Commit Graph

148 Commits (2ad834ddb6c5cc613da9f0881b13871332776408)

Author SHA1 Message Date
Kyle Havlovitz 340a234361 Update docs for prometheus TLS options 2022-06-27 09:33:27 -07:00
David Yu d870928197
docs: Use "error" to use standard log level value (#13507)
* docs: Use "error" to use standard log level value
2022-06-20 16:07:38 -07:00
Blake Covarrubias 4c0f840c89 docs: Clarify version restriction for snapshot restore
Clarify that Consul snapshots must be restored into clusters running
the same version as the cluster from where the snapshot was taken.
2022-05-10 10:50:37 -07:00
Jared Kirschner 05d1f59720
Merge pull request #12366 from hashicorp/docs/uri-decode-resource-names-for-http-api
Document API ability to URL-decode resource names
2022-05-10 11:54:38 -04:00
Jared Kirschner a5354b50fb Document API ability to URL-decode resource names
All Consul HTTP API endpoints now URL-decode resource names specified in the
path, enabling resource names containing URL-invalid characters to be used
in HTTP API requests if URL-encoded into the path.

Functionality implemented in Github Pull Requests:
- #11335
- #11957
- #12103
- #12190
- #12297

Also documents CLI accepting URL-invalid resource names.

All Consul HTTP API endpoints now URL-decode resource names specified in the
path, enabling resource names containing URL-invalid characters to be used
in HTTP API requests if URL-encoded into the path. The Consul HTTP API always
supported URL-decoding of query parameters.

The CLI automatically URL-encodes arguments which are inserted as resource
names in the URL path, enabling the CLI to also interact with resource names
that contain URL-invalid characters.
2022-05-10 08:45:58 -07:00
Blake Covarrubias a78015c5fd
docs: Redirect /docs/security/acl/acl-system (#12975)
/docs/security/acl/acl-system was renamed in e9a42df from PR #12460 to
/docs/security/acl. A corresponding redirect was not added for this
page, resulting in a 404 being returned when accessing the old URL
path.

This commit redirects the former URL path to the new location, and
also updates all links on the site to point to the new location.
2022-05-09 09:04:23 -07:00
Jared Kirschner 1da37d87b2 docs: use correct previous name of recovery token 2022-04-19 20:26:06 -07:00
Natalie Smith 0a51e145c1 docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
Natalie Smith ddae7d18a2 docs: fix external links to agent config pages 2022-04-11 17:38:11 -07:00
Kyle Havlovitz 763f728df4 Add doc examples for expanded token read CLI and API 2022-03-31 15:03:41 -07:00
Bryce Kalow 6bf67b7ef4
website: redirect /api to /api-docs (#12660) 2022-03-30 16:16:26 -05:00
mrspanishviking 7180c99960
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 4151dc097a fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 9cc9122be8 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 76d55ac2b4 merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
trujillo-adam 7e98a0dc7b fixing merge conflicts 2022-03-01 09:08:20 -08:00
Daniel Nephin 53ae4b3e2c debug: update CLI docs
To clarify how trace is captured.

Also remove the minimum seconds check, because that is already done in prepare()
2022-02-15 18:16:12 -05:00
mrspanishviking ed586ade37
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-02-01 15:08:23 -07:00
Ricardo Oliveira c4ea922958
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-02-01 17:20:20 +00:00
Ricardo Oliveira db9c6acf04
Update redirect-traffic.mdx 2022-02-01 17:10:49 +00:00
Blake Covarrubias 2f291df412 docs: Clarify docs for providing multiple join addresses
Rephrase the comment about specifying multiple join addresses to
clarify that it pertains to joining a single cluster by attempting to
contact one or more nodes.
2022-01-26 13:11:51 -08:00
Blake Covarrubias f09aea524f Fix spelling errors 2022-01-20 08:54:23 -08:00
Blake Covarrubias 59394e4aa2 docs: Avoid redirects by pointing links to new URLs
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias 82b88dbc6e docs: Link to supported config kinds in `config write`
Remove statement about service-defaults and proxy-defaults being the
only supported configuration entry types. Update the sentence to point
to the configuration entry documentation for a list of supported
types.
2022-01-19 15:19:05 -08:00
Blake Covarrubias f273cfdc67
docs: Use long form of CLI flags (#12030)
Use long form of CLI flags in all example commands.

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-01-12 15:05:01 -08:00
Matt Siegel f8bb804d36
Merge branch 'main' into msiege2/docs-day 2022-01-11 16:16:41 -05:00
Matt Siegel 565bfce4ac Added some missing ACL info, updated details around some permissions, added missing HTTP API refs 2022-01-11 09:41:54 -05:00
Matt Siegel f7b1208fc3 Fixed absolute links to HTTP apis. 2022-01-11 08:26:58 -05:00
Natalie Smith 24c67f2dfa docs: simplify agent docs slugs 2022-01-10 17:37:18 -08:00
Natalie Smith 00c2444cfc docs: fix external links to agent config pages 2022-01-10 17:11:50 -08:00
Daniel Nephin 3b74497040 docs: move the ACL 'Authorization' section
This section was actually about authentication (not authorization).

