Website: add intra-page links in docs/agent/options

pull/707/head
Ryan Breen 10 years ago
parent 415fb21369
commit bfcdd210b7

@ -33,37 +33,37 @@ configuration reload.
The options below are all specified on the command-line.
* `-advertise` - The advertise address is used to change the address that we
* <a id="advertise"></a>`-advertise` - The advertise address is used to change the address that we
advertise to other nodes in the cluster. By default, the `-bind` address is
advertised. However, in some cases, there may be a routable address that cannot
be bound. This flag enables gossiping a different address to support this.
If this address is not routable, the node will be in a constant flapping state
as other nodes will treat the non-routability as a failure.
* `-bootstrap` - This flag is used to control if a server is in "bootstrap" mode. It is important that
* <a id="bootstrap_anchor"></a>`-bootstrap` - This flag is used to control if a server is in "bootstrap" mode. It is important that
no more than one server *per* data center be running in this mode. Technically, a server in bootstrap mode
is allowed to self-elect as the Raft leader. It is important that only a single node is in this mode;
otherwise, consistency cannot be guaranteed as multiple nodes are able to self-elect.
It is not recommended to use this flag after a cluster has been bootstrapped.
* `-bootstrap-expect` - This flag provides the number of expected servers in the data center.
* <a id="bootstrap_expect"></a>`-bootstrap-expect` - This flag provides the number of expected servers in the data center.
Either this value should not be provided or the value must agree with other servers in
the cluster. When provided, Consul waits until the specified number of servers are
available and then bootstraps the cluster. This allows an initial leader to be elected
automatically. This cannot be used in conjunction with the `-bootstrap` flag.
* `-bind` - The address that should be bound to for internal cluster communications.
* <a id="bind"></a>`-bind` - The address that should be bound to for internal cluster communications.
This is an IP address that should be reachable by all other nodes in the cluster.
By default, this is "0.0.0.0", meaning Consul will use the first available private
IP address. Consul uses both TCP and UDP and the same port for both. If you
have any firewalls, be sure to allow both protocols.
* `-client` - The address to which Consul will bind client interfaces,
* <a id="client"></a>`-client` - The address to which Consul will bind client interfaces,
including the HTTP, DNS, and RPC servers. By default, this is "127.0.0.1",
allowing only loopback connections. The RPC address is used by other Consul
commands, such as `consul members`, in order to query a running Consul agent.
* `-config-file` - A configuration file to load. For more information on
* <a id="config_file"></a>`-config-file` - A configuration file to load. For more information on
the format of this file, read the [Configuration Files](#configuration_files) section.
This option can be specified multiple times to load multiple configuration
files. If it is specified multiple times, configuration files loaded later
@ -71,25 +71,25 @@ The options below are all specified on the command-line.
single-value keys (string, int, bool) will simply have their values replaced
while list types will be appended together.
* `-config-dir` - A directory of configuration files to load. Consul will
* <a id="config_dir"></a>`-config-dir` - A directory of configuration files to load. Consul will
load all files in this directory with the suffix ".json". The load order
is alphabetical, and the the same merge routine is used as with the `config-file`
option above. For more information on the format of the configuration files,
see the [Configuration Files](#configuration_files) section.
is alphabetical, and the the same merge routine is used as with the
[`config-file`](config_file) option above. For more information
on the format of the configuration files, see the [Configuration Files](#configuration_files) section.
* `-data-dir` - This flag provides a data directory for the agent to store state.
* <a id="data_dir"></a>`-data-dir` - This flag provides a data directory for the agent to store state.
This is required for all agents. The directory should be durable across reboots.
This is especially critical for agents that are running in server mode as they
must be able to persist cluster state. Additionally, the directory must support
the use of filesystem locking, meaning some types of mounted folders (e.g. VirtualBox
shared folders) may not be suitable.
