Refactor docs links to learn (#8490)

pull/8528/head
danielehc 2020-08-17 18:17:51 +02:00 committed by GitHub
parent bb6737dc60
commit f32b3d2cca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 45 additions and 45 deletions

View File

@ -145,8 +145,8 @@ On success, the Policy is returned:
```
The created policy can now be specified either by name or by ID when
[creating a token](https://learn.hashicorp.com/consul/security-networking/production-acls#create-the-agent-token). This will grant the rules
provided to the [bearer of that token](/api#authentication).
[creating a token](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production#create-the-agent-token).
This will grant the rules provided to the [bearer of that token](/api#authentication).
Below is a breakdown of each rule type.

View File

@ -18,7 +18,7 @@ The ACL is [Capability-based](https://en.wikipedia.org/wiki/Capability-based_sec
are associated with policies to determine which fine grained rules can be applied. Consul's capability based
ACL system is very similar to the design of [AWS IAM](https://aws.amazon.com/iam/).
To learn how to setup the ACL system on an existing Consul datacenter, use the [Bootstrapping The ACL System guide](https://learn.hashicorp.com/consul/day-0/acl-guide?utm_source=consul.io&utm_medium=docs).
To learn how to setup the ACL system on an existing Consul datacenter, use the [Bootstrapping The ACL System tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup?utm_source=consul.io&utm_medium=docs).
## ACL System Overview
@ -62,7 +62,7 @@ Consul operators via Consul's [ACL API](/api/acl/acl),
[HashiCorp's Vault](https://www.vaultproject.io/docs/secrets/consul).
If the ACL system becomes inoperable, you can follow the
[reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=consul.io&utm_medium=docs) at any time.
[reset procedure](https://learn.hashicorp.com/tutorials/consul/access-control-troubleshoot#reset-the-acl-system) at any time.
### ACL Policies
@ -292,7 +292,7 @@ system, or accessing Consul in special situations:
| ------------------------------------------------------------------------ | ---------- | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [`acl.tokens.agent_master`](/docs/agent/options#acl_tokens_agent_master) | `OPTIONAL` | `OPTIONAL` | Special token that can be used to access [Agent API](/api/agent) when remote bearer token resolution fails; used for setting up the cluster such as doing initial join operations, see the [ACL Agent Master Token](#acl-agent-master-token) section for more details |
| [`acl.tokens.agent`](/docs/agent/options#acl_tokens_agent) | `OPTIONAL` | `OPTIONAL` | Special token that is used for an agent's internal operations, see the [ACL Agent Token](#acl-agent-token) section for more details |
| [`acl.tokens.master`](/docs/agent/options#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, see the [Bootstrapping ACLs](https://learn.hashicorp.com/consul/advanced/day-1-operations/acl-guide) guide for more details |
| [`acl.tokens.master`](/docs/agent/options#acl_tokens_master) | `OPTIONAL` | `N/A` | Special token used to bootstrap the ACL system, check the [Bootstrapping ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) tutorial for more details |
| [`acl.tokens.default`](/docs/agent/options#acl_tokens_default) | `OPTIONAL` | `OPTIONAL` | Default token to use for client requests where no token is supplied; this is often configured with read-only access to services to enable DNS service discovery on agents |
All of these tokens except the `master` token can all be introduced or updated via the [/v1/agent/token API](/api/agent#update-acl-tokens).
@ -336,5 +336,5 @@ The `service_prefix` policy needs read access for any services that can be regis
## Next Steps
Setup ACLs with the [Bootstrapping the ACL System guide](https://learn.hashicorp.com/consul/security-networking/production-acls?utm_source=consul.io&utm_medium=docs) or continue reading about
Setup ACLs with the [Bootstrapping the ACL System tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production?utm_source=consul.io&utm_medium=docs) or continue reading about
[ACL rules](/docs/acl/acl-rules).

