1package config 2 3import ( 4 "fmt" 5 "net" 6 "reflect" 7 "strings" 8 "time" 9 10 "github.com/hashicorp/consul/agent/structs" 11 "github.com/hashicorp/consul/api" 12 "github.com/hashicorp/consul/lib" 13 "github.com/hashicorp/consul/tlsutil" 14 "github.com/hashicorp/consul/types" 15 "golang.org/x/time/rate" 16) 17 18type RuntimeSOAConfig struct { 19 Refresh uint32 // 3600 by default 20 Retry uint32 // 600 21 Expire uint32 // 86400 22 Minttl uint32 // 0, 23} 24 25// RuntimeConfig specifies the configuration the consul agent actually 26// uses. Is is derived from one or more Config structures which can come 27// from files, flags and/or environment variables. 28type RuntimeConfig struct { 29 // non-user configurable values 30 AEInterval time.Duration 31 32 CheckDeregisterIntervalMin time.Duration 33 CheckReapInterval time.Duration 34 SegmentLimit int 35 SegmentNameLimit int 36 SyncCoordinateRateTarget float64 37 SyncCoordinateIntervalMin time.Duration 38 Revision string 39 Version string 40 VersionPrerelease string 41 42 // consul config 43 ConsulCoordinateUpdateMaxBatches int 44 ConsulCoordinateUpdateBatchSize int 45 ConsulCoordinateUpdatePeriod time.Duration 46 ConsulRaftElectionTimeout time.Duration 47 ConsulRaftHeartbeatTimeout time.Duration 48 ConsulRaftLeaderLeaseTimeout time.Duration 49 ConsulServerHealthInterval time.Duration 50 51 // ACLDisabledTTL is used by agents to determine how long they will 52 // wait to check again with the servers if they discover ACLs are not 53 // enabled. (not user configurable) 54 // 55 // hcl: acl.disabled_ttl = "duration" 56 ACLDisabledTTL time.Duration 57 58 // ACLsEnabled is used to determine whether ACLs should be enabled 59 // 60 // hcl: acl.enabled = boolean 61 ACLsEnabled bool 62 63 // ACLAgentMasterToken is a special token that has full read and write 64 // privileges for this agent, and can be used to call agent endpoints 65 // when no servers are available. 66 // 67 // hcl: acl.tokens.agent_master = string 68 ACLAgentMasterToken string 69 70 // ACLAgentToken is the default token used to make requests for the agent 71 // itself, such as for registering itself with the catalog. If not 72 // configured, the 'acl_token' will be used. 73 // 74 // hcl: acl.tokens.agent = string 75 ACLAgentToken string 76 77 // ACLDatacenter is the central datacenter that holds authoritative 78 // ACL records. This must be the same for the entire cluster. 79 // If this is not set, ACLs are not enabled. Off by default. 80 // 81 // hcl: acl_datacenter = string 82 ACLDatacenter string 83 84 // ACLDefaultPolicy is used to control the ACL interaction when 85 // there is no defined policy. This can be "allow" which means 86 // ACLs are used to black-list, or "deny" which means ACLs are 87 // white-lists. 88 // 89 // hcl: acl.default_policy = ("allow"|"deny") 90 ACLDefaultPolicy string 91 92 // ACLDownPolicy is used to control the ACL interaction when we cannot 93 // reach the ACLDatacenter and the token is not in the cache. 94 // There are the following modes: 95 // * allow - Allow all requests 96 // * deny - Deny all requests 97 // * extend-cache - Ignore the cache expiration, and allow cached 98 // ACL's to be used to service requests. This 99 // is the default. If the ACL is not in the cache, 100 // this acts like deny. 101 // * async-cache - Same behavior as extend-cache, but perform ACL 102 // Lookups asynchronously when cache TTL is expired. 103 // 104 // hcl: acl.down_policy = ("allow"|"deny"|"extend-cache"|"async-cache") 105 ACLDownPolicy string 106 107 // DEPRECATED (ACL-Legacy-Compat) 108 // ACLEnforceVersion8 is used to gate a set of ACL policy features that 109 // are opt-in prior to Consul 0.8 and opt-out in Consul 0.8 and later. 110 // 111 // hcl: acl_enforce_version_8 = (true|false) 112 ACLEnforceVersion8 bool 113 114 // ACLEnableKeyListPolicy is used to opt-in to the "list" policy added to 115 // KV ACLs in Consul 1.0. 116 // 117 // See https://www.consul.io/docs/guides/acl.html#list-policy-for-keys for 118 // more details. 119 // 120 // hcl: acl.enable_key_list_policy = (true|false) 121 ACLEnableKeyListPolicy bool 122 123 // ACLMasterToken is used to bootstrap the ACL system. It should be specified 124 // on the servers in the ACLDatacenter. When the leader comes online, it ensures 125 // that the Master token is available. This provides the initial token. 126 // 127 // hcl: acl.tokens.master = string 128 ACLMasterToken string 129 130 // ACLReplicationToken is used to replicate data locally from the 131 // PrimaryDatacenter. Replication is only available on servers in 132 // datacenters other than the PrimaryDatacenter 133 // 134 // DEPRECATED (ACL-Legacy-Compat): Setting this to a non-empty value 135 // also enables legacy ACL replication if ACLs are enabled and in legacy mode. 136 // 137 // hcl: acl.tokens.replication = string 138 ACLReplicationToken string 139 140 // ACLtokenReplication is used to indicate that both tokens and policies 141 // should be replicated instead of just policies 142 // 143 // hcl: acl.token_replication = boolean 144 ACLTokenReplication bool 145 146 // ACLTokenTTL is used to control the time-to-live of cached ACL tokens. This has 147 // a major impact on performance. By default, it is set to 30 seconds. 148 // 149 // hcl: acl.policy_ttl = "duration" 150 ACLTokenTTL time.Duration 151 152 // ACLPolicyTTL is used to control the time-to-live of cached ACL policies. This has 153 // a major impact on performance. By default, it is set to 30 seconds. 154 // 155 // hcl: acl.token_ttl = "duration" 156 ACLPolicyTTL time.Duration 157 158 // ACLRoleTTL is used to control the time-to-live of cached ACL roles. This has 159 // a major impact on performance. By default, it is set to 30 seconds. 160 // 161 // hcl: acl.role_ttl = "duration" 162 ACLRoleTTL time.Duration 163 164 // ACLToken is the default token used to make requests if a per-request 165 // token is not provided. If not configured the 'anonymous' token is used. 166 // 167 // hcl: acl.tokens.default = string 168 ACLToken string 169 170 // ACLEnableTokenPersistence determines whether or not tokens set via the agent HTTP API 171 // should be persisted to disk and reloaded when an agent restarts. 172 ACLEnableTokenPersistence bool 173 174 // AutopilotCleanupDeadServers enables the automatic cleanup of dead servers when new ones 175 // are added to the peer list. Defaults to true. 176 // 177 // hcl: autopilot { cleanup_dead_servers = (true|false) } 178 AutopilotCleanupDeadServers bool 179 180 // AutopilotDisableUpgradeMigration will disable Autopilot's upgrade migration 181 // strategy of waiting until enough newer-versioned servers have been added to the 182 // cluster before promoting them to voters. (Enterprise-only) 183 // 184 // hcl: autopilot { disable_upgrade_migration = (true|false) 185 AutopilotDisableUpgradeMigration bool 186 187 // AutopilotLastContactThreshold is the limit on the amount of time a server can go 188 // without leader contact before being considered unhealthy. 189 // 190 // hcl: autopilot { last_contact_threshold = "duration" } 191 AutopilotLastContactThreshold time.Duration 192 193 // AutopilotMaxTrailingLogs is the amount of entries in the Raft Log that a server can 194 // be behind before being considered unhealthy. The value must be positive. 195 // 196 // hcl: autopilot { max_trailing_logs = int } 197 AutopilotMaxTrailingLogs int 198 199 // AutopilotMinQuorum sets the minimum number of servers required in a cluster 200 // before autopilot can prune dead servers. 201 // 202 //hcl: autopilot { min_quorum = int } 203 AutopilotMinQuorum uint 204 205 // AutopilotRedundancyZoneTag is the Meta tag to use for separating servers 206 // into zones for redundancy. If left blank, this feature will be disabled. 207 // (Enterprise-only) 208 // 209 // hcl: autopilot { redundancy_zone_tag = string } 210 AutopilotRedundancyZoneTag string 211 212 // AutopilotServerStabilizationTime is the minimum amount of time a server must be 213 // in a stable, healthy state before it can be added to the cluster. Only 214 // applicable with Raft protocol version 3 or higher. 215 // 216 // hcl: autopilot { server_stabilization_time = "duration" } 217 AutopilotServerStabilizationTime time.Duration 218 219 // AutopilotUpgradeVersionTag is the node tag to use for version info when 220 // performing upgrade migrations. If left blank, the Consul version will be used. 221 // 222 // (Enterprise-only) 223 // 224 // hcl: autopilot { upgrade_version_tag = string } 225 AutopilotUpgradeVersionTag string 226 227 // DNSAllowStale is used to enable lookups with stale 228 // data. This gives horizontal read scalability since 229 // any Consul server can service the query instead of 230 // only the leader. 