We already have sections in our api and cli docs. This commit removes the section and replaces
it with a short paragraph in the Tokens section which links to the existing docs.
2022-01-10 17:10:39 -05:00
Matt Siegel 33933f8a33 Added ACL requirements for CLI commands 2022-01-10 16:44:56 -05:00
Matt Siegel bfb88306f6 Added Corresponding HTTP API Endpoints for every CLI command 2022-01-10 12:40:11 -05:00
Daniel Upton 0e5c1c349c Incorporate feedback from @jkirschner-hashicorp and @karl-cardenas-coding 2022-01-10 15:53:41 +00:00
Daniel Upton 021537c837 docs: call out `kv export` and the transaction API 2022-01-10 13:51:35 +00:00
Daniel Upton 2dc05b4017 docs: improve kv get examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Format inline flags as code using backticks
2022-01-10 13:40:24 +00:00
Daniel Upton ce55cb70b8 docs: call out `kv import` and the transaction API 2022-01-10 12:30:28 +00:00
Daniel Upton 8630f03130 docs: improve read/scanability of kv put examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Add an example of supplying data in a heredoc
- Move the flags section to the bottom to clearly separate it from CAS
  which also mentions "flags" of a different kind
- Slight re-wording for clarity
2022-01-10 12:15:59 +00:00
Daniel Upton c9c34d0e76 docs: fix placement of warning in kv put example 2022-01-10 11:40:25 +00:00
Blake Covarrubias e898cf1d41
cli: Show node identities in acl token list output (#11926)
Fix the pretty CLI output of `consul acl token list` so that it
properly displays node identities that are associated with a token.
2022-01-04 12:44:43 -08:00
Blake Covarrubias 09cc3338d4
Document /v1/agent/force-leave prune and wan params (#11886)
Document prune parameter added in #6571 and wan parameter added in
#11722.

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-12-20 15:56:13 -08:00
Freddy 77892c1fcc
Remove beta notice from cli doc (#11878) 2021-12-17 09:52:59 -08:00
Mark Anderson 9806b7c268
Website fixups for admin partitions (#11842)
* Website fixups for admin partitions

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-12-14 17:55:21 -08:00
Freddy 0913644141
Update stray ref to old admin-partition cmd (#11797) 2021-12-09 19:10:01 -07:00
Freddy ff1e71efec
Merge pull request #11682 from hashicorp/ap/renames 2021-12-03 17:35:38 -07:00
Dan Upton bf56a2c495
Rename `agent_master` ACL token in the API and CLI (#11669) 2021-12-02 17:05:27 +00:00
freddygv 7efe3d8c77 Rename partition CLI command 2021-11-29 12:20:51 -07:00
Daniel Nephin a631378008
Merge pull request #11468 from hashicorp/dnephin/acl-docs-namespace-rules
docs: update docs about namespace default policy/role
2021-11-26 14:00:30 -05:00
Daniel Nephin 7bfe50a914 docs: update docs about namespace default policy/role
To include details about the permissions the ACL token must have to perform the request.
2021-11-26 13:47:45 -05:00
trujillo-adam 3ffa05495e
Merge pull request #11307 from hashicorp/docs/admin-partitions-cli-v1.11.0
admin partition docs part 1 - cli
2021-11-02 14:44:43 -07:00
Daniel Upton d47b7311b8
Support Check-And-Set deletion of config entries (#11419)
Implements #11372
2021-11-01 16:42:01 +00:00
trujillo-adam 138f9f31e6
Apply suggestions from code review
fixed typos

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-11-01 08:08:04 -07:00
Chris S. Kim ff6a33511e
docs: Document datacenter limitations for admin partitions (#11425) 2021-10-26 15:35:39 -04:00
Karl Cardenas 8e1bfbae56
docs: added deprecation message to CLI command intentions overview page 2021-10-21 10:29:23 -07:00
trujillo-adam 12473899c7 applying cfeedback left in comments 2021-10-19 16:19:40 -07:00
trujillo-adam b1d73bee0a
Apply suggestions from code review
Applying some of the feedback from review

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-10-19 15:27:23 -07:00
trujillo-adam 44fd6b6638
Update website/content/commands/admin-partition.mdx
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-10-19 13:36:43 -07:00
trujillo-adam d3e3d70fbd admin partition docs part 1 - cli 2021-10-13 15:37:01 -07:00
Evan Culver df4bc6a924
Update default version in command docs 2021-10-01 11:13:34 -07:00
Freddy 8d83d27674
connect: update envoy supported versions to latest patch release
(#10961)

Relevant advisory: 
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
2021-08-31 10:39:18 -06:00
Daniel Nephin 26ef0df458 docs: update CLI reference docs for debug
the cluster target was renamed to members.
2021-08-18 12:29:34 -04:00
Blake Covarrubias 8aa89c2c12
docs: Clarify ingress gateway's -address flag (#10810)
Clarify the function of `-address` flag when instantiating an ingress
gateway.