View File

@ -68,4 +68,4 @@ communications, and agent communications with ACLs. When securing your cluster
you should configure the ACLs first. The ACL documentation introduces basic
concepts and syntax for the ACL system, and we recommend that you read it
before you begin [this
guide](https://learn.hashicorp.com/consul/security-networking/production-acls).
tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).

View File

@ -14,7 +14,7 @@ description: >-
One of the primary roles of the agent is management of system-level and application-level health
checks. A health check is considered to be application-level if it is associated with a
service. If not associated with a service, the check monitors the health of the entire node.
Review the [health checks guide](https://learn.hashicorp.com/consul/developer-discovery/health-checks) to get a more complete example on how to leverage health check capabilities in Consul.
Review the [health checks tutorial](https://learn.hashicorp.com/tutorials/consul/service-registration-health-checks) to get a more complete example on how to leverage health check capabilities in Consul.
A check is defined in a configuration file or added at runtime over the HTTP interface. Checks
created via the HTTP interface persist with that node.

View File

@ -387,7 +387,7 @@ Also make two services in the frontend namespace available over a custom port wi
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading an `ingress-gateway` config entry requires `service:read` on the `Name`
field of the config entry.

View File

@ -85,7 +85,7 @@ Config {
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading a `proxy-defaults` config entry requires no specific privileges.

View File

@ -73,7 +73,7 @@ Protocol = "http"
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading a `service-defaults` config entry requires `service:read` on itself.

View File

@ -167,7 +167,7 @@ referenced by their names throughout the other configuration entry kinds.
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading a `service-resolver` config entry requires `service:read` on itself.

View File

@ -260,7 +260,7 @@ Routes = [
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading a `service-router` config entry requires `service:read` on itself.

View File

@ -102,7 +102,7 @@ Splits = [
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading a `service-splitter` config entry requires `service:read` on itself.

View File

@ -438,7 +438,7 @@ and configure default certificates for mutual TLS. Also override the SNI and CA
## ACLs
Configuration entries may be protected by
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Reading a `terminating-gateway` config entry requires `service:read` on the `Name`
field of the config entry.

View File

@ -36,7 +36,7 @@ as the DNS server for a node and provide a
[`recursors`](/docs/agent/options#recursors) configuration so that non-Consul queries
can also be resolved. The last method is to forward all queries for the "consul."
domain to a Consul agent from the existing DNS server. Review the
[DNS Forwarding guide](https://learn.hashicorp.com/consul/security-networking/forwarding?utm_source=consul.io&utm_medium=docs) for examples.
[DNS Forwarding tutorial](https://learn.hashicorp.com/tutorials/consul/dns-forwarding?utm_source=consul.io&utm_medium=docs) for examples.
You can experiment with Consul's DNS server on the command line using tools such as `dig`:
@ -283,8 +283,8 @@ are not truncated.
By default, all DNS results served by Consul set a 0 TTL value. This disables
caching of DNS results. However, there are many situations in which caching is
desirable for performance and scalability. This is discussed more in the guide
for [DNS caching](https://learn.hashicorp.com/consul/security-networking/dns-caching).
desirable for performance and scalability. This is discussed more in the tutorial
for [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching).
## WAN Address Translation

View File

@ -14,9 +14,9 @@ The Consul agent supports encrypting all of its network traffic. The exact
method of encryption is described on the [encryption internals page](/docs/internals/security).
There are two separate encryption systems, one for gossip traffic and one for RPC.
To configure the encryption systems on a new cluster, review this following guides to
[enable gossip encryption](https://learn.hashicorp.com/consul/security-networking/agent-encryption?utm_source=consul.io&utm_medium=docs) and
[TLS encryption for agent communication](https://learn.hashicorp.com/consul/security-networking/certificates?utm_source=consul.io&utm_medium=docs).
