity-issues). If the server experiences heavy load when the size of its stored data is large enough, a follower may be unable to catch up on replication and become a voter after restarting. This situation occurs when the time it takes for a server to restore from disk takes longer than it takes for the leader to write a new snapshot and truncate its logs. Refer to [Raft snapshots](#raft-snapshots) for more information.
|
||||
|
||||
Vault v1.4 and higher provides [integrated storage](/vault/docs/concepts/integrated-storage) as its recommended storage option. If you currently use Consul as a storage backend for Vault, we recommend switching to integrated storage. For a comparison between Vault's integrated storage and Consul as a backend for Vault, refer to [storage backends in the Vault documentation](vault/docs/configuration/storage#integrated-storage-vs-consul-as-vault-storage). For detailed guidance on migrating the Vault backend from Consul to Vault's integrated storage, refer to the [storage migration tutorial](/vault/docs/configuration/storage#integrated-storage-vs-consul-as-vault-storage). Integrated storage improves resiliency by preventing a Consul outage from also affecting Vault functionality.
|
||||
Vault v1.4 and higher provides [integrated storage](/vault/docs/concepts/integrated-storage) as its recommended storage option. If you currently use Consul as a storage backend for Vault, we recommend switching to integrated storage. For a comparison between Vault's integrated storage and Consul as a backend for Vault, refer to [storage backends in the Vault documentation](/vault/docs/configuration/storage#integrated-storage-vs-consul-as-vault-storage). For detailed guidance on migrating the Vault backend from Consul to Vault's integrated storage, refer to the [storage migration tutorial](/vault/docs/configuration/storage#integrated-storage-vs-consul-as-vault-storage). Integrated storage improves resiliency by preventing a Consul outage from also affecting Vault functionality.
|
||||
|
|
|
@ -31,7 +31,7 @@ Ensure that your Consul environment meets the following requirements.
|
|||
* A local Consul agent is required to manage its configuration.
|
||||
* Consul [Connect](/consul/docs/agent/config/config-files#connect) must be enabled in both datacenters.
|
||||
* Each [datacenter](/consul/docs/agent/config/config-files#datacenter) must have a unique name.
|
||||
* Each datacenters must be [WAN joined](https://learn.hashicorp.com/consul/security-networking/datacenters).
|
||||
* Each datacenters must be [WAN joined](/consul/tutorials/networking/federation-gossip-wan).
|
||||
* The [primary datacenter](/consul/docs/agent/config/config-files#primary_datacenter) must be set to the same value in both datacenters. This specifies which datacenter is the authority for Connect certificates and is required for services in all datacenters to establish mutual TLS with each other.
|
||||
* [gRPC](/consul/docs/agent/config/config-files#grpc_port) must be enabled.
|
||||
* If you want to [enable gateways globally](/consul/docs/connect/gateways/mesh-gateway/service-to-service-traffic-wan-datacenters#enabling-gateways-globally) you must enable [centralized configuration](/consul/docs/agent/config/config-files#enable_central_service_config).
|
||||
|
|
|
@ -15,7 +15,7 @@ WAN federation via mesh gateways allows for Consul servers in different datacent
|
|||
to be federated exclusively through mesh gateways.
|
||||
|
||||
When setting up a
|
||||
[multi-datacenter](https://learn.hashicorp.com/consul/security-networking/datacenters)
|
||||
[multi-datacenter](/consul/tutorials/networking/federation-gossip-wan)
|
||||
Consul cluster, operators must ensure that all Consul servers in every
|
||||
datacenter must be directly connectable over their WAN-advertised network
|
||||
address from each other.
|
||||
|
@ -102,7 +102,7 @@ each datacenter otherwise the WAN will become only partly connected.
|
|||
|
||||
There are a few necessary additional pieces of configuration beyond those
|
||||
required for standing up a
|
||||
[multi-datacenter](https://learn.hashicorp.com/consul/security-networking/datacenters)
|
||||
[multi-datacenter](/consul/tutorials/networking/federation-gossip-wan)
|
||||
Consul cluster.
|
||||
|
||||
Consul servers in the _primary_ datacenter should add this snippet to the
|
||||
|
|
|
@ -90,7 +90,7 @@ session holding the lock. Review the session documentation for more information
|
|||
on the [integration](/consul/docs/dynamic-app-config/sessions#k-v-integration).