Resolves #9849

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-08-12 14:56:07 -07:00
Mark Anderson d3cebbd32c
Fixup to support unix domain socket via command line (#10758)
Missed the need to add support for unix domain socket config via
api/command line. This is a variant of the problems described in
it is easy to drop one.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-08-12 10:05:22 -07:00
Blake Covarrubias 99b1d8ed8c docs: Update code blocks across website
* Use CodeTabs for examples in multiple formats.
* Ensure correct language on code fences.
* Use CodeBlockConfig for examples with filenames, or which need
highlighted content.
2021-08-11 13:20:03 -07:00
Blake Covarrubias 17e18df81e
docs: Document supported `consul connect` env vars (#10667)
Document the ability to specify `-sidecar-for` and `-proxy-id` flags
via environment variables.
2021-08-02 12:50:51 -07:00
Blake Covarrubias 26738ac65e docs: Add version callout for `kv import -prefix`
Add a sentence stating the version of Consul that introduced the
`-prefix` option for `consul kv import`.

Resolves #10172
2021-07-26 09:45:24 -07:00
Blake Covarrubias 832896ed11 docs: Fix spelling errors across website 2021-07-19 14:29:54 -07:00
Iryna Shustava 95305881ce
cli/sdk: Allow applying redirect-traffic rules in a provided Linux namespace (#10564) 2021-07-13 10:05:48 -06:00
Matt Keeler 76857dd682
Update 1.10 enterprise upgrade docs. (#10446)
Co-authored-by: Paul Banks <banks@banksco.de>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
2021-06-22 14:39:11 -04:00
Dhia Ayachi 005ad9e46d
generate a single debug file for a long duration capture (#10279)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 13:00:51 -04:00
Matt Keeler af3ffdf4c8
Add license inspect command documentation and changelog (#10351)
Also reformatted another changelog entry.
2021-06-04 14:33:13 -04:00
Matt Keeler c5dc729dda
Follow on to PR 10336 (#10343)
There was some PR feedback that came in just after I merged that other PR. This addresses that feedback.
2021-06-03 12:29:41 -04:00
Matt Keeler 4222242f1c Add licensing information to snapshot agent docs. 2021-06-03 10:48:16 -04:00
Matt Keeler aeaeec15e8 Add deprecation/removal notices regarding the APIs/CLI commands for licensing that are going away.
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-06-03 10:48:16 -04:00
Blake Covarrubias 2196262eab docs: Clarify set-agent-token token persistence behavior
Clarify that tokens configured via `set-agent-token` will not be
persisted if `acl.enable_token_persistence` is `false`.
2021-05-31 16:08:43 -07:00
Dhia Ayachi e527c191ae docs: Add example ACL policy for snapshot agent
Co-Authored-By: Blake Covarrubias <blake@covarrubi.as>
2021-05-20 14:41:29 -04:00
R.B. Boyer 3b50a55533
connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231) 2021-05-12 14:06:06 -05:00
Daniel Nephin 2628974692
Update website/content/commands/config/delete.mdx
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2021-05-06 14:04:26 -04:00
Daniel Nephin 583850e9d4 docs: remove name field from Mesh config entry
Also document the name of these config entries in the API docs, so that
users know how to query for them.

And fix the name of mesh on the index page.
2021-05-06 13:25:32 -04:00
R.B. Boyer abc1dc0fe9
connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
The only thing that needed fixing up pertained to this section of the 1.18.x release notes:

> grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default.

Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.
2021-04-29 15:22:03 -05:00
Iryna Shustava 8dffb89131
Implement traffic redirection exclusion based on proxy config and user-provided values (#10134)
* Use proxy outbound port from TransparentProxyConfig if provided
* If -proxy-id is provided to the redirect-traffic command, exclude any listener ports
  from inbound traffic redirection. This includes envoy_prometheus_bind_addr,
  envoy_stats_bind_addr, and the ListenerPort from the Expose configuration.
* Allow users to provide additional inbound and outbound ports, outbound CIDRs
  and additional user IDs to be excluded from traffic redirection.
  This affects both the traffic-redirect command and the iptables SDK package.
2021-04-29 09:21:15 -07:00
Paul Banks d717d2cdc4
CLI: Allow snapshot inspect to work on internal raft snapshots directly. (#10089)
* CLI: Add support for reading internal raft snapshots to snapshot inspect