To configure the encryption systems on a new cluster, review this following tutorials to
[enable gossip encryption](https://learn.hashicorp.com/tutorials/consul/gossip-encryption-secure?utm_source=consul.io&utm_medium=docs) and
[TLS encryption for agent communication](https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure?utm_source=consul.io&utm_medium=docs).
## Gossip Encryption
@ -62,7 +62,7 @@ order to send and receive cluster information.
## Configuring Gossip Encryption on an existing cluster
As of version 0.8.4, Consul supports upshifting to encrypted gossip on a running cluster
through the following process. Review this [step-by-step guide](https://learn.hashicorp.com/consul/security-networking/agent-encryption#enable-gossip-encryption-existing-cluster)
through the following process. Review this [step-by-step tutorial](https://learn.hashicorp.com/tutorials/consul/gossip-encryption-secure#enable-gossip-encryption-existing-cluster)
to encrypt gossip on an existing cluster.
## RPC Encryption with TLS
@ -71,7 +71,7 @@ Consul supports using TLS to verify the authenticity of servers and clients. To
Consul requires that all clients and servers have key pairs that are generated by a single
Certificate Authority. This can be a private CA, used only internally. The
CA then signs keys for each of the agents, as in
[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/consul/security-networking/certificates).
[this tutorial on generating both a CA and signing keys](https://learn.hashicorp.com/tutorials/consul/tls-encryption-secure).
~> Certificates need to be created with x509v3 extendedKeyUsage attributes for both clientAuth and serverAuth since Consul uses a single cert/key pair for both server and client communications.
@ -109,6 +109,6 @@ and is secured using a symmetric key. See above for enabling gossip encryption.
As of version 0.8.4, Consul supports migrating to TLS-encrypted traffic on a running cluster
without downtime. This process assumes a starting point with no TLS settings configured and involves
an intermediate step in order to get to full TLS encryption. Review the
[Securing RPC Communication with TLS Encryption guide](https://learn.hashicorp.com/consul/security-networking/certificates)
[Securing RPC Communication with TLS Encryption tutorial](ps://learn.hashicorp.com/tutorials/consul/tls-encryption-secure)
for the step-by-step process to configure TLS on a new or existing cluster. Note the call outs there
for existing cluster configuration.

View File

@ -29,7 +29,7 @@ operations and maintain very little state of their own.
The agent is started with the [`consul agent`](/docs/commands/agent) command.
This command blocks, running forever or until told to quit. You can test a
local agent by following the
[Getting Started guides](https://learn.hashicorp.com/consul/getting-started/install?utm_source=consul.io&utm_medium=docs).
[Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs).
The agent command takes a variety of
[`configuration options`](/docs/agent/options#command-line-options), but most

View File

@ -23,7 +23,7 @@ Having a quorum of servers will decrease the risk of data loss if an outage
occurs.
If you have not used Consul KV, check out this [Getting Started
guide](https://learn.hashicorp.com/consul/getting-started/kv?utm_source=consul.io&utm_medium=docs) on HashiCorp
tutorial](https://learn.hashicorp.com/tutorials/consul/get-started-key-value-store?utm_source=consul.io&utm_medium=docs) on HashiCorp
Learn.
## Accessing the KV store
@ -31,7 +31,7 @@ Learn.
The KV store can be accessed by the [consul kv CLI
subcommands](/docs/commands/kv), [HTTP API](/api/kv), and Consul UI.
To restrict access, enable and configure
[ACLs](https://learn.hashicorp.com/consul/security-networking/production-acls).
[ACLs](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production).
Once the ACL system has been bootstrapped, users and services, will need a
valid token with KV [privileges](/docs/agent/acl-rules#key-value-rules) to
access the the data store, this includes even reads. We recommend creating a
@ -68,8 +68,8 @@ using the API and in shell scripts.
