consul/website/content/commands/peering/generate-token.mdx

69 lines
3.0 KiB
Markdown

---
layout: commands
page_title: 'Commands: Peering Generate Token'
description: |
The `consul peering generate-token` command creates a peering token that clusters use to establish secure cluster peering connections.
---
# Consul Peering Generate Token
Command: `consul peering generate-token`
Corresponding HTTP API Endpoint: [\[POST\] /v1/peering/token](/consul/api-docs/peering#generate-a-peering-token)
The `peering generate-token` generates a peering token. The token is base 64-encoded string containing the token details.
This token should be transferred to the other cluster being peered and consumed using [`consul peering establish`](/consul/commands/peering/establish).
Generating a token and specifying the same local name associated with a previously-generated token does not affect active connections established with the original token. If the previously-generated token is not actively being used for a peer connection, however, it will become invalid when the new token with the same local name is generated.
The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication).
| ACL Required |
| ------------ |
| `peering:write` |
## Usage
Usage: `consul peering generate-token [options] -name <peer name>`
#### Command Options
- `-name=<string>` - (Required) Specifies a local name for the cluster that the token is intended for.
The `name` is only used to identify the connection with the peer.
Generating a token and specifying the same local name associated with a previously-generated token does not affect active connections established with the original token.
If the previously-generated token is not actively being used for a peer connection, however, it will become invalid when the new token with the same local name is generated.
- `-meta=<string>=<string>` - Specifies key/value pairs to associate with the peering connection token in `-meta="key"="value"` format. You can use the flag multiple times to set multiple metadata fields.
- `-server-external-addresses=<string>[,string,...]` - Specifies a comma-separated list of addresses
to put into the generated token. Addresses are of the form of `{host or IP}:port`.
You can specify one or more load balancers or external IPs that route external traffic to this cluster's Consul servers.
- `-format={pretty|json}` - Command output format. The default value is `pretty`.
#### Enterprise Options
@include 'http_api_partition_options.mdx'
#### API Options
@include 'http_api_options_client.mdx'
## Examples
The following example generates a peering token for a cluster called "cluster-02":
```shell-session hideClipboard
$ consul peering generate-token -name cluster-02
eyJDQSI6bnVs...5Yi0wNzk5NTA1YTRmYjYifQ==
```
### Using a Load Balancer for Consul Servers
The following example generates a token for a cluster where servers are proxied by a load balancer:
```shell-session hideClipboard
$ consul peering generate-token -server-external-addresses my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com -name cluster-02
eyJDQSI6bnVs...5Yi0wNzk5NTA1YTRmYjYifQ==
```