* Add snapshot inspect test for raw state files

* Add changelog entry

* Update .changelog/10089.txt
2021-04-23 16:17:08 +01:00
Freddy 8b8c3c1992
Add docs for transparent proxy mode and config (#10038)
Add docs for transparent proxy mode and config

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
2021-04-16 12:50:02 -07:00
Iryna Shustava 5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Zachary Shilton 8671762474
website: implement mktg 032 (#9953)
* website: migrate to new nav-data format

* website: clean up unused intro content

* website: remove deprecated sidebar_title from frontmatter

* website: add react-content to fix global style import issue
2021-04-07 15:50:38 -04:00
Ranjandas 7857c5746f Document agent token policy requirement for rexec
The Agent token policy when using rexec should have `write` on "_rexec"
key prefix. Updated the exec command documentation to explicitly state
this requirement.
2021-03-23 15:51:56 +11:00
Kyle Havlovitz 1e87c7183a
Merge pull request #9672 from hashicorp/ca-force-skip-xc
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-03-11 11:49:15 -08:00
Kyle Havlovitz d62565f368
Merge pull request #9792 from dzeban/kv-import-prefix
command/kv: Add prefix option to kv import command
2021-03-11 09:47:53 -08:00
Nitya Dhanushkodi 15e8b13891
Add flags to consul connect envoy for metrics merging. (#9768)
Allows setting -prometheus-backend-port to configure the cluster
envoy_prometheus_bind_addr points to.

Allows setting -prometheus-scrape-path to configure which path
envoy_prometheus_bind_addr exposes metrics on.

-prometheus-backend-port is used by the consul-k8s metrics merging feature, to
configure envoy_prometheus_bind_addr to point to the merged metrics
endpoint that combines Envoy and service metrics so that one set of
annotations on a Pod can scrape metrics from the service and it's Envoy
sidecar.

-prometheus-scrape-path is used to allow configurability of the path
where prometheus metrics are exposed on envoy_prometheus_bind_addr.
2021-03-04 16:15:47 -06:00
R.B. Boyer 398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
- Also add support for envoy 1.17.0
2021-02-26 16:23:15 -06:00
Alex Dzyoba 098fd1797b command/kv: Add prefix option to kv import command
Currently when data is imported via `consul kv import` it overwrites
keys under the root key. Since `consul kv export` can retrieve data for
the given prefix, i.e. part of the KV tree, importing it under root may
be not what users want.

To mirror prefix behavior from export this PR adds prefix feature to the
import command that adds prefix to all keys that are imported.
2021-02-19 14:07:25 +03:00
Preetha 4174bc4330
Add docs section on regenerating expired CA certificates (#9709)
* Updated docs on regenerating built in CA

* review feedback

* Add sentence about expected behavior after update CA endpoint is used.
2021-02-11 15:38:12 -06:00
R.B. Boyer 6eeccc93ce
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 (#9737) 2021-02-10 13:11:15 -06:00
Kyle Havlovitz 7dac583863 connect/ca: Allow ForceWithoutCrossSigning for all providers
This allows setting ForceWithoutCrossSigning when reconfiguring the CA
for any provider, in order to forcibly move to a new root in cases where
the old provider isn't reachable or able to cross-sign for whatever
reason.
2021-01-29 13:38:11 -08:00
Luke Kysow b6d7bf1243
Move cfg entry docs to under connect from agent (#9533)
Since all config entries are currently related to service mesh it's a
much more natural place to look for them under Service Mesh than under
Agent.
2021-01-13 12:48:48 -08:00
Michael Hofer 3c3b67288d
cli: Add consul intention list command (based on PR #6825) (#9468)
This PR is based on the previous work by @snuggie12 in PR #6825. It adds the command consul intention list to list all available intentions. The list functionality for intentions seems a bit overdue as it's just very handy. The web UI cannot list intentions outside of the default namespace, and using the API is sometimes not the friendliest option. ;)

I cherry picked snuggie12's commits who did most of the heavy lifting (thanks again @snuggie12 for your great work!). The changes in the original commit mostly still worked on the current HEAD. On top of that I added support for namespaces and fixed the docs as they are managed differently today. Also the requested changes related to the "Connect" references in the original PRs have been addressed.

Fixes #5652

Co-authored-by: Matt Hoey <mhoey05@jcu.edu>
2021-01-12 21:14:31 +01:00
Joel Watson ca265e1890 docs: add note about TMPDIR for snapshots 2021-01-06 12:56:40 -06:00
Jeff Escalante 582dce9d8f
maintenance complete, pending markdown-page component addition 2020-12-16 16:55:23 -05:00