231 // 232 // hcl: dns_config { allow_stale = (true|false) } 233 DNSAllowStale bool 234 235 // DNSARecordLimit is used to limit the maximum number of DNS Resource 236 // Records returned in the ANSWER section of a DNS response for A or AAAA 237 // records for both UDP and TCP queries. 238 // 239 // This is not normally useful and will be limited based on the querying 240 // protocol, however systems that implemented §6 Rule 9 in RFC3484 241 // may want to set this to `1` in order to subvert §6 Rule 9 and 242 // re-obtain the effect of randomized resource records (i.e. each 243 // answer contains only one IP, but the IP changes every request). 244 // RFC3484 sorts answers in a deterministic order, which defeats the 245 // purpose of randomized DNS responses. This RFC has been obsoleted 246 // by RFC6724 and restores the desired behavior of randomized 247 // responses, however a large number of Linux hosts using glibc(3) 248 // implemented §6 Rule 9 and may need this option (e.g. CentOS 5-6, 249 // Debian Squeeze, etc). 250 // 251 // hcl: dns_config { a_record_limit = int } 252 DNSARecordLimit int 253 254 // DNSDisableCompression is used to control whether DNS responses are 255 // compressed. In Consul 0.7 this was turned on by default and this 256 // config was added as an opt-out. 257 // 258 // hcl: dns_config { disable_compression = (true|false) } 259 DNSDisableCompression bool 260 261 // DNSDomain is the DNS domain for the records. Should end with a dot. 262 // Defaults to "consul." 263 // 264 // hcl: domain = string 265 // flag: -domain string 266 DNSDomain string 267 268 // DNSAltDomain can be set to support resolution on an additional 269 // consul domain. Should end with a dot. 270 // If left blank, only the primary domain will be used. 271 // 272 // hcl: alt_domain = string 273 // flag: -alt-domain string 274 DNSAltDomain string 275 276 // DNSEnableTruncate is used to enable setting the truncate 277 // flag for UDP DNS queries. This allows unmodified 278 // clients to re-query the consul server using TCP 279 // when the total number of records exceeds the number 280 // returned by default for UDP. 281 // 282 // hcl: dns_config { enable_truncate = (true|false) } 283 DNSEnableTruncate bool 284 285 // DNSMaxStale is used to bound how stale of a result is 286 // accepted for a DNS lookup. This can be used with 287 // AllowStale to limit how old of a value is served up. 288 // If the stale result exceeds this, another non-stale 289 // stale read is performed. 290 // 291 // hcl: dns_config { max_stale = "duration" } 292 DNSMaxStale time.Duration 293 294 // DNSNodeTTL provides the TTL value for a node query. 295 // 296 // hcl: dns_config { node_ttl = "duration" } 297 DNSNodeTTL time.Duration 298 299 // DNSOnlyPassing is used to determine whether to filter nodes 300 // whose health checks are in any non-passing state. By 301 // default, only nodes in a critical state are excluded. 302 // 303 // hcl: dns_config { only_passing = "duration" } 304 DNSOnlyPassing bool 305 306 // DNSRecursorTimeout specifies the timeout in seconds 307 // for Consul's internal dns client used for recursion. 308 // This value is used for the connection, read and write timeout. 309 // 310 // hcl: dns_config { recursor_timeout = "duration" } 311 DNSRecursorTimeout time.Duration 312 313 // DNSServiceTTL provides the TTL value for a service 314 // query for given service. The "*" wildcard can be used 315 // to set a default for all services. 316 // 317 // hcl: dns_config { service_ttl = map[string]"duration" } 318 DNSServiceTTL map[string]time.Duration 319 320 // DNSUDPAnswerLimit is used to limit the maximum number of DNS Resource 321 // Records returned in the ANSWER section of a DNS response for UDP 322 // responses without EDNS support (limited to 512 bytes). 323 // This parameter is deprecated, if you want to limit the number of 324 // records returned by A or AAAA questions, please use DNSARecordLimit 325 // instead. 326 // 327 // hcl: dns_config { udp_answer_limit = int } 328 DNSUDPAnswerLimit int 329 330 // DNSNodeMetaTXT controls whether DNS queries will synthesize 331 // TXT records for the node metadata and add them when not specifically 332 // request (query type = TXT). If unset this will default to true 333 DNSNodeMetaTXT bool 334 335 // DNSRecursors can be set to allow the DNS servers to recursively 336 // resolve non-consul domains. 337 // 338 // hcl: recursors = []string 339 // flag: -recursor string [-recursor string] 340 DNSRecursors []string 341 342 // DNSUseCache whether or not to use cache for dns queries 343 // 344 // hcl: dns_config { use_cache = (true|false) } 345 DNSUseCache bool 346 347 // DNSUseCache whether or not to use cache for dns queries 348 // 349 // hcl: dns_config { cache_max_age = "duration" } 350 DNSCacheMaxAge time.Duration 351 352 // HTTPBlockEndpoints is a list of endpoint prefixes to block in the 353 // HTTP API. Any requests to these will get a 403 response. 354 // 355 // hcl: http_config { block_endpoints = []string } 356 HTTPBlockEndpoints []string 357 358 // AllowWriteHTTPFrom restricts the agent write endpoints to the given 359 // networks. Any request to a protected endpoint that is not mactched 360 // by one of these networks will get a 403 response. 361 // An empty slice means no restriction. 362 // 363 // hcl: http_config { allow_write_http_from = []string } 364 AllowWriteHTTPFrom []*net.IPNet 365 366 // HTTPResponseHeaders are used to add HTTP header response fields to the HTTP API responses. 367 // 368 // hcl: http_config { response_headers = map[string]string } 369 HTTPResponseHeaders map[string]string 370 371 // Embed Telemetry Config 372 Telemetry lib.TelemetryConfig 373 374 // Datacenter is the datacenter this node is in. Defaults to "dc1". 375 // 376 // Datacenter is exposed via /v1/agent/self from here and 377 // used in lots of places like CLI commands. Treat this as an interface 378 // that must be stable. 379 // 380 // hcl: datacenter = string 381 // flag: -datacenter string 382 Datacenter string 383 384 // Defines the maximum stale value for discovery path. Defaults to "0s". 385 // Discovery paths are /v1/heath/ paths 386 // 387 // If not set to 0, it will try to perform stale read and perform only a 388 // consistent read whenever the value is too old. 389 // hcl: discovery_max_stale = "duration" 390 DiscoveryMaxStale time.Duration 391 392 // Node name is the name we use to advertise. Defaults to hostname. 393 // 394 // NodeName is exposed via /v1/agent/self from here and 395 // used in lots of places like CLI commands. Treat this as an interface 396 // that must be stable. 397 // 398 // hcl: node_name = string 399 // flag: -node string 400 NodeName string 401 402 // AdvertiseAddrLAN is the address we use for advertising our Serf, and 403 // Consul RPC IP. The address can be specified as an ip address or as a 404 // go-sockaddr template which resolves to a single ip address. If not 405 // specified, the bind address is used. 406 // 407 // hcl: advertise_addr = string 408 AdvertiseAddrLAN *net.IPAddr 409 410 // AdvertiseAddrWAN is the address we use for advertising our Serf, and 411 // Consul RPC IP. The address can be specified as an ip address or as a 412 // go-sockaddr template which resolves to a single ip address. If not 413 // specified, the bind address is used. 414 // 415 // hcl: advertise_addr_wan = string 416 AdvertiseAddrWAN *net.IPAddr 417 418 // BindAddr is used to control the address we bind to. 419 // If not specified, the first private IP we find is used. 420 // This controls the address we use for cluster facing 421 // services (Gossip, Server RPC) 422 // 423 // The value can be either an ip address or a go-sockaddr 424 // template which resolves to a single ip address. 425 // 426 // hcl: bind_addr = string 427 // flag: -bind string 428 BindAddr *net.IPAddr 429 430 // Bootstrap is used to bring up the first Consul server, and 431 // permits that node to elect itself leader 432 // 433 // hcl: bootstrap = (true|false) 434 // flag: -bootstrap 435 Bootstrap bool 436 437 // BootstrapExpect tries to automatically bootstrap the Consul cluster, by 438 // having servers wait to bootstrap until enough servers join, and then 439 // performing the bootstrap process automatically. They will disable their 440 // automatic bootstrap process if they detect any servers that are part of 441 // an existing cluster, so it's safe to leave this set to a non-zero value. 442 // 443 // hcl: bootstrap_expect = int 444 // flag: -bootstrap-expect=int 445 BootstrapExpect int 446 447 // CAFile is a path to a certificate authority file. This is used with 448 // VerifyIncoming or VerifyOutgoing to verify the TLS connection. 