If you plan to use Consul KV as part of your configuration management process
review the [Consul
Template](https://learn.hashicorp.com/consul/developer-configuration/consul-template)
guide on how to update configuration based on value updates in the KV. Consul
Template](https://learn.hashicorp.com/tutorials/consul/consul-template)
tutorial on how to update configuration based on value updates in the KV. Consul
Template is based on Go Templates and allows for a series of scripted actions
to be initiated on value changes to a Consul key.
@ -90,10 +90,10 @@ increment to the `LockIndex` and the session value is updated to reflect the
session holding the lock. Review the session documentation for more information
on the [integration](/docs/internals/sessions#k-v-integration).
Review the following guides to learn how to use Consul sessions for [application leader election](https://learn.hashicorp.com/consul/developer-configuration/elections) and
to [build distributed semaphores](https://learn.hashicorp.com/consul/developer-configuration/semaphore).
Review the following tutorials to learn how to use Consul sessions for [application leader election](https://learn.hashicorp.com/tutorials/consul/application-leader-elections) and
to [build distributed semaphores](https://learn.hashicorp.com/tutorials/consul/distributed-semaphore).
### Vault
If you plan to use Consul KV as a backend for Vault, please review [this
guide](https://learn.hashicorp.com/vault/operations/ops-vault-ha-consul).
tutorial](https://learn.hashicorp.com/tutorials/vault/ha-with-consul).

View File

@ -41,8 +41,8 @@ documented below in the
configuration reload.
You can test the following configuration options by following the
[Getting Started](https://learn.hashicorp.com/consul/getting-started/install?utm_source=consul.io&utm_medium=docs)
guides to install a local agent.
[Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=consul.io&utm_medium=docs)
tutorials to install a local agent.
## Environment Variables
@ -442,8 +442,8 @@ The options below are all specified on the command-line.
- `-segment` ((#\_segment)) <EnterpriseAlert inline /> - This flag is used to set
the name of the network segment the agent belongs to. An agent can only join and
communicate with other agents within its network segment. See the [Network Segments
Guide](https://learn.hashicorp.com/consul/day-2-operations/network-segments) for
communicate with other agents within its network segment. Review the [Network Segments
tutorial](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters) for
more details. By default, this is an empty string, which is the default network
segment.
@ -699,7 +699,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients,
it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement
of ACLs. Please see the [ACL Guide](https://learn.hashicorp.com/consul/security-networking/production-acls) for more details.
of ACLs. Please review the [ACL tutorial](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production) for more details.
- `acl_default_policy` ((#acl_default_policy_legacy)) - **Deprecated in Consul 1.4.0. See the [`acl.default_policy`](#acl_default_policy) field instead.**
Either "allow" or "deny"; defaults to "allow". The default policy controls the
@ -759,7 +759,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `acl_replication_token` ((#acl_replication_token_legacy)) - **Deprecated
in Consul 1.4.0. See the [`acl.tokens.replication`](#acl_tokens_replication) field
instead.** Only used for servers outside the [`primary_datacenter`](#primary_datacenter)
running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/consul/day-2-operations/acl-replication)
running Consul 0.7 or later. When provided, this will enable [ACL replication](https://learn.hashicorp.com/tutorials/consul/access-control-replication-multiple-datacenters)
using this ACL replication using this token to retrieve and replicate the ACLs
to the non-authoritative local datacenter. In Consul 0.9.1 and later you can enable
ACL replication using [`enable_acl_replication`](#enable_acl_replication) and then
@ -877,7 +877,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
respected on bootstrapping. If they are not provided, the defaults will be used.
In order to change the value of these options after bootstrapping, you will need
to use the [Consul Operator Autopilot](/docs/commands/operator/autopilot)
command. For more information about Autopilot, see the [Autopilot Guide](https://learn.hashicorp.com/consul/day-2-operations/autopilot).
command. For more information about Autopilot, review the [Autopilot tutorial](https://learn.hashicorp.com/tutorials/consul/autopilot-datacenter-operations).