|
||||
|
||||
Review the following tutorials to learn how to use Consul sessions for [application leader election](/consul/tutorials/developer-configuration/application-leader-elections) and
|
||||
to [build distributed semaphores](https://learn.hashicorp.com/consul/developer-configuration/semaphore).
|
||||
to [build distributed semaphores](/consul/tutorials/developer-configuration/distributed-semaphore).
|
||||
|
||||
### Vault
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ description: >-
|
|||
|
||||
## What's Changed
|
||||
|
||||
- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. Complete the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/consul/day-2-agent-authentication/migrate-acl-tokens) tutorial to learn more.
|
||||
- The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. Before upgrading you should verify that all tokens and policies have been migrated to the newer ACL system. Complete the [Migrate Legacy ACL Tokens](/consul/tutorials/security-operations/access-control-token-migration) tutorial to learn more.
|
||||
|
||||
- The `agent_master` ACL token has been renamed to `agent_recovery` ACL token. In addition, the `consul acl set-agent-token master` command has been replaced with `consul acl set-agent-token recovery`. See [ACL Agent Recovery Token](/consul/docs/security/acl/acl-tokens#acl-agent-recovery-token) and [Consul ACL Set Agent Token](/consul/commands/acl/set-agent-token) for more information.
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ Refer to the following tutorials for step-by-step instructions on how to get sta
|
|||
|
||||
- [Bootstrap and Explore ACLs]
|
||||
- [Secure Consul with ACLs]
|
||||
- [Troubleshoot the ACL System](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=docs)
|
||||
- [Troubleshoot the ACL System](/consul/tutorials/security/access-control-troubleshoot)
|
||||
|
||||
[bootstrap and explore acls]: /consul/tutorials/security/access-control-setup-production?utm_source=docs
|
||||
[secure consul with acls]: /consul/tutorials/security/access-control-setup-production
|
||||
|
|
|
@ -199,15 +199,15 @@ as doing so gives the Consul client unnecessary access to all network traffic on
|
|||
We recommend raising an issue with the CNI you're using to add support for `hostPort`
|
||||
and switching back to `hostPort` eventually.
|
||||
|
||||
[troubleshooting]: https://learn.hashicorp.com/consul/day-2-operations/advanced-operations/troubleshooting
|
||||
[troubleshooting]: /consul/tutorials/datacenter-operations/troubleshooting
|
||||
[node_name]: /consul/docs/agent/config/config-files#node_name
|
||||
[retry_join]: /consul/docs/agent/config/cli-flags#retry-join
|
||||
[license]: /consul/commands/license
|
||||
[releases]: https://releases.hashicorp.com/consul/
|
||||
[files]: https://easyengine.io/tutorials/linux/increase-open-files-limit
|
||||
[certificates]: https://learn.hashicorp.com/consul/advanced/day-1-operations/certificates
|
||||
[systemd]: https://learn.hashicorp.com/consul/advanced/day-1-operations/deployment-guide#configure-systemd
|
||||
[monitoring]: https://learn.hashicorp.com/consul/advanced/day-1-operations/monitoring
|
||||
[certificates]: /consul/tutorials/security/tls-encryption-secure
|
||||
[systemd]: /consul/tutorials/production-deploy/deployment-guide#configure-systemd
|
||||
[monitoring]: /consul/tutorials/day-2-operations/monitor-datacenter-health
|
||||
[bind]: /consul/docs/agent/config/cli-flags#_bind
|
||||
[jq]: https://stedolan.github.io/jq/
|
||||
[go-sockaddr]: https://godoc.org/github.com/hashicorp/go-sockaddr/template
|
||||
|
|
|
@ -460,7 +460,7 @@ The `consul acl set-agent-token master` subcommand has been replaced with
|
|||
|
||||
The legacy ACL system that was deprecated in Consul 1.4.0 was removed in 1.11.0.
|
||||
Before upgrading you should verify that nothing is still using the legacy ACL
|
||||
system. Complete the [Migrate Legacy ACL Tokens](https://learn.hashicorp.com/consul/day-2-agent-authentication/migrate-acl-tokens) tutorial to learn more.
|
||||
system. Complete the [Migrate Legacy ACL Tokens](/consul/tutorials/security-operations/access-control-token-migration) tutorial to learn more.
|
||||
|
||||
### Raft Storage Changes
|
||||
|
||||
|
|
Loading…
Reference in New Issue