449 // 450 // hcl: ca_file = string 451 CAFile string 452 453 // CAPath is a path to a directory of certificate authority files. This is 454 // used with VerifyIncoming or VerifyOutgoing to verify the TLS connection. 455 // 456 // hcl: ca_path = string 457 CAPath string 458 459 // CertFile is used to provide a TLS certificate that is used for serving 460 // TLS connections. Must be provided to serve TLS connections. 461 // 462 // hcl: cert_file = string 463 CertFile string 464 465 // CheckUpdateInterval controls the interval on which the output of a health check 466 // is updated if there is no change to the state. For example, a check in a steady 467 // state may run every 5 second generating a unique output (timestamp, etc), forcing 468 // constant writes. This allows Consul to defer the write for some period of time, 469 // reducing the write pressure when the state is steady. 470 // 471 // See also: DiscardCheckOutput 472 // 473 // hcl: check_update_interval = "duration" 474 CheckUpdateInterval time.Duration 475 476 // Maximum size for the output of a healtcheck 477 // hcl check_output_max_size int 478 // flag: -check_output_max_size int 479 CheckOutputMaxSize int 480 481 // Checks contains the provided check definitions. 482 // 483 // hcl: checks = [ 484 // { 485 // id = string 486 // name = string 487 // notes = string 488 // service_id = string 489 // token = string 490 // status = string 491 // script = string 492 // args = string 493 // http = string 494 // header = map[string][]string 495 // method = string 496 // tcp = string 497 // interval = string 498 // docker_container_id = string 499 // shell = string 500 // tls_skip_verify = (true|false) 501 // timeout = "duration" 502 // ttl = "duration" 503 // deregister_critical_service_after = "duration" 504 // }, 505 // ... 506 // ] 507 Checks []*structs.CheckDefinition 508 509 // ClientAddrs contains the list of ip addresses the DNS, HTTP and HTTPS 510 // endpoints will bind to if the endpoints are enabled (ports > 0) and the 511 // addresses are not overwritten. 512 // 513 // The ip addresses must be provided as a space separated list of ip 514 // addresses and go-sockaddr templates. 515 // 516 // Client addresses cannot contain UNIX socket addresses since a socket 517 // cannot be shared across multiple endpoints (no ports). To use UNIX 518 // sockets configure it in 'addresses'. 519 // 520 // hcl: client_addr = string 521 // flag: -client string 522 ClientAddrs []*net.IPAddr 523 524 // ConfigEntryBootstrap contains a list of ConfigEntries to ensure are created 525 // If entries of the same Kind/Name exist already these will not update them. 526 ConfigEntryBootstrap []structs.ConfigEntry 527 528 // AutoEncryptTLS requires the client to acquire TLS certificates from 529 // servers. 530 AutoEncryptTLS bool 531 532 // Additional DNS SAN entries that clients request during auto_encrypt 533 // flow for their certificates. 534 AutoEncryptDNSSAN []string 535 536 // Additional IP SAN entries that clients request during auto_encrypt 537 // flow for their certificates. 538 AutoEncryptIPSAN []net.IP 539 540 // AutoEncryptAllowTLS enables the server to respond to 541 // AutoEncrypt.Sign requests. 542 AutoEncryptAllowTLS bool 543 544 // ConnectEnabled opts the agent into connect. It should be set on all clients 545 // and servers in a cluster for correct connect operation. 546 ConnectEnabled bool 547 548 // ConnectSidecarMinPort is the inclusive start of the range of ports 549 // allocated to the agent for asigning to sidecar services where no port is 550 // specified. 551 ConnectSidecarMinPort int 552 553 // ConnectSidecarMaxPort is the inclusive end of the range of ports 554 // allocated to the agent for asigning to sidecar services where no port is 555 // specified 556 ConnectSidecarMaxPort int 557 558 // ExposeMinPort is the inclusive start of the range of ports 559 // allocated to the agent for exposing checks through a proxy 560 ExposeMinPort int 561 562 // ExposeMinPort is the inclusive start of the range of ports 563 // allocated to the agent for exposing checks through a proxy 564 ExposeMaxPort int 565 566 // ConnectCAProvider is the type of CA provider to use with Connect. 567 ConnectCAProvider string 568 569 // ConnectCAConfig is the config to use for the CA provider. 570 ConnectCAConfig map[string]interface{} 571 572 // ConnectTestCALeafRootChangeSpread is used to control how long the CA leaf 573 // cache with spread CSRs over when a root change occurs. For now we don't 574 // expose this in public config intentionally but could later with a rename. 575 // We only set this from during tests to effectively make CA rotation tests 576 // deterministic again. 577 ConnectTestCALeafRootChangeSpread time.Duration 578 579 // DNSAddrs contains the list of TCP and UDP addresses the DNS server will 580 // bind to. If the DNS endpoint is disabled (ports.dns <= 0) the list is 581 // empty. 582 // 583 // The ip addresses are taken from 'addresses.dns' which should contain a 584 // space separated list of ip addresses and/or go-sockaddr templates. 585 // 586 // If 'addresses.dns' was not provided the 'client_addr' addresses are 587 // used. 588 // 589 // The DNS server cannot be bound to UNIX sockets. 590 // 591 // hcl: client_addr = string addresses { dns = string } ports { dns = int } 592 DNSAddrs []net.Addr 593 594 // DNSPort is the port the DNS server listens on. The default is 8600. 595 // Setting this to a value <= 0 disables the endpoint. 596 // 597 // hcl: ports { dns = int } 598 // flags: -dns-port int 599 DNSPort int 600 601 // DNSSOA is the settings applied for DNS SOA 602 // hcl: soa {} 603 DNSSOA RuntimeSOAConfig 604 605 // DataDir is the path to the directory where the local state is stored. 606 // 607 // hcl: data_dir = string 608 // flag: -data-dir string 609 DataDir string 610 611 // DefaultQueryTime is the amount of time a blocking query will wait before 612 // Consul will force a response. This value can be overridden by the 'wait' 613 // query parameter. 614 // 615 // hcl: default_query_time = "duration" 616 // flag: -default-query-time string 617 DefaultQueryTime time.Duration 618 619 // DevMode enables a fast-path mode of operation to bring up an in-memory 620 // server with minimal configuration. Useful for developing Consul. 621 // 622 // flag: -dev 623 DevMode bool 624 625 // DisableAnonymousSignature is used to turn off the anonymous signature 626 // send with the update check. This is used to deduplicate messages. 627 // 628 // hcl: disable_anonymous_signature = (true|false) 629 DisableAnonymousSignature bool 630 631 // DisableCoordinates controls features related to network coordinates. 632 // 633 // hcl: disable_coordinates = (true|false) 634 DisableCoordinates bool 635 636 // DisableHostNodeID will prevent Consul from using information from the 637 // host to generate a node ID, and will cause Consul to generate a 638 // random ID instead. 639 // 640 // hcl: disable_host_node_id = (true|false) 641 // flag: -disable-host-node-id 642 DisableHostNodeID bool 643 644 // DisableHTTPUnprintableCharFilter will bypass the filter preventing HTTP 645 // URLs from containing unprintable chars. This filter was added in 1.0.3 as a 646 // response to a vulnerability report. Disabling this is never recommended in 647 // general however some users who have keys written in older versions of 648 // Consul may use this to temporarily disable the filter such that they can 649 // delete those keys again! We do not recommend leaving it disabled long term. 650 // 651 // hcl: disable_http_unprintable_char_filter 652 DisableHTTPUnprintableCharFilter bool 653 654 // DisableKeyringFile disables writing the keyring to a file. 655 // 656 // hcl: disable_keyring_file = (true|false) 657 // flag: -disable-keyring-file 658 DisableKeyringFile bool 659 660 // DisableRemoteExec is used to turn off the remote execution 661 // feature. This is for security to prevent unknown scripts from running. 662 // 663 // hcl: disable_remote_exec = (true|false) 664 DisableRemoteExec bool 665 666 // DisableUpdateCheck is used to turn off the automatic update and 667 // security bulletin checking. 668 // 669 // hcl: disable_update_check = (true|false) 670 DisableUpdateCheck bool 671 672 // DiscardCheckOutput is used to turn off storing and comparing the 673 // output of health checks. This reduces the write rate on the server 674 // for checks with highly volatile output. (reloadable) 675 // 676 // See also: CheckUpdateInterval 677 // 678 // hcl: discard_check_output = (true|false) 679 DiscardCheckOutput bool 680 681 // EnableAgentTLSForChecks is used to apply the agent's TLS settings in 682 // order to configure the HTTP client used for health checks. Enabling 683 // this allows HTTP checks to present a client certificate and verify 684 // the server using the same TLS configuration as the agent (CA, cert, 685 // and key). 