* `-dc` - This flag controls the data center in which the agent is running. If not provided,
* <a id="dc"></a>`-dc` - This flag controls the data center in which the agent is running. If not provided,
it defaults to "dc1". Consul has first-class support for multiple data centers, but
it relies on proper configuration. Nodes in the same data center should be on a single
LAN.
* `-encrypt` - Specifies the secret key to use for encryption of Consul
* <a id="encrypt"></a>`-encrypt` - Specifies the secret key to use for encryption of Consul
network traffic. This key must be 16-bytes that are Base64-encoded. The
easiest way to create an encryption key is to use `consul keygen`. All
nodes within a cluster must share the same encryption key to communicate.
@ -100,55 +100,56 @@ The options below are all specified on the command-line.
initialized with an encryption key, then the provided key is ignored and
a warning will be displayed.
* `-join` - Address of another agent to join upon starting up. This can be
* <a id="join"></a>`-join` - Address of another agent to join upon starting up. This can be
specified multiple times to specify multiple agents to join. If Consul is
unable to join with any of the specified addresses, agent startup will
fail. By default, the agent won't join any nodes when it starts up.
* `-retry-join` - Similar to `-join` but allows retrying a join if the first
* <a id="retry_join"></a>`-retry-join` - Similar to [`-join`](#join) but allows retrying a join if the first
attempt fails. This is useful for cases where we know the address will become
available eventually.
* `-retry-interval` - Time to wait between join attempts. Defaults to 30s.
* <a id="retry_interval"></a>`-retry-interval` - Time to wait between join attempts. Defaults to 30s.
* `-retry-max` - The maximum number of join attempts to be made before exiting
* <a id="retry_max"></a>`-retry-max` - The maximum number of join attempts to be made before exiting
with return code 1. By default, this is set to 0 which is interpreted as infinite
retries.
* `-join-wan` - Address of another wan agent to join upon starting up. This can be
* <a id="join_wan"></a>`-join-wan` - Address of another wan agent to join upon starting up. This can be
specified multiple times to specify multiple WAN agents to join. If Consul is
unable to join with any of the specified addresses, agent startup will
fail. By default, the agent won't `-join-wan` any nodes when it starts up.
fail. By default, the agent won't [`-join-wan`](#join_wan) any nodes when it starts up.
* `-retry-join-wan` - Similar to `retry-join` but allows retrying a wan join if the first
attempt fails. This is useful for cases where we know the address will become
* <a id="retry_join_wan"></a>`-retry-join-wan` - Similar to [`retry-join`](#retry_join) but allows retrying
a wan join if the first attempt fails. This is useful for cases where we know the address will become
available eventually.
* `-retry-interval-wan` - Time to wait between `-join-wan` attempts. Defaults to 30s.
* <a id="retry_interval_wan"></a>`-retry-interval-wan` - Time to wait between [`-join-wan`](#join_wan) attempts.
Defaults to 30s.
* `-retry-max-wan` - The maximum number of `-join-wan` attempts to be made before exiting
with return code 1. By default, this is set to 0 which is interpreted as infinite
* <a id="retry_max_wan"></a>`-retry-max-wan` - The maximum number of [`-join-wan`](#join_wan) attempts to
be made before exiting with return code 1. By default, this is set to 0 which is interpreted as infinite
retries.
* `-log-level` - The level of logging to show after the Consul agent has
* <a id="log_level"></a>`-log-level` - The level of logging to show after the Consul agent has
started. This defaults to "info". The available log levels are "trace",
"debug", "info", "warn", and "err". Note that you can always connect to an
agent via `consul monitor` and use any log level. Also, the log level can
be changed during a config reload.
* `-node` - The name of this node in the cluster. This must be unique within
* <a id="node"></a>`-node` - The name of this node in the cluster. This must be unique within
the cluster. By default this is the hostname of the machine.
* `-protocol` - The Consul protocol version to use. This defaults to the latest
* <a id="protocol"></a>`-protocol` - The Consul protocol version to use. This defaults to the latest
version. This should be set only when [upgrading](/docs/upgrading.html).
You can view the protocol versions supported by Consul by running `consul -v`.