The following sub-keys are available:
@ -1292,7 +1292,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
equivalent to the [`max_stale`](#max_stale) configuration for DNS requests. If this value is zero (default), all service discovery HTTP endpoints are forwarded to the leader. If this value is greater than zero, any Consul server can handle the service discovery request. If a Consul server is behind the leader by more than `discovery_max_stale`, the query will be re-evaluated on the leader to get more up-to-date results. Consul agents also add a new `X-Consul-Effective-Consistency` response header which indicates if the agent did a stale read. `discover-max-stale` was introduced in Consul 1.0.7 as a way for Consul operators to force stale requests from clients at the agent level, and defaults to zero which matches default consistency behavior in earlier Consul versions.
- `dns_config` This object allows a number of sub-keys
to be set which can tune how DNS queries are serviced. See this guide on [DNS caching](https://learn.hashicorp.com/consul/security-networking/dns-caching) for more detail.
to be set which can tune how DNS queries are serviced. Check the tutorial on [DNS caching](https://learn.hashicorp.com/tutorials/consul/dns-caching) for more detail.
The following sub-keys are available:
@ -1554,7 +1554,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
only works with API endpoints, not `/ui` or `/debug`, those must be disabled
with their respective configuration options. Any CLI commands that use disabled
endpoints will no longer function as well. For more general access control, Consul's
[ACL system](https://learn.hashicorp.com/consul/security-networking/production-acls)
[ACL system](https://learn.hashicorp.com/tutorials/consul/access-control-setup-production)
should be used, but this option is useful for removing access to HTTP API endpoints
completely, or on specific agents. This is available in Consul 0.9.0 and later.
@ -1773,7 +1773,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
- `segments` <EnterpriseAlert inline /> - This is a list of nested objects
that allows setting the bind/advertise information for network segments. This can
only be set on servers. See the [Network Segments Guide](https://learn.hashicorp.com/consul/day-2-operations/network-segments)
only be set on servers. Review the [Network Segments tutorial](https://learn.hashicorp.com/tutorials/consul/network-partition-datacenters)
for more details.
- `name` ((#segment_name)) - The name of the segment. Must be a string

View File

@ -20,7 +20,7 @@ a health check. A health check is considered to be application level if it is
associated with a service. A service is defined in a configuration file
or added at runtime over the HTTP interface.
Use the [Getting Started guides](https://learn.hashicorp.com/consul/getting-started/services?utm_source=consul.io&utm_medium=docs) to get hands-on experience registering a simple service with a health check on your local machine.
Use the [Getting Started tutorials](https://learn.hashicorp.com/tutorials/consul/get-started-service-discovery?utm_source=consul.io&utm_medium=docs) to get hands-on experience registering a simple service with a health check on your local machine.
## Service Definition

View File

@ -20,13 +20,13 @@ it will dump the current telemetry information to the agent's `stderr`.
This telemetry information can be used for debugging or otherwise
getting a better view of what Consul is doing. Review the [Monitoring and
Metrics guide](https://learn.hashicorp.com/consul/day-2-operations/monitoring?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data.
Metrics tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-datacenter-health?utm_source=consul.io&utm_medium=docs) to learn how collect and interpret Consul data.
Additionally, if the [`telemetry` configuration options](/docs/agent/options#telemetry)
are provided, the telemetry information will be streamed to a
[statsite](http://github.com/armon/statsite) or [statsd](http://github.com/etsy/statsd) server where
it can be aggregated and flushed to Graphite or any other metrics store.
For a configuration example for Telegraf, review the [Monitoring with Telegraf guide](https://learn.hashicorp.com/consul/integrations/telegraf?utm_source=consul.io&utm_medium=docs).
For a configuration example for Telegraf, review the [Monitoring with Telegraf tutorial](https://learn.hashicorp.com/tutorials/consul/monitor-health-telegraf?utm_source=consul.io&utm_medium=docs).
This
information can also be viewed with the [metrics endpoint](/api/agent#view-metrics) in JSON