686 EnableAgentTLSForChecks bool 687 688 // EnableCentralServiceConfig controls whether the agent should incorporate 689 // centralized config such as service-defaults into local service registrations. 690 // 691 // hcl: enable_central_service_config = (true|false) 692 EnableCentralServiceConfig bool 693 694 // EnableDebug is used to enable various debugging features. 695 // 696 // hcl: enable_debug = (true|false) 697 EnableDebug bool 698 699 // EnableLocalScriptChecks controls whether health checks declared from the local 700 // config file which execute scripts are enabled. This includes regular script 701 // checks and Docker checks. 702 // 703 // hcl: (enable_script_checks|enable_local_script_checks) = (true|false) 704 // flag: -enable-script-checks, -enable-local-script-checks 705 EnableLocalScriptChecks bool 706 707 // EnableRemoeScriptChecks controls whether health checks declared from the http API 708 // which execute scripts are enabled. This includes regular script checks and Docker 709 // checks. 710 // 711 // hcl: enable_script_checks = (true|false) 712 // flag: -enable-script-checks 713 EnableRemoteScriptChecks bool 714 715 // EnableSyslog is used to also tee all the logs over to syslog. Only supported 716 // on linux and OSX. Other platforms will generate an error. 717 // 718 // hcl: enable_syslog = (true|false) 719 // flag: -syslog 720 EnableSyslog bool 721 722 // EnableUI enables the statically-compiled assets for the Consul web UI and 723 // serves them at the default /ui/ endpoint automatically. 724 // 725 // hcl: enable_ui = (true|false) 726 // flag: -ui 727 EnableUI bool 728 729 // EncryptKey contains the encryption key to use for the Serf communication. 730 // 731 // hcl: encrypt = string 732 // flag: -encrypt string 733 EncryptKey string 734 735 // EncryptVerifyIncoming enforces incoming gossip encryption and can be 736 // used to upshift to encrypted gossip on a running cluster. 737 // 738 // hcl: encrypt_verify_incoming = (true|false) 739 EncryptVerifyIncoming bool 740 741 // EncryptVerifyOutgoing enforces outgoing gossip encryption and can be 742 // used to upshift to encrypted gossip on a running cluster. 743 // 744 // hcl: encrypt_verify_outgoing = (true|false) 745 EncryptVerifyOutgoing bool 746 747 // GRPCPort is the port the gRPC server listens on. Currently this only 748 // exposes the xDS and ext_authz APIs for Envoy and it is disabled by default. 749 // 750 // hcl: ports { grpc = int } 751 // flags: -grpc-port int 752 GRPCPort int 753 754 // GRPCAddrs contains the list of TCP addresses and UNIX sockets the gRPC 755 // server will bind to. If the gRPC endpoint is disabled (ports.grpc <= 0) 756 // the list is empty. 757 // 758 // The addresses are taken from 'addresses.grpc' which should contain a 759 // space separated list of ip addresses, UNIX socket paths and/or 760 // go-sockaddr templates. UNIX socket paths must be written as 761 // 'unix://<full path>', e.g. 'unix:///var/run/consul-grpc.sock'. 762 // 763 // If 'addresses.grpc' was not provided the 'client_addr' addresses are 764 // used. 765 // 766 // hcl: client_addr = string addresses { grpc = string } ports { grpc = int } 767 GRPCAddrs []net.Addr 768 769 // HTTPAddrs contains the list of TCP addresses and UNIX sockets the HTTP 770 // server will bind to. If the HTTP endpoint is disabled (ports.http <= 0) 771 // the list is empty. 772 // 773 // The addresses are taken from 'addresses.http' which should contain a 774 // space separated list of ip addresses, UNIX socket paths and/or 775 // go-sockaddr templates. UNIX socket paths must be written as 776 // 'unix://<full path>', e.g. 'unix:///var/run/consul-http.sock'. 777 // 778 // If 'addresses.http' was not provided the 'client_addr' addresses are 779 // used. 780 // 781 // hcl: client_addr = string addresses { http = string } ports { http = int } 782 HTTPAddrs []net.Addr 783 784 // HTTPPort is the port the HTTP server listens on. The default is 8500. 785 // Setting this to a value <= 0 disables the endpoint. 786 // 787 // hcl: ports { http = int } 788 // flags: -http-port int 789 HTTPPort int 790 791 // HTTPSAddrs contains the list of TCP addresses and UNIX sockets the HTTPS 792 // server will bind to. If the HTTPS endpoint is disabled (ports.https <= 793 // 0) the list is empty. 794 // 795 // The addresses are taken from 'addresses.https' which should contain a 796 // space separated list of ip addresses, UNIX socket paths and/or 797 // go-sockaddr templates. UNIX socket paths must be written as 798 // 'unix://<full path>', e.g. 'unix:///var/run/consul-https.sock'. 799 // 800 // If 'addresses.https' was not provided the 'client_addr' addresses are 801 // used. 802 // 803 // hcl: client_addr = string addresses { https = string } ports { https = int } 804 HTTPSAddrs []net.Addr 805 806 // HTTPMaxConnsPerClient limits the number of concurrent TCP connections the 807 // HTTP(S) server will accept from any single source IP address. 808 // 809 // hcl: limits{ http_max_conns_per_client = 100 } 810 HTTPMaxConnsPerClient int 811 812 // HTTPSHandshakeTimeout is the time allowed for HTTPS client to complete the 813 // TLS handshake and send first bytes of the request. 814 // 815 // hcl: limits{ https_handshake_timeout = "5s" } 816 HTTPSHandshakeTimeout time.Duration 817 818 // HTTPSPort is the port the HTTP server listens on. The default is -1. 819 // Setting this to a value <= 0 disables the endpoint. 820 // 821 // hcl: ports { https = int } 822 // flags: -https-port int 823 HTTPSPort int 824 825 // KeyFile is used to provide a TLS key that is used for serving TLS 826 // connections. Must be provided to serve TLS connections. 827 // 828 // hcl: key_file = string 829 KeyFile string 830 831 // KVMaxValueSize controls the max allowed value size. If not set defaults 832 // to raft's suggested max value size. 833 // 834 // hcl: limits { kv_max_value_size = uint64 } 835 KVMaxValueSize uint64 836 837 // LeaveDrainTime is used to wait after a server has left the LAN Serf 838 // pool for RPCs to drain and new requests to be sent to other servers. 839 // 840 // hcl: performance { leave_drain_time = "duration" } 841 LeaveDrainTime time.Duration 842 843 // LeaveOnTerm controls if Serf does a graceful leave when receiving 844 // the TERM signal. Defaults true on clients, false on servers. (reloadable) 845 // 846 // hcl: leave_on_terminate = (true|false) 847 LeaveOnTerm bool 848 849 // LogLevel is the level of the logs to write. Defaults to "INFO". 850 // 851 // hcl: log_level = string 852 LogLevel string 853 854 // LogJSON controls whether to output logs as structured JSON. Defaults to false. 855 // 856 // hcl: log_json = (true|false) 857 // flag: -log-json 858 LogJSON bool 859 860 // LogFile is the path to the file where the logs get written to. Defaults to empty string. 861 // 862 // hcl: log_file = string 863 // flags: -log-file string 864 LogFile string 865 866 // LogRotateDuration is the time configured to rotate logs based on time 867 // 868 // hcl: log_rotate_duration = string 869 // flags: -log-rotate-duration string 870 LogRotateDuration time.Duration 871 872 // LogRotateBytes is the time configured to rotate logs based on bytes written 873 // 874 // hcl: log_rotate_bytes = int 875 // flags: -log-rotate-bytes int 876 LogRotateBytes int 877 878 // LogRotateMaxFiles is the maximum number of log file archives to keep 879 // 880 // hcl: log_rotate_max_files = int 881 // flags: -log-rotate-max-files int 882 LogRotateMaxFiles int 883 884 // MaxQueryTime is the maximum amount of time a blocking query can wait 885 // before Consul will force a response. Consul applies jitter to the wait 886 // time. The jittered time will be capped to MaxQueryTime. 887 // 888 // hcl: max_query_time = "duration" 889 // flags: -max-query-time string 890 MaxQueryTime time.Duration 891 892 // Node ID is a unique ID for this node across space and time. Defaults 893 // to a randomly-generated ID that persists in the data-dir. 894 // 895 // todo(fs): don't we have a requirement for this to be a UUID in a specific format? 896 // 897 // hcl: node_id = string 898 // flag: -node-id string 899 NodeID types.NodeID 900 901 // NodeMeta contains metadata key/value pairs. These are excluded from JSON output 902 // because they can be reloaded and might be stale when shown from the 903 // config instead of the local state. 904 // todo(fs): should the sanitizer omit them from output as well since they could be stale? 