* `-rejoin` - When provided, Consul will ignore a previous leave and attempt to
* <a id="rejoin"></a>`-rejoin` - When provided, Consul will ignore a previous leave and attempt to
rejoin the cluster when starting. By default, Consul treats leave as a permanent
intent and does not attempt to join the cluster again when starting. This flag
allows the previous state to be used to rejoin the cluster.
* `-server` - This flag is used to control if an agent is in server or client mode. When provided,
* <a id="server"></a>`-server` - This flag is used to control if an agent is in server or client mode. When provided,
an agent will act as a Consul server. Each Consul cluster must have at least one server and ideally
no more than 5 per data center. All servers participate in the Raft consensus algorithm to ensure that
transactions occur in a consistent, linearizable manner. Transactions modify cluster state, which
@ -156,16 +157,16 @@ The options below are all specified on the command-line.
participate in a WAN gossip pool with server nodes in other data centers. Servers act as gateways
to other data centers and forward traffic as appropriate.
* `-syslog` - This flag enables logging to syslog. This is only supported on Linux
* <a id="syslog"></a>`-syslog` - This flag enables logging to syslog. This is only supported on Linux
and OSX. It will result in an error if provided on Windows.
* `-ui-dir` - This flag provides the directory containing the Web UI resources
* <a id="ui_dir"></a>`-ui-dir` - This flag provides the directory containing the Web UI resources
for Consul. This must be provided to enable the Web UI. The directory must be readable.
* `-pid-file` - This flag provides the file path for the agent to store its PID. This is useful for
* <a id="pid_file"></a>`-pid-file` - This flag provides the file path for the agent to store its PID. This is useful for
sending signals (for example, `SIGINT` to close the agent or `SIGHUP` to update check definitions) to the agent.
## <a name="configuration_files"></a> Configuration Files
## <a id="configuration_files"></a>Configuration Files
In addition to the command-line options, configuration can be put into
files. This may be easier in certain situations, for example when Consul is
@ -257,19 +258,20 @@ definitions support being updated during a reload.
* `http` - The HTTP API. Defaults to `client_addr`
* `rpc` - The RPC endpoint. Defaults to `client_addr`
* `advertise_addr` - Equivalent to the `-advertise` command-line flag.
* `advertise_addr` - Equivalent to the [`-advertise` command-line flag](#advertise).
* `bootstrap` - Equivalent to the `-bootstrap` command-line flag.
* `bootstrap` - Equivalent to the [`-bootstrap` command-line flag](#bootstrap_anchor).
* `bootstrap_expect` - Equivalent to the `-bootstrap-expect` command-line flag.
* `bootstrap_expect` - Equivalent to the [`-bootstrap-expect` command-line flag](#bootstrap_expect).
* `bind_addr` - Equivalent to the `-bind` command-line flag.
* `bind_addr` - Equivalent to the [`-bind` command-line flag](#bind).
* `ca_file` - This provides a file path to a PEM-encoded certificate authority.
* <a id="ca_file"></a>`ca_file` - This provides a file path to a PEM-encoded certificate authority.
The certificate authority is used to check the authenticity of client and server
connections with the appropriate `verify_incoming` or `verify_outgoing` flags.
connections with the appropriate [`verify_incoming`](#verify_incoming) or
[`verify_outgoing`](#verify_outgoing) flags.
* `cert_file` - This provides a file path to a PEM-encoded certificate.
* <a id="cert_file"></a>`cert_file` - This provides a file path to a PEM-encoded certificate.
The certificate is provided to clients or servers to verify the agent's authenticity.
It must be provided along with `key_file`.
@ -281,19 +283,19 @@ definitions support being updated during a reload.
reduce write pressure. If a check ever changes state, the new state and associated
output is synchronized immediately. To disable this behavior, set the value to "0s".
* `client_addr` - Equivalent to the `-client` command-line flag.
* `client_addr` - Equivalent to the [`-client` command-line flag](#client).
