1CDIST-TYPE__CONSUL_AGENT(7) cdist CDIST-TYPE__CONSUL_AGENT(7)
2
3
4
6 cdist-type__consul_agent - Manage the consul agent
7
9 Configure and manage the consul agent.
10
12 None.
13
15 acl-datacenter
16 only used by servers. This designates the datacenter which is
17 authoritative for ACL information.
18
19 acl-default-policy
20 either "allow" or "deny"; defaults to "allow". The default pol‐
21 icy controls the behavior of a token when there is no matching
22 rule.
23
24 acl-down-policy
25 either "allow", "deny" or "extend-cache"; "extend-cache" is the
26 default.
27
28 acl-master-token
29 only used for servers in the acl_datacenter. This token will be
30 created with management-level permissions if it does not exist.
31 It allows operators to bootstrap the ACL system with a token ID
32 that is well-known.
33
34 acl-token
35 when provided, the agent will use this token when making re‐
36 quests to the Consul servers.
37
38 acl-ttl
39 used to control Time-To-Live caching of ACLs.
40
41 bind-addr
42 sets the bind address for cluster communication
43
44 bootstrap-expect
45 sets server to expect bootstrap mode
46
47 ca-file-source
48 path to a PEM encoded certificate authority file which will be
49 uploaded and configure using the ca_file config option.
50
51 cert-file-source
52 path to a PEM encoded certificate file which will be uploaded
53 and configure using the cert_file config option.
54
55 client-addr
56 sets the address to bind for client access
57
58 datacenter
59 datacenter of the agent
60
61 encrypt
62 provides the gossip encryption key
63
64 group the primary group for the agent
65
66 json-config
67 path to a partial json config file without leading { and trail‐
68 ing }. If json-config is '-' (dash), take what was written to
69 stdin as the file content.
70
71 key-file-source
72 path to a PEM encoded private key file which will be uploaded
73 and configure using the key_file config option.
74
75 node-name
76 name of this node. Must be unique in the cluster
77
78 retry-join
79 address to attempt joining every retry_interval until at least
80 one join works. Can be specified multiple times.
81
82 user the user to run the agent as
83
84 state if the agent is 'present' or 'absent'. Defaults to 'present'.
85 Currently state=absent is not working due to some dependency is‐
86 sues.
87
89 disable-remote-exec
90 disables support for remote execution. When set to true, the
91 agent will ignore any incoming remote exec requests.
92
93 disable-update-check
94 disables automatic checking for security bulletins and new ver‐
95 sion releases
96
97 leave-on-terminate
98 gracefully leave cluster on SIGTERM
99
100 rejoin-after-leave
101 rejoin the cluster using the previous state after leaving
102
103 server used to control if an agent is in server or client mode
104
105 enable-syslog
106 enables logging to syslog
107
108 verify-incoming
109 enforce the use of TLS and verify a client's authenticity on in‐
110 coming connections
111
112 verify-outgoing
113 enforce the use of TLS and verify the peers authenticity on out‐
114 going connections
115
116 use-distribution-package
117 uses distribution package instead of upstream binary
118
120 # configure as server, bootstrap and rejoin
121 hostname="$(cat "$__global/explorer/hostname")"
122 __consul_agent \
123 --datacenter dc1 \
124 --node-name "${hostname%%.*}" \
125 --disable-update-check \
126 --server \
127 --rejoin-after-leave \
128 --bootstrap-expect 3 \
129 --retry-join consul-01 \
130 --retry-join consul-02 \
131 --retry-join consul-03
132
133 # configure as server, bootstrap and rejoin with ssl support
134 hostname="$(cat "$__global/explorer/hostname")"
135 __consul_agent \
136 --datacenter dc1 \
137 --node-name "${hostname%%.*}" \
138 --disable-update-check \
139 --server \
140 --rejoin-after-leave \
141 --bootstrap-expect 3 \
142 --retry-join consul-01 \
143 --retry-join consul-02 \
144 --retry-join consul-03 \
145 --ca-file-source /path/to/ca.pem \
146 --cert-file-source /path/to/cert.pem \
147 --key-file-source /path/to/key.pem \
148 --verify-incoming \
149 --verify-outgoing
150
151 # configure as client and try joining existing cluster
152 __consul_agent \
153 --datacenter dc1 \
154 --node-name "${hostname%%.*}" \
155 --disable-update-check \
156 --retry-join consul-01 \
157 --retry-join consul-02 \
158 --retry-join consul-03
159
161 consul documentation at: <‐
162 http://www.consul.io/docs/agent/options.html>.
163
165 Steven Armstrong <steven-cdist--@--armstrong.cc>
166
168 Copyright (C) 2015 Steven Armstrong. You can redistribute it and/or
169 modify it under the terms of the GNU General Public License as pub‐
170 lished by the Free Software Foundation, either version 3 of the Li‐
171 cense, or (at your option) any later version.
172
174 ungleich GmbH 2021
175
176
177
178
1796.9.8 Aug 24, 2021 CDIST-TYPE__CONSUL_AGENT(7)