cdist-type__consul_agent - Man Page

Manage the consul agent

Optional Parameters

acl-datacenter: only used by servers. This designates the datacenter which is authoritative for ACL information.
acl-default-policy: either "allow" or "deny"; defaults to "allow". The default policy controls the behavior of a token when there is no matching rule.
acl-down-policy: either "allow", "deny" or "extend-cache"; "extend-cache" is the default.
acl-master-token: only used for servers in the acl_datacenter. This token will be created with management-level permissions if it does not exist. It allows operators to bootstrap the ACL system with a token ID that is well-known.
acl-token: when provided, the agent will use this token when making requests to the Consul servers.
acl-ttl: used to control Time-To-Live caching of ACLs.
bind-addr: sets the bind address for cluster communication
bootstrap-expect: sets server to expect bootstrap mode
ca-file-source: path to a PEM encoded certificate authority file which will be uploaded and configure using the ca_file config option.
cert-file-source: path to a PEM encoded certificate file which will be uploaded and configure using the cert_file config option.
client-addr: sets the address to bind for client access
datacenter: datacenter of the agent
encrypt: provides the gossip encryption key
group: the primary group for the agent
json-config: path to a partial json config file without leading { and trailing }. If json-config is '-' (dash), take what was written to stdin as the file content.
key-file-source: path to a PEM encoded private key file which will be uploaded and configure using the key_file config option.
node-name: name of this node. Must be unique in the cluster
retry-join: address to attempt joining every retry_interval until at least one join works. Can be specified multiple times.
user: the user to run the agent as
state: if the agent is 'present' or 'absent'. Defaults to 'present'. Currently state=absent is not working due to some dependency issues.

Boolean Parameters

disable-remote-exec: disables support for remote execution. When set to true, the agent will ignore any incoming remote exec requests.
disable-update-check: disables automatic checking for security bulletins and new version releases
leave-on-terminate: gracefully leave cluster on SIGTERM
rejoin-after-leave: rejoin the cluster using the previous state after leaving
server: used to control if an agent is in server or client mode
enable-syslog: enables logging to syslog
verify-incoming: enforce the use of TLS and verify a client's authenticity on incoming connections
verify-outgoing: enforce the use of TLS and verify the peers authenticity on outgoing connections
use-distribution-package: uses distribution package instead of upstream binary

Examples

# configure as server, bootstrap and rejoin
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
   --datacenter dc1 \
   --node-name "${hostname%%.*}" \
   --disable-update-check \
   --server \
   --rejoin-after-leave \
   --bootstrap-expect 3 \
   --retry-join consul-01 \
   --retry-join consul-02 \
   --retry-join consul-03

# configure as server, bootstrap and rejoin with ssl support
hostname="$(cat "$__global/explorer/hostname")"
__consul_agent \
   --datacenter dc1 \
   --node-name "${hostname%%.*}" \
   --disable-update-check \
   --server \
   --rejoin-after-leave \
   --bootstrap-expect 3 \
   --retry-join consul-01 \
   --retry-join consul-02 \
   --retry-join consul-03 \
   --ca-file-source /path/to/ca.pem \
   --cert-file-source /path/to/cert.pem \
   --key-file-source /path/to/key.pem \
   --verify-incoming \
   --verify-outgoing

# configure as client and try joining existing cluster
__consul_agent \
   --datacenter dc1 \
   --node-name "${hostname%%.*}" \
   --disable-update-check \
   --retry-join consul-01 \
   --retry-join consul-02 \
   --retry-join consul-03

Authors

Steven Armstrong <steven-cdist--@--armstrong.cc>

Copyright (C) 2015 Steven Armstrong. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.