* `datacenter` - Equivalent to the `-dc` command-line flag.
* `datacenter` - Equivalent to the [`-dc` command-line flag](#dc).
* `data_dir` - Equivalent to the `-data-dir` command-line flag.
* `data_dir` - Equivalent to the [`-data-dir` command-line flag](#data_dir).
* `disable_anonymous_signature` - Disables providing an anonymous signature for
de-duplication with the update check. See `disable_update_check`.
de-duplication with the update check. See [`disable_update_check`](#disable_update_check).
* `disable_remote_exec` - Disables support for remote execution. When set to true,
the agent will ignore any incoming remote exec requests.
* `disable_update_check` - Disables automatic checking for security bulletins and
* <a id="disable_update_check"></a>`disable_update_check` - Disables automatic checking for security bulletins and
new version releases.
* `dns_config` - This object allows a number of sub-keys to be set which can tune
@ -337,13 +339,13 @@ definitions support being updated during a reload.
* `enable_debug` - When set, enables some additional debugging features. Currently,
this is only used to set the runtime profiling HTTP endpoints.
* `enable_syslog` - Equivalent to the `-syslog` command-line flag.
* <a id="enable_syslog"></a>`enable_syslog` - Equivalent to the [`-syslog` command-line flag](#syslog).
* `encrypt` - Equivalent to the `-encrypt` command-line flag.
* `encrypt` - Equivalent to the [`-encrypt` command-line flag](#encrypt).
* `key_file` - This provides a the file path to a PEM-encoded private key.
The key is used with the certificate to verify the agent's authenticity.
This must be provided along with `cert_file`.
This must be provided along with [`cert_file`](#cert_file).
* `http_api_response_headers` - This object allows adding headers to the HTTP API
responses. For example, the following config can be used to enable
@ -358,13 +360,13 @@ definitions support being updated during a reload.
}
```
* `leave_on_terminate` - If enabled, when the agent receives a TERM signal,
* <a id="leave_on_terminate"></a>`leave_on_terminate` - If enabled, when the agent receives a TERM signal,
it will send a `Leave` message to the rest of the cluster and gracefully
leave. Defaults to false.
* `log_level` - Equivalent to the `-log-level` command-line flag.
* `log_level` - Equivalent to the [`-log-level` command-line flag](#log_level).
* `node_name` - Equivalent to the `-node` command-line flag.
* `node_name` - Equivalent to the [`-node` command-line flag](#node).
* `ports` - This is a nested object that allows setting the bind ports
for the following keys:
@ -376,37 +378,37 @@ definitions support being updated during a reload.
* `serf_wan` - The Serf WAN port. Default 8302.
* `server` - Server RPC address. Default 8300.
* `protocol` - Equivalent to the `-protocol` command-line flag.
* `protocol` - Equivalent to the [`-protocol` command-line flag](#protocol).
* `recursor` - Provides a single recursor address. This has been deprecated, and
the value is appended to the `recursors` list for backwards compatibility.
the value is appended to the [`recursors`](#recursors) list for backwards compatibility.
* `recursors` - This flag provides addresses of upstream DNS servers that are used to
* <a id="recursors"></a>`recursors` - This flag provides addresses of upstream DNS servers that are used to
recursively resolve queries if they are not inside the service domain for consul. For example,
a node can use Consul directly as a DNS server, and if the record is outside of the "consul." domain,
the query will be resolved upstream.
* `rejoin_after_leave` - Equivalent to the `-rejoin` command-line flag.
* `rejoin_after_leave` - Equivalent to the [`-rejoin` command-line flag](#rejoin).
* `retry_join` - Equivalent to the `-retry-join` command-line flag. Takes a list
* `retry_join` - Equivalent to the [`-retry-join` command-line flag](#retry_join). Takes a list
of addresses to attempt joining every `retry_interval` until at least one
join works.
[`-join`](#join) works.
* `retry_interval` - Equivalent to the `-retry-interval` command-line flag.
* `retry_interval` - Equivalent to the [`-retry-interval` command-line flag](#retry_interval).