905 // 906 // hcl: node_meta = map[string]string 907 // flag: -node-meta "key:value" -node-meta "key:value" ... 908 NodeMeta map[string]string 909 910 // NonVotingServer is whether this server will act as a non-voting member 911 // of the cluster to help provide read scalability. (Enterprise-only) 912 // 913 // hcl: non_voting_server = (true|false) 914 // flag: -non-voting-server 915 NonVotingServer bool 916 917 // PidFile is the file to store our PID in. 918 // 919 // hcl: pid_file = string 920 PidFile string 921 922 // PrimaryDatacenter is the central datacenter that holds authoritative 923 // ACL records, replicates intentions and holds the root CA for Connect. 924 // This must be the same for the entire cluster. Off by default. 925 // 926 // hcl: primary_datacenter = string 927 PrimaryDatacenter string 928 929 // RPCAdvertiseAddr is the TCP address Consul advertises for its RPC endpoint. 930 // By default this is the bind address on the default RPC Server port. If the 931 // advertise address is specified then it is used. 932 // 933 // hcl: bind_addr = string advertise_addr = string ports { server = int } 934 RPCAdvertiseAddr *net.TCPAddr 935 936 // RPCBindAddr is the TCP address Consul will bind to for its RPC endpoint. 937 // By default this is the bind address on the default RPC Server port. 938 // 939 // hcl: bind_addr = string ports { server = int } 940 RPCBindAddr *net.TCPAddr 941 942 // RPCHandshakeTimeout is the timeout for reading the initial magic byte on a 943 // new RPC connection. If this is set high it may allow unauthenticated users 944 // to hold connections open arbitrarily long, even when mutual TLS is being 945 // enforced. It may be set to 0 explicitly to disable the timeout but this 946 // should never be used in production. Default is 5 seconds. 947 // 948 // hcl: limits { rpc_handshake_timeout = "duration" } 949 RPCHandshakeTimeout time.Duration 950 951 // RPCHoldTimeout is how long an RPC can be "held" before it is errored. 952 // This is used to paper over a loss of leadership by instead holding RPCs, 953 // so that the caller experiences a slow response rather than an error. 954 // This period is meant to be long enough for a leader election to take 955 // place, and a small jitter is applied to avoid a thundering herd. 956 // 957 // hcl: performance { rpc_hold_timeout = "duration" } 958 RPCHoldTimeout time.Duration 959 960 // RPCRateLimit and RPCMaxBurst control how frequently RPC calls are allowed 961 // to happen. In any large enough time interval, rate limiter limits the 962 // rate to RPCRate tokens per second, with a maximum burst size of 963 // RPCMaxBurst events. As a special case, if RPCRate == Inf (the infinite 964 // rate), RPCMaxBurst is ignored. 965 // 966 // See https://en.wikipedia.org/wiki/Token_bucket for more about token 967 // buckets. 968 // 969 // hcl: limit { rpc_rate = (float64|MaxFloat64) rpc_max_burst = int } 970 RPCRateLimit rate.Limit 971 RPCMaxBurst int 972 973 // RPCMaxConnsPerClient limits the number of concurrent TCP connections the 974 // RPC server will accept from any single source IP address. 975 // 976 // hcl: limits{ rpc_max_conns_per_client = 100 } 977 RPCMaxConnsPerClient int 978 979 // RPCProtocol is the Consul protocol version to use. 980 // 981 // hcl: protocol = int 982 RPCProtocol int 983 984 // RaftProtocol sets the Raft protocol version to use on this server. 985 // Defaults to 3. 986 // 987 // hcl: raft_protocol = int 988 RaftProtocol int 989 990 // RaftSnapshotThreshold sets the minimum threshold of raft commits after which 991 // a snapshot is created. Defaults to 8192 992 // 993 // hcl: raft_snapshot_threshold = int 994 RaftSnapshotThreshold int 995 996 // RaftSnapshotInterval sets the interval to use when checking whether to create 997 // a new snapshot. Defaults to 5 seconds. 998 // hcl: raft_snapshot_threshold = int 999 RaftSnapshotInterval time.Duration 1000 1001 // RaftTrailingLogs sets the number of log entries that will be left in the 1002 // log store after a snapshot. This must be large enough that a follower can 1003 // transfer and restore an entire snapshot of the state before this many new 1004 // entries have been appended. In vast majority of cases the default is plenty 1005 // but if there is a sustained high write throughput coupled with a huge 1006 // multi-gigabyte snapshot setting this higher may be necessary to allow 1007 // followers time to reload from snapshot without becoming unhealthy. If it's 1008 // too low then followers are unable to ever recover from a restart and will 1009 // enter a loop of constantly downloading full snapshots and never catching 1010 // up. If you need to change this you should reconsider your usage of Consul 1011 // as it is not designed to store multiple-gigabyte data sets with high write 1012 // throughput. Defaults to 10000. 1013 // 1014 // hcl: raft_trailing_logs = int 1015 RaftTrailingLogs int 1016 1017 // ReconnectTimeoutLAN specifies the amount of time to wait to reconnect with 1018 // another agent before deciding it's permanently gone. This can be used to 1019 // control the time it takes to reap failed nodes from the cluster. 1020 // 1021 // hcl: reconnect_timeout = "duration" 1022 ReconnectTimeoutLAN time.Duration 1023 1024 // ReconnectTimeoutWAN specifies the amount of time to wait to reconnect with 1025 // another agent before deciding it's permanently gone. This can be used to 1026 // control the time it takes to reap failed nodes from the cluster. 1027 // 1028 // hcl: reconnect_timeout = "duration" 1029 ReconnectTimeoutWAN time.Duration 1030 1031 // RejoinAfterLeave controls our interaction with the cluster after leave. 1032 // When set to false (default), a leave causes Consul to not rejoin 1033 // the cluster until an explicit join is received. If this is set to 1034 // true, we ignore the leave, and rejoin the cluster on start. 1035 // 1036 // hcl: rejoin_after_leave = (true|false) 1037 // flag: -rejoin 1038 RejoinAfterLeave bool 1039 1040 // RetryJoinIntervalLAN specifies the amount of time to wait in between join 1041 // attempts on agent start. The minimum allowed value is 1 second and 1042 // the default is 30s. 1043 // 1044 // hcl: retry_join = "duration" 1045 RetryJoinIntervalLAN time.Duration 1046 1047 // RetryJoinIntervalWAN specifies the amount of time to wait in between join 1048 // attempts on agent start. The minimum allowed value is 1 second and 1049 // the default is 30s. 1050 // 1051 // hcl: retry_join_wan = "duration" 1052 RetryJoinIntervalWAN time.Duration 1053 1054 // RetryJoinLAN is a list of addresses and/or go-discover expressions to 1055 // join with retry enabled. See 1056 // https://www.consul.io/docs/agent/options.html#cloud-auto-joining for 1057 // details. 1058 // 1059 // hcl: retry_join = []string 1060 // flag: -retry-join string -retry-join string 1061 RetryJoinLAN []string 1062 1063 // RetryJoinMaxAttemptsLAN specifies the maximum number of times to retry 1064 // joining a host on startup. This is useful for cases where we know the 1065 // node will be online eventually. 1066 // 1067 // hcl: retry_max = int 1068 // flag: -retry-max int 1069 RetryJoinMaxAttemptsLAN int 1070 1071 // RetryJoinMaxAttemptsWAN specifies the maximum number of times to retry 1072 // joining a host on startup. This is useful for cases where we know the 1073 // node will be online eventually. 1074 // 1075 // hcl: retry_max_wan = int 1076 // flag: -retry-max-wan int 1077 RetryJoinMaxAttemptsWAN int 1078 1079 // RetryJoinWAN is a list of addresses and/or go-discover expressions to 1080 // join -wan with retry enabled. See 1081 // https://www.consul.io/docs/agent/options.html#cloud-auto-joining for 1082 // details. 1083 // 1084 // hcl: retry_join_wan = []string 1085 // flag: -retry-join-wan string -retry-join-wan string 1086 RetryJoinWAN []string 1087 1088 // SegmentName is the network segment for this client to join. 1089 // (Enterprise-only) 1090 // 1091 // hcl: segment = string 1092 SegmentName string 1093 1094 // Segments is the list of network segments for this server to 1095 // initialize. 1096 // 1097 // hcl: segment = [ 1098 // { 1099 // # name is the name of the segment 1100 // name = string 1101 // 1102 // # bind is the bind ip address for this segment. 1103 // bind = string 1104 // 1105 // # port is the bind port for this segment. 1106 // port = int 1107 // 1108 // # advertise is the advertise ip address for this segment. 1109 // # Defaults to the bind address if not set. 1110 // advertise = string 1111 // 1112 // # rpc_listener controls whether or not to bind a separate 1113 // # RPC listener to the bind address. 1114 // rpc_listener = (true|false) 1115 // }, 1116 // ... 