1CDIST-TYPE__CONSUL_AGENT(7)          cdist         CDIST-TYPE__CONSUL_AGENT(7)
2
3
4

NAME

6       cdist-type__consul_agent - Manage the consul agent
7

DESCRIPTION

9       Configure and manage the consul agent.
10

REQUIRED PARAMETERS

12       None.
13

OPTIONAL PARAMETERS

15       acl-datacenter
16              only  used  by  servers. This designates the datacenter which is
17              authoritative for ACL information.
18
19       acl-default-policy
20              either "allow" or "deny"; defaults to "allow". The default  pol‐
21              icy  controls  the behavior of a token when there is no matching
22              rule.
23
24       acl-down-policy
25              either "allow", "deny" or "extend-cache"; "extend-cache" is  the
26              default.
27
28       acl-master-token
29              only  used for servers in the acl_datacenter. This token will be
30              created with management-level permissions if it does not  exist.
31              It  allows operators to bootstrap the ACL system with a token ID
32              that is well-known.
33
34       acl-token
35              when provided, the agent will use this  token  when  making  re‐
36              quests to the Consul servers.
37
38       acl-ttl
39              used to control Time-To-Live caching of ACLs.
40
41       bind-addr
42              sets the bind address for cluster communication
43
44       bootstrap-expect
45              sets server to expect bootstrap mode
46
47       ca-file-source
48              path  to  a PEM encoded certificate authority file which will be
49              uploaded and configure using the ca_file config option.
50
51       cert-file-source
52              path to a PEM encoded certificate file which  will  be  uploaded
53              and configure using the cert_file config option.
54
55       client-addr
56              sets the address to bind for client access
57
58       datacenter
59              datacenter of the agent
60
61       encrypt
62              provides the gossip encryption key
63
64       group  the primary group for the agent
65
66       json-config
67              path  to a partial json config file without leading { and trail‐
68              ing }.  If json-config is '-' (dash), take what was  written  to
69              stdin as the file content.
70
71       key-file-source
72              path  to  a  PEM encoded private key file which will be uploaded
73              and configure using the key_file config option.
74
75       node-name
76              name of this node. Must be unique in the cluster
77
78       retry-join
79              address to attempt joining every retry_interval until  at  least
80              one join works.  Can be specified multiple times.
81
82       user   the user to run the agent as
83
84       state  if  the  agent  is 'present' or 'absent'. Defaults to 'present'.
85              Currently state=absent is not working due to some dependency is‐
86              sues.
87

BOOLEAN PARAMETERS

89       disable-remote-exec
90              disables  support  for  remote  execution. When set to true, the
91              agent will ignore any incoming remote exec requests.
92
93       disable-update-check
94              disables automatic checking for security bulletins and new  ver‐
95              sion releases
96
97       leave-on-terminate
98              gracefully leave cluster on SIGTERM
99
100       rejoin-after-leave
101              rejoin the cluster using the previous state after leaving
102
103       server used to control if an agent is in server or client mode
104
105       enable-syslog
106              enables logging to syslog
107
108       verify-incoming
109              enforce the use of TLS and verify a client's authenticity on in‐
110              coming connections
111
112       verify-outgoing
113              enforce the use of TLS and verify the peers authenticity on out‐
114              going connections
115
116       use-distribution-package
117              uses distribution package instead of upstream binary
118

EXAMPLES

120          # configure as server, bootstrap and rejoin
121          hostname="$(cat "$__global/explorer/hostname")"
122          __consul_agent \
123             --datacenter dc1 \
124             --node-name "${hostname%%.*}" \
125             --disable-update-check \
126             --server \
127             --rejoin-after-leave \
128             --bootstrap-expect 3 \
129             --retry-join consul-01 \
130             --retry-join consul-02 \
131             --retry-join consul-03
132
133          # configure as server, bootstrap and rejoin with ssl support
134          hostname="$(cat "$__global/explorer/hostname")"
135          __consul_agent \
136             --datacenter dc1 \
137             --node-name "${hostname%%.*}" \
138             --disable-update-check \
139             --server \
140             --rejoin-after-leave \
141             --bootstrap-expect 3 \
142             --retry-join consul-01 \
143             --retry-join consul-02 \
144             --retry-join consul-03 \
145             --ca-file-source /path/to/ca.pem \
146             --cert-file-source /path/to/cert.pem \
147             --key-file-source /path/to/key.pem \
148             --verify-incoming \
149             --verify-outgoing
150
151          # configure as client and try joining existing cluster
152          __consul_agent \
153             --datacenter dc1 \
154             --node-name "${hostname%%.*}" \
155             --disable-update-check \
156             --retry-join consul-01 \
157             --retry-join consul-02 \
158             --retry-join consul-03
159

SEE ALSO

161       consul                documentation                at:               <‐
162       http://www.consul.io/docs/agent/options.html>.
163

AUTHORS

165       Steven Armstrong <steven-cdist--@--armstrong.cc>
166

COPYING

168       Copyright (C) 2015 Steven Armstrong. You  can  redistribute  it  and/or
169       modify  it  under  the  terms of the GNU General Public License as pub‐
170       lished by the Free Software Foundation, either version  3  of  the  Li‐
171       cense, or (at your option) any later version.
172

COPYRIGHT

174       ungleich GmbH 2021
175
176
177
178
1797.0.0                            Jul 31, 2022      CDIST-TYPE__CONSUL_AGENT(7)