* `retry_join_wan` - Equivalent to the `-retry-join-wan` command-line flag. Takes a list
of addresses to attempt joining to WAN every `retry_interval_wan` until at least one
`-join-wan works.
* `retry_join_wan` - Equivalent to the [`-retry-join-wan` command-line flag](#retry_join_wan). Takes a list
of addresses to attempt joining to WAN every [`retry_interval_wan`](#retry_interval_wan) until at least one
[`-join-wan`](#join_wan) works.
* `retry_interval_wan` - Equivalent to the `-retry-interval-wan` command-line flag.
* `retry_interval_wan` - Equivalent to the [`-retry-interval-wan` command-line flag](#retry_interval_wan).
* `server` - Equivalent to the `-server` command-line flag.
* `server` - Equivalent to the [`-server` command-line flag](#server).
* `server_name` - When provided, this overrides the `node_name` for the TLS certificate.
It can be used to ensure that the certificate name matches the hostname we
declare.
* `skip_leave_on_interrupt` - This is similar to `leave_on_terminate` but
* `skip_leave_on_interrupt` - This is similar to [`leave_on_terminate`](#leave_on_terminate) but
only affects interrupt handling. By default, an interrupt (such as hitting
Control-C in a shell) causes Consul to gracefully leave. Setting this to true
disables that. Defaults to false.
@ -415,7 +417,7 @@ definitions support being updated during a reload.
join upon startup.
* `start_join_wan` - An array of strings specifying addresses of WAN nodes to
`-join-wan` upon startup.
[`-join-wan`](#join_wan) upon startup.
* `statsd_addr` - This provides the address of a statsd instance. If provided,
Consul will send various telemetry information to that instance for aggregation.
@ -427,10 +429,10 @@ definitions support being updated during a reload.
This can be used to capture runtime information. This streams via
TCP and can only be used with statsite.
* `syslog_facility` - When `enable_syslog` is provided, this controls to which
* `syslog_facility` - When [`enable_syslog`](#enable_syslog) is provided, this controls to which
facility messages are sent. By default, `LOCAL0` will be used.
* `ui_dir` - Equivalent to the `-ui-dir` command-line flag.
* `ui_dir` - Equivalent to the [`-ui-dir`](#ui_dir) command-line flag.
* `unix_sockets` - This allows tuning the ownership and permissions of the
Unix domain socket files created by Consul. Domain sockets are only used if
@ -449,15 +451,15 @@ definitions support being updated during a reload.
important to test this feature on your specific distribution. This feature is
currently not functional on Windows hosts.
* `verify_incoming` - If set to true, Consul requires that all incoming
* <a id="verify_incoming"></a>`verify_incoming` - If set to true, Consul requires that all incoming
connections make use of TLS and that the client provides a certificate signed
by the Certificate Authority from the `ca_file`. By default, this is false, and
by the Certificate Authority from the [`ca_file`](#ca_file). By default, this is false, and
Consul will not enforce the use of TLS or verify a client's authenticity. This
only applies to Consul servers since a client never has an incoming connection.
* `verify_outgoing` - If set to true, Consul requires that all outgoing connections
* <a id="verify_outgoing"></a>`verify_outgoing` - If set to true, Consul requires that all outgoing connections
make use of TLS and that the server provides a certificate that is signed by
the Certificate Authority from the `ca_file`. By default, this is false, and Consul
the Certificate Authority from the [`ca_file`](#ca_file). By default, this is false, and Consul
will not make use of TLS for outgoing connections. This applies to clients and servers
as both will make outgoing connections.
@ -489,8 +491,7 @@ port.
* DNS Interface (Default 8600). Used to resolve DNS queries. TCP and UDP.
## Reloadable Configuration
<a id="reloadable-configuration"></a>
## <a id="reloadable-configuration"></a>Reloadable Configuration</a>
Reloading configuration does not reload all configuration items. The
items which are reloaded include:

Loading…
Cancel
Save