1117 // ] 1118 Segments []structs.NetworkSegment 1119 1120 // SerfAdvertiseAddrLAN is the TCP address which is used for advertising 1121 // the LAN Gossip pool for both client and server. The address is the 1122 // combination of AdvertiseAddrLAN and the SerfPortLAN. If the advertise 1123 // address is not given the bind address is used. 1124 // 1125 // hcl: bind_addr = string advertise_addr = string ports { serf_lan = int } 1126 SerfAdvertiseAddrLAN *net.TCPAddr 1127 1128 // SerfAdvertiseAddrWAN is the TCP address which is used for advertising 1129 // the WAN Gossip pool on the server only. The address is the combination 1130 // of AdvertiseAddrWAN and the SerfPortWAN. If the advertise address is not 1131 // given the bind address is used. 1132 // 1133 // hcl: bind_addr = string advertise_addr_wan = string ports { serf_wan = int } 1134 SerfAdvertiseAddrWAN *net.TCPAddr 1135 1136 // SerfBindAddrLAN is the address to bind the Serf LAN TCP and UDP 1137 // listeners to. The ip address is either the default bind address or the 1138 // 'serf_lan' address which can be either an ip address or a go-sockaddr 1139 // template which resolves to a single ip address. 1140 // 1141 // hcl: bind_addr = string serf_lan = string ports { serf_lan = int } 1142 // flag: -serf-lan string 1143 SerfBindAddrLAN *net.TCPAddr 1144 1145 // SerfBindAddrWAN is the address to bind the Serf WAN TCP and UDP 1146 // listeners to. The ip address is either the default bind address or the 1147 // 'serf_wan' address which can be either an ip address or a go-sockaddr 1148 // template which resolves to a single ip address. 1149 // 1150 // hcl: bind_addr = string serf_wan = string ports { serf_wan = int } 1151 // flag: -serf-wan string 1152 SerfBindAddrWAN *net.TCPAddr 1153 1154 // SerfPortLAN is the port used for the LAN Gossip pool for both client and server. 1155 // The default is 8301. 1156 // 1157 // hcl: ports { serf_lan = int } 1158 SerfPortLAN int 1159 1160 // SerfPortWAN is the port used for the WAN Gossip pool for the server only. 1161 // The default is 8302. 1162 // 1163 // hcl: ports { serf_wan = int } 1164 SerfPortWAN int 1165 1166 // GossipLANGossipInterval is the interval between sending messages that need 1167 // to be gossiped that haven't been able to piggyback on probing messages. 1168 // If this is set to zero, non-piggyback gossip is disabled. By lowering 1169 // this value (more frequent) gossip messages are propagated across 1170 // the cluster more quickly at the expense of increased bandwidth. This 1171 // configuration only applies to LAN gossip communications 1172 // 1173 // The default is: 200ms 1174 // 1175 // hcl: gossip_lan { gossip_interval = duration} 1176 GossipLANGossipInterval time.Duration 1177 1178 // GossipLANGossipNodes is the number of random nodes to send gossip messages to 1179 // per GossipInterval. Increasing this number causes the gossip messages to 1180 // propagate across the cluster more quickly at the expense of increased 1181 // bandwidth. This configuration only applies to LAN gossip communications 1182 // 1183 // The default is: 3 1184 // 1185 // hcl: gossip_lan { gossip_nodes = int } 1186 GossipLANGossipNodes int 1187 1188 // GossipLANProbeInterval is the interval between random node probes. Setting 1189 // this lower (more frequent) will cause the memberlist cluster to detect 1190 // failed nodes more quickly at the expense of increased bandwidth usage. 1191 // This configuration only applies to LAN gossip communications 1192 // 1193 // The default is: 1s 1194 // 1195 // hcl: gossip_lan { probe_interval = duration } 1196 GossipLANProbeInterval time.Duration 1197 1198 // GossipLANProbeTimeout is the timeout to wait for an ack from a probed node 1199 // before assuming it is unhealthy. This should be set to 99-percentile 1200 // of RTT (round-trip time) on your network. This configuration 1201 // only applies to the LAN gossip communications 1202 // 1203 // The default is: 500ms 1204 // 1205 // hcl: gossip_lan { probe_timeout = duration } 1206 GossipLANProbeTimeout time.Duration 1207 1208 // GossipLANSuspicionMult is the multiplier for determining the time an 1209 // inaccessible node is considered suspect before declaring it dead. This 1210 // configuration only applies to LAN gossip communications 1211 // 1212 // The actual timeout is calculated using the formula: 1213 // 1214 // SuspicionTimeout = SuspicionMult * log(N+1) * ProbeInterval 1215 // 1216 // This allows the timeout to scale properly with expected propagation 1217 // delay with a larger cluster size. The higher the multiplier, the longer 1218 // an inaccessible node is considered part of the cluster before declaring 1219 // it dead, giving that suspect node more time to refute if it is indeed 1220 // still alive. 1221 // 1222 // The default is: 4 1223 // 1224 // hcl: gossip_lan { suspicion_mult = int } 1225 GossipLANSuspicionMult int 1226 1227 // GossipLANRetransmitMult is the multiplier for the number of retransmissions 1228 // that are attempted for messages broadcasted over gossip. This 1229 // configuration only applies to LAN gossip communications. The actual 1230 // count of retransmissions is calculated using the formula: 1231 // 1232 // Retransmits = RetransmitMult * log(N+1) 1233 // 1234 // This allows the retransmits to scale properly with cluster size. The 1235 // higher the multiplier, the more likely a failed broadcast is to converge 1236 // at the expense of increased bandwidth. 1237 // 1238 // The default is: 4 1239 // 1240 // hcl: gossip_lan { retransmit_mult = int } 1241 GossipLANRetransmitMult int 1242 1243 // GossipWANGossipInterval is the interval between sending messages that need 1244 // to be gossiped that haven't been able to piggyback on probing messages. 1245 // If this is set to zero, non-piggyback gossip is disabled. By lowering 1246 // this value (more frequent) gossip messages are propagated across 1247 // the cluster more quickly at the expense of increased bandwidth. This 1248 // configuration only applies to WAN gossip communications 1249 // 1250 // The default is: 200ms 1251 // 1252 // hcl: gossip_wan { gossip_interval = duration} 1253 GossipWANGossipInterval time.Duration 1254 1255 // GossipWANGossipNodes is the number of random nodes to send gossip messages to 1256 // per GossipInterval. Increasing this number causes the gossip messages to 1257 // propagate across the cluster more quickly at the expense of increased 1258 // bandwidth. This configuration only applies to WAN gossip communications 1259 // 1260 // The default is: 3 1261 // 1262 // hcl: gossip_wan { gossip_nodes = int } 1263 GossipWANGossipNodes int 1264 1265 // GossipWANProbeInterval is the interval between random node probes. Setting 1266 // this lower (more frequent) will cause the memberlist cluster to detect 1267 // failed nodes more quickly at the expense of increased bandwidth usage. 1268 // This configuration only applies to WAN gossip communications 1269 // 1270 // The default is: 1s 1271 // 1272 // hcl: gossip_wan { probe_interval = duration } 1273 GossipWANProbeInterval time.Duration 1274 1275 // GossipWANProbeTimeout is the timeout to wait for an ack from a probed node 1276 // before assuming it is unhealthy. This should be set to 99-percentile 1277 // of RTT (round-trip time) on your network. This configuration 1278 // only applies to the WAN gossip communications 1279 // 1280 // The default is: 500ms 1281 // 1282 // hcl: gossip_wan { probe_timeout = duration } 1283 GossipWANProbeTimeout time.Duration 1284 1285 // GossipWANSuspicionMult is the multiplier for determining the time an 1286 // inaccessible node is considered suspect before declaring it dead. This 1287 // configuration only applies to WAN gossip communications 1288 // 1289 // The actual timeout is calculated using the formula: 1290 // 1291 // SuspicionTimeout = SuspicionMult * log(N+1) * ProbeInterval 1292 // 1293 // This allows the timeout to scale properly with expected propagation 1294 // delay with a larger cluster size. The higher the multiplier, the longer 1295 // an inaccessible node is considered part of the cluster before declaring 1296 // it dead, giving that suspect node more time to refute if it is indeed 1297 // still alive. 1298 // 1299 // The default is: 4 1300 // 1301 // hcl: gossip_wan { suspicion_mult = int } 1302 GossipWANSuspicionMult int 1303 1304 // GossipWANRetransmitMult is the multiplier for the number of retransmissions 1305 // that are attempted for messages broadcasted over gossip. This 1306 // configuration only applies to WAN gossip communications. The actual 1307 // count of retransmissions is calculated using the formula: 1308 // 1309 // Retransmits = RetransmitMult * log(N+1) 1310 // 1311 // This allows the retransmits to scale properly with cluster size. The 1312 // higher the multiplier, the more likely a failed broadcast is to converge 1313 // at the expense of increased bandwidth. 1314 // 1315 // The default is: 4 1316 // 1317 // hcl: gossip_wan { retransmit_mult = int } 1318 GossipWANRetransmitMult int 1319 1320 // ServerMode controls if this agent acts like a Consul server, 1321 // or merely as a client. Servers have more state, take part 1322 // in leader election, etc. 1323 // 1324 // hcl: server = (true|false) 1325 // flag: -server 1326 ServerMode bool 1327 1328 // ServerName is used with the TLS certificates to ensure the name we 1329 // provide matches the certificate. 1330 // 1331 // hcl: server_name = string 1332 ServerName string 1333 1334 // ServerPort is the port the RPC server will bind to. 1335 // The default is 8300. 1336 // 1337 // hcl: ports { server = int } 1338 ServerPort int 1339 1340 // Services contains the provided service definitions: 1341 // 1342 // hcl: services = [ 1343 // { 1344 // id = string 1345 // name = string 1346 // tags = []string 1347 // address = string 1348 // check = { check definition } 1349 // checks = [ { check definition}, ... ] 1350 // token = string 1351 // enable_tag_override = (true|false) 1352 // }, 1353 // ... 1354 // ] 1355 Services []*structs.ServiceDefinition 1356 1357 // Minimum Session TTL. 1358 // 1359 // hcl: session_ttl_min = "duration" 1360 SessionTTLMin time.Duration 1361 1362 // SkipLeaveOnInt controls if Serf skips a graceful leave when 1363 // receiving the INT signal. Defaults false on clients, true on 1364 // servers. (reloadable) 1365 // 1366 // hcl: skip_leave_on_interrupt = (true|false) 1367 SkipLeaveOnInt bool 1368 1369 // StartJoinAddrsLAN is a list of addresses to attempt to join -lan when the 1370 // agent starts. If Serf is unable to communicate with any of these 1371 // addresses, then the agent will error and exit. 1372 // 1373 // hcl: start_join = []string 1374 // flag: -join string -join string 1375 StartJoinAddrsLAN []string 1376 1377 // StartJoinWAN is a list of addresses to attempt to join -wan when the 1378 // agent starts. If Serf is unable to communicate with any of these 1379 // addresses, then the agent will error and exit. 1380 // 1381 // hcl: start_join_wan = []string 1382 // flag: -join-wan string -join-wan string 1383 StartJoinAddrsWAN []string 1384 1385 // SyslogFacility is used to control where the syslog messages go 1386 // By default, goes to LOCAL0 1387 // 1388 // hcl: syslog_facility = string 1389 SyslogFacility string 1390 1391 // TLSCipherSuites is used to specify the list of supported ciphersuites. 1392 // 1393 // The values should be a list of the following values: 1394 // 1395 // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 1396 // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 1397 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 1398 // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 1399 // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 1400 // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 1401 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 1402 // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 1403 // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 1404 // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 1405 // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 1406 // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 1407 // TLS_RSA_WITH_AES_128_GCM_SHA256 1408 // TLS_RSA_WITH_AES_256_GCM_SHA384 1409 // TLS_RSA_WITH_AES_128_CBC_SHA256 1410 // TLS_RSA_WITH_AES_128_CBC_SHA 1411 // TLS_RSA_WITH_AES_256_CBC_SHA 1412 // TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 1413 // TLS_RSA_WITH_3DES_EDE_CBC_SHA 1414 // TLS_RSA_WITH_RC4_128_SHA 1415 // TLS_ECDHE_RSA_WITH_RC4_128_SHA 1416 // TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 1417 // 1418 // todo(fs): IMHO, we should also support the raw 0xNNNN values from 1419 // todo(fs): https://golang.org/pkg/crypto/tls/#pkg-constants 1420 // todo(fs): since they are standardized by IANA. 1421 // 1422 // hcl: tls_cipher_suites = []string 1423 TLSCipherSuites []uint16 1424 1425 // TLSMinVersion is used to set the minimum TLS version used for TLS 1426 // connections. Should be either "tls10", "tls11", or "tls12". 1427 // 1428 // hcl: tls_min_version = string 1429 TLSMinVersion string 1430 1431 // TLSPreferServerCipherSuites specifies whether to prefer the server's 1432 // cipher suite over the client cipher suites. 1433 // 1434 // hcl: tls_prefer_server_cipher_suites = (true|false) 1435 TLSPreferServerCipherSuites bool 1436 1437 // TaggedAddresses are used to publish a set of addresses for 1438 // for a node, which can be used by the remote agent. We currently 1439 // populate only the "wan" tag based on the SerfWan advertise address, 1440 // but this structure is here for possible future features with other 1441 // user-defined tags. The "wan" tag will be used by remote agents if 1442 // they are configured with TranslateWANAddrs set to true. 1443 // 1444 // hcl: tagged_addresses = map[string]string 1445 TaggedAddresses map[string]string 1446 1447 // TranslateWANAddrs controls whether or not Consul should prefer 1448 // the "wan" tagged address when doing lookups in remote datacenters. 1449 // See TaggedAddresses below for more details. 1450 // 1451 // hcl: translate_wan_addrs = (true|false) 1452 TranslateWANAddrs bool 1453 1454 // UIDir is the directory containing the Web UI resources. 1455 // If provided, the UI endpoints will be enabled. 1456 // 1457 // hcl: ui_dir = string 1458 // flag: -ui-dir string 1459 UIDir string 1460 1461 //UIContentPath is a string that sets the external 1462 // path to a string. Default: /ui/ 1463 UIContentPath string 1464 1465 // UnixSocketGroup contains the group of the file permissions when 1466 // Consul binds to UNIX sockets. 1467 // 1468 // hcl: unix_sockets { group = string } 1469 UnixSocketGroup string 1470 1471 // UnixSocketMode contains the mode of the file permissions when 1472 // Consul binds to UNIX sockets. 1473 // 1474 // hcl: unix_sockets { mode = string } 1475 UnixSocketMode string 1476 1477 // UnixSocketUser contains the user of the file permissions when 1478 // Consul binds to UNIX sockets. 1479 // 1480 // hcl: unix_sockets { user = string } 1481 UnixSocketUser string 1482 1483 // VerifyIncoming is used to verify the authenticity of incoming 1484 // connections. This means that TCP requests are forbidden, only allowing 1485 // for TLS. TLS connections must match a provided certificate authority. 1486 // This can be used to force client auth. 1487 // 1488 // hcl: verify_incoming = (true|false) 1489 VerifyIncoming bool 1490 1491 // VerifyIncomingHTTPS is used to verify the authenticity of incoming HTTPS 1492 // connections. This means that TCP requests are forbidden, only allowing 1493 // for TLS. TLS connections must match a provided certificate authority. 1494 // This can be used to force client auth. 1495 // 1496 // hcl: verify_incoming_https = (true|false) 1497 VerifyIncomingHTTPS bool 1498 1499 // VerifyIncomingRPC is used to verify the authenticity of incoming RPC 1500 // connections. This means that TCP requests are forbidden, only allowing 1501 // for TLS. TLS connections must match a provided certificate authority. 1502 // This can be used to force client auth. 1503 // 1504 // hcl: verify_incoming_rpc = (true|false) 1505 VerifyIncomingRPC bool 1506 1507 // VerifyOutgoing is used to verify the authenticity of outgoing 1508 // connections. This means that TLS requests are used. TLS connections must 1509 // match a provided certificate authority. This is used to verify 1510 // authenticity of server nodes. 1511 // 1512 // hcl: verify_outgoing = (true|false) 1513 VerifyOutgoing bool 1514 1515 // VerifyServerHostname is used to enable hostname verification of servers. 1516 // This ensures that the certificate presented is valid for 1517 // server.<datacenter>.<domain>. This prevents a compromised client from 1518 // being restarted as a server, and then intercepting request traffic as 1519 // well as being added as a raft peer. This should be enabled by default 1520 // with VerifyOutgoing, but for legacy reasons we cannot break existing 1521 // clients. 1522 // 1523 // hcl: verify_server_hostname = (true|false) 1524 VerifyServerHostname bool 1525 1526 // Watches are used to monitor various endpoints and to invoke a 1527 // handler to act appropriately. These are managed entirely in the 1528 // agent layer using the standard APIs. 1529 // 1530 // See https://www.consul.io/docs/agent/watches.html for details. 1531 // 1532 // hcl: watches = [ 1533 // { type=string ... }, 1534 // { type=string ... }, 1535 // ... 1536 // ] 1537 // 1538 Watches []map[string]interface{} 1539 1540 EnterpriseRuntimeConfig 1541} 1542 1543func (c *RuntimeConfig) apiAddresses(maxPerType int) (unixAddrs, httpAddrs, httpsAddrs []string) { 1544 if len(c.HTTPSAddrs) > 0 { 1545 for i, addr := range c.HTTPSAddrs { 1546 if maxPerType < 1 || i < maxPerType { 1547 httpsAddrs = append(httpsAddrs, addr.String()) 1548 } else { 1549 break 1550 } 1551 } 1552 } 1553 if len(c.HTTPAddrs) > 0 { 1554 unix_count := 0 1555 http_count := 0 1556 for _, addr := range c.HTTPAddrs { 1557 switch addr.(type) { 1558 case *net.UnixAddr: 1559 if maxPerType < 1 || unix_count < maxPerType { 1560 unixAddrs = append(unixAddrs, addr.String()) 1561 unix_count += 1 1562 } 1563 default: 1564 if maxPerType < 1 || http_count < maxPerType { 1565 httpAddrs = append(httpAddrs, addr.String()) 1566 http_count += 1 1567 } 1568 } 1569 } 1570 } 1571 1572 return 1573} 1574 1575func (c *RuntimeConfig) ClientAddress() (unixAddr, httpAddr, httpsAddr string) { 1576 unixAddrs, httpAddrs, httpsAddrs := c.apiAddresses(0) 1577 1578 if len(unixAddrs) > 0 { 1579 unixAddr = "unix://" + unixAddrs[0] 1580 } 1581 1582 http_any := "" 1583 if len(httpAddrs) > 0 { 1584 for _, addr := range httpAddrs { 1585 host, port, err := net.SplitHostPort(addr) 1586 if err != nil { 1587 continue 1588 } 1589 1590 if host == "0.0.0.0" || host == "::" { 1591 if http_any == "" { 1592 if host == "0.0.0.0" { 1593 http_any = net.JoinHostPort("127.0.0.1", port) 1594 } else { 1595 http_any = net.JoinHostPort("::1", port) 1596 } 1597 } 1598 continue 1599 } 1600 1601 httpAddr = addr 1602 break 1603 } 1604 1605 if httpAddr == "" && http_any != "" { 1606 httpAddr = http_any 1607 } 1608 } 1609 1610 https_any := "" 1611 if len(httpsAddrs) > 0 { 1612 for _, addr := range httpsAddrs { 1613 host, port, err := net.SplitHostPort(addr) 1614 if err != nil { 1615 continue 1616 } 1617 1618 if host == "0.0.0.0" || host == "::" { 1619 if https_any == "" { 1620 if host == "0.0.0.0" { 1621 https_any = net.JoinHostPort("127.0.0.1", port) 1622 } else { 1623 https_any = net.JoinHostPort("::1", port) 1624 } 1625 } 1626 continue 1627 } 1628 1629 httpsAddr = addr 1630 break 1631 } 1632 1633 if httpsAddr == "" && https_any != "" { 1634 httpsAddr = https_any 1635 } 1636 } 1637 1638 return 1639} 1640 1641func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) { 1642 cfg := &api.Config{ 1643 Datacenter: c.Datacenter, 1644 TLSConfig: api.TLSConfig{InsecureSkipVerify: !c.VerifyOutgoing}, 1645 } 1646 1647 unixAddr, httpAddr, httpsAddr := c.ClientAddress() 1648 1649 if httpsAddr != "" { 1650 cfg.Address = httpsAddr 1651 cfg.Scheme = "https" 1652 cfg.TLSConfig.CAFile = c.CAFile 1653 cfg.TLSConfig.CAPath = c.CAPath 1654 if includeClientCerts { 1655 cfg.TLSConfig.CertFile = c.CertFile 1656 cfg.TLSConfig.KeyFile = c.KeyFile 1657 } 1658 } else if httpAddr != "" { 1659 cfg.Address = httpAddr 1660 cfg.Scheme = "http" 1661 } else if unixAddr != "" { 1662 cfg.Address = unixAddr 1663 // this should be ignored - however we are still talking http over a unix socket 1664 // so it makes sense to set it like this 1665 cfg.Scheme = "http" 1666 } else { 1667 return nil, fmt.Errorf("No suitable client address can be found") 1668 } 1669 1670 return cfg, nil 1671} 1672 1673// Sanitized returns a JSON/HCL compatible representation of the runtime 1674// configuration where all fields with potential secrets had their 1675// values replaced by 'hidden'. In addition, network addresses and 1676// time.Duration values are formatted to improve readability. 1677func (c *RuntimeConfig) Sanitized() map[string]interface{} { 1678 return sanitize("rt", reflect.ValueOf(c)).Interface().(map[string]interface{}) 1679} 1680 1681func (c *RuntimeConfig) ToTLSUtilConfig() tlsutil.Config { 1682 return tlsutil.Config{ 1683 VerifyIncoming: c.VerifyIncoming, 1684 VerifyIncomingRPC: c.VerifyIncomingRPC, 1685 VerifyIncomingHTTPS: c.VerifyIncomingHTTPS, 1686 VerifyOutgoing: c.VerifyOutgoing, 1687 VerifyServerHostname: c.VerifyServerHostname, 1688 CAFile: c.CAFile, 1689 CAPath: c.CAPath, 1690 CertFile: c.CertFile, 1691 KeyFile: c.KeyFile, 1692 NodeName: c.NodeName, 1693 Domain: c.DNSDomain, 1694 ServerName: c.ServerName, 1695 TLSMinVersion: c.TLSMinVersion, 1696 CipherSuites: c.TLSCipherSuites, 1697 PreferServerCipherSuites: c.TLSPreferServerCipherSuites, 1698 EnableAgentTLSForChecks: c.EnableAgentTLSForChecks, 1699 AutoEncryptTLS: c.AutoEncryptTLS, 1700 } 1701} 1702 1703// isSecret determines whether a field name represents a field which 1704// may contain a secret. 1705func isSecret(name string) bool { 1706 name = strings.ToLower(name) 1707 return strings.Contains(name, "key") || strings.Contains(name, "token") || strings.Contains(name, "secret") 1708} 1709 1710// cleanRetryJoin sanitizes the go-discover config strings key=val key=val... 1711// by scrubbing the individual key=val combinations. 1712func cleanRetryJoin(a string) string { 1713 var fields []string 1714 for _, f := range strings.Fields(a) { 1715 if isSecret(f) { 1716 kv := strings.SplitN(f, "=", 2) 1717 fields = append(fields, kv[0]+"=hidden") 1718 } else { 1719 fields = append(fields, f) 1720 } 1721 } 1722 return strings.Join(fields, " ") 1723} 1724 1725func sanitize(name string, v reflect.Value) reflect.Value { 1726 typ := v.Type() 1727 switch { 1728 // check before isStruct and isPtr 1729 case isNetAddr(typ): 1730 if v.IsNil() { 1731 return reflect.ValueOf("") 1732 } 1733 switch x := v.Interface().(type) { 1734 case *net.TCPAddr: 1735 return reflect.ValueOf("tcp://" + x.String()) 1736 case *net.UDPAddr: 1737 return reflect.ValueOf("udp://" + x.String()) 1738 case *net.UnixAddr: 1739 return reflect.ValueOf("unix://" + x.String()) 1740 case *net.IPAddr: 1741 return reflect.ValueOf(x.IP.String()) 1742 case *net.IPNet: 1743 return reflect.ValueOf(x.String()) 1744 default: 1745 return v 1746 } 1747 1748 // check before isNumber 1749 case isDuration(typ): 1750 x := v.Interface().(time.Duration) 1751 return reflect.ValueOf(x.String()) 1752 1753 case isString(typ): 1754 if strings.HasPrefix(name, "RetryJoinLAN[") || strings.HasPrefix(name, "RetryJoinWAN[") { 1755 x := v.Interface().(string) 1756 return reflect.ValueOf(cleanRetryJoin(x)) 1757 } 1758 if isSecret(name) { 1759 return reflect.ValueOf("hidden") 1760 } 1761 return v 1762 1763 case isNumber(typ) || isBool(typ): 1764 return v 1765 1766 case isPtr(typ): 1767 if v.IsNil() { 1768 return v 1769 } 1770 return sanitize(name, v.Elem()) 1771 1772 case isStruct(typ): 1773 m := map[string]interface{}{} 1774 for i := 0; i < typ.NumField(); i++ { 1775 key := typ.Field(i).Name 1776 m[key] = sanitize(key, v.Field(i)).Interface() 1777 } 1778 return reflect.ValueOf(m) 1779 1780 case isArray(typ) || isSlice(typ): 1781 ma := make([]interface{}, 0) 1782 for i := 0; i < v.Len(); i++ { 1783 ma = append(ma, sanitize(fmt.Sprintf("%s[%d]", name, i), v.Index(i)).Interface()) 1784 } 1785 return reflect.ValueOf(ma) 1786 1787 case isMap(typ): 1788 m := map[string]interface{}{} 1789 for _, k := range v.MapKeys() { 1790 key := k.String() 1791 m[key] = sanitize(key, v.MapIndex(k)).Interface() 1792 } 1793 return reflect.ValueOf(m) 1794 1795 default: 1796 return v 1797 } 1798} 1799 1800func isDuration(t reflect.Type) bool { return t == reflect.TypeOf(time.Second) } 1801func isMap(t reflect.Type) bool { return t.Kind() == reflect.Map } 1802func isNetAddr(t reflect.Type) bool { return t.Implements(reflect.TypeOf((*net.Addr)(nil)).Elem()) } 1803func isPtr(t reflect.Type) bool { return t.Kind() == reflect.Ptr } 1804func isArray(t reflect.Type) bool { return t.Kind() == reflect.Array } 1805func isSlice(t reflect.Type) bool { return t.Kind() == reflect.Slice } 1806func isString(t reflect.Type) bool { return t.Kind() == reflect.String } 1807func isStruct(t reflect.Type) bool { return t.Kind() == reflect.Struct } 1808func isBool(t reflect.Type) bool { return t.Kind() == reflect.Bool } 1809func isNumber(t reflect.Type) bool { return isInt(t) || isUint(t) || isFloat(t) || isComplex(t) } 1810func isInt(t reflect.Type) bool { 1811 return t.Kind() == reflect.Int || 1812 t.Kind() == reflect.Int8 || 1813 t.Kind() == reflect.Int16 || 1814 t.Kind() == reflect.Int32 || 1815 t.Kind() == reflect.Int64 1816} 1817func isUint(t reflect.Type) bool { 1818 return t.Kind() == reflect.Uint || 1819 t.Kind() == reflect.Uint8 || 1820 t.Kind() == reflect.Uint16 || 1821 t.Kind() == reflect.Uint32 || 1822 t.Kind() == reflect.Uint64 1823} 1824func isFloat(t reflect.Type) bool { return t.Kind() == reflect.Float32 || t.Kind() == reflect.Float64 } 1825func isComplex(t reflect.Type) bool { 1826 return t.Kind() == reflect.Complex64 || t.Kind() == reflect.Complex128 1827} 1828