1package consul 2 3import ( 4 "fmt" 5 "net" 6 "os" 7 "time" 8 9 "github.com/hashicorp/memberlist" 10 "github.com/hashicorp/raft" 11 "github.com/hashicorp/serf/serf" 12 "golang.org/x/time/rate" 13 14 "github.com/hashicorp/consul/agent/checks" 15 "github.com/hashicorp/consul/agent/structs" 16 libserf "github.com/hashicorp/consul/lib/serf" 17 "github.com/hashicorp/consul/tlsutil" 18 "github.com/hashicorp/consul/types" 19 "github.com/hashicorp/consul/version" 20) 21 22const ( 23 DefaultDC = "dc1" 24 DefaultRPCPort = 8300 25 DefaultLANSerfPort = 8301 26 DefaultWANSerfPort = 8302 27 28 // DefaultRaftMultiplier is used as a baseline Raft configuration that 29 // will be reliable on a very basic server. See docs/install/performance.html 30 // for information on how this value was obtained. 31 DefaultRaftMultiplier uint = 5 32 33 // MaxRaftMultiplier is a fairly arbitrary upper bound that limits the 34 // amount of performance detuning that's possible. 35 MaxRaftMultiplier uint = 10 36) 37 38var ( 39 DefaultRPCAddr = &net.TCPAddr{IP: net.ParseIP("0.0.0.0"), Port: DefaultRPCPort} 40 41 // ProtocolVersionMap is the mapping of Consul protocol versions 42 // to Serf protocol versions. We mask the Serf protocols using 43 // our own protocol version. 44 protocolVersionMap map[uint8]uint8 45) 46 47func init() { 48 protocolVersionMap = map[uint8]uint8{ 49 1: 4, 50 2: 4, 51 3: 4, 52 } 53} 54 55// (Enterprise-only) NetworkSegment is the address and port configuration 56// for a network segment. 57type NetworkSegment struct { 58 Name string 59 Bind string 60 Port int 61 Advertise string 62 RPCAddr *net.TCPAddr 63 SerfConfig *serf.Config 64} 65 66// Config is used to configure the server 67type Config struct { 68 // Bootstrap mode is used to bring up the first Consul server. 69 // It is required so that it can elect a leader without any 70 // other nodes being present 71 Bootstrap bool 72 73 // BootstrapExpect mode is used to automatically bring up a collection of 74 // Consul servers. This can be used to automatically bring up a collection 75 // of nodes. 76 BootstrapExpect int 77 78 // Datacenter is the datacenter this Consul server represents. 79 Datacenter string 80 81 // PrimaryDatacenter is the authoritative datacenter for features like ACLs 82 // and Connect. 83 PrimaryDatacenter string 84 85 // DataDir is the directory to store our state in. 86 DataDir string 87 88 // DefaultQueryTime is the amount of time a blocking query will wait before 89 // Consul will force a response. This value can be overridden by the 'wait' 90 // query parameter. 91 DefaultQueryTime time.Duration 92 93 // MaxQueryTime is the maximum amount of time a blocking query can wait 94 // before Consul will force a response. Consul applies jitter to the wait 95 // time. The jittered time will be capped to MaxQueryTime. 96 MaxQueryTime time.Duration 97 98 // DevMode is used to enable a development server mode. 99 DevMode bool 100 101 // NodeID is a unique identifier for this node across space and time. 102 NodeID types.NodeID 103 104 // Node name is the name we use to advertise. Defaults to hostname. 105 NodeName string 106 107 // Domain is the DNS domain for the records. Defaults to "consul." 108 Domain string 109 110 // RaftConfig is the configuration used for Raft in the local DC 111 RaftConfig *raft.Config 112 113 // (Enterprise-only) ReadReplica is used to prevent this server from being added 114 // as a voting member of the Raft cluster. 115 ReadReplica bool 116 117 // NotifyListen is called after the RPC listener has been configured. 118 // RPCAdvertise will be set to the listener address if it hasn't been 119 // configured at this point. 120 NotifyListen func() 121 122 // RPCAddr is the RPC address used by Consul. This should be reachable 123 // by the WAN and LAN 124 RPCAddr *net.TCPAddr 125 126 // RPCAdvertise is the address that is advertised to other nodes for 127 // the RPC endpoint. This can differ from the RPC address, if for example 128 // the RPCAddr is unspecified "0.0.0.0:8300", but this address must be 129 // reachable. If RPCAdvertise is nil then it will be set to the Listener 130 // address after the listening socket is configured. 131 RPCAdvertise *net.TCPAddr 132 133 // RPCSrcAddr is the source address for outgoing RPC connections. 134 RPCSrcAddr *net.TCPAddr 135 136 // (Enterprise-only) The network segment this agent is part of. 137 Segment string 138 139 // (Enterprise-only) Segments is a list of network segments for a server to 140 // bind on. 141 Segments []NetworkSegment 142 143 // SerfLANConfig is the configuration for the intra-dc serf 144 SerfLANConfig *serf.Config 145 146 // SerfWANConfig is the configuration for the cross-dc serf 147 SerfWANConfig *serf.Config 148 149 // SerfFloodInterval controls how often we attempt to flood local Serf 150 // Consul servers into the global areas (WAN and user-defined areas in 151 // Consul Enterprise). 152 SerfFloodInterval time.Duration 153 154 // ReconcileInterval controls how often we reconcile the strongly 155 // consistent store with the Serf info. This is used to handle nodes 156 // that are force removed, as well as intermittent unavailability during 157 // leader election. 158 ReconcileInterval time.Duration 159 160 // ProtocolVersion is the protocol version to speak. This must be between 161 // ProtocolVersionMin and ProtocolVersionMax. 162 ProtocolVersion uint8 163 164 // VerifyIncoming is used to verify the authenticity of incoming connections. 165 // This means that TCP requests are forbidden, only allowing for TLS. TLS connections 166 // must match a provided certificate authority. This can be used to force client auth. 167 VerifyIncoming bool 168 169 // VerifyOutgoing is used to force verification of the authenticity of outgoing connections. 170 // This means that TLS requests are used, and TCP requests are not made. TLS connections 171 // must match a provided certificate authority. 172 VerifyOutgoing bool 173 174 // UseTLS is used to enable TLS for outgoing connections to other TLS-capable Consul 175 // servers. This doesn't imply any verification, it only enables TLS if possible. 176 UseTLS bool 177 178 // VerifyServerHostname is used to enable hostname verification of servers. This 179 // ensures that the certificate presented is valid for server.<datacenter>.<domain>. 180 // This prevents a compromised client from being restarted as a server, and then 181 // intercepting request traffic as well as being added as a raft peer. This should be 182 // enabled by default with VerifyOutgoing, but for legacy reasons we cannot break 183 // existing clients. 184 VerifyServerHostname bool 185 186 // CAFile is a path to a certificate authority file. This is used with VerifyIncoming 187 // or VerifyOutgoing to verify the TLS connection. 188 CAFile string 189 190 // CAPath is a path to a directory of certificate authority files. This is used with 191 // VerifyIncoming or VerifyOutgoing to verify the TLS connection. 192 CAPath string 193 194 // CertFile is used to provide a TLS certificate that is used for serving TLS connections. 195 // Must be provided to serve TLS connections. 196 CertFile string 197 198 // KeyFile is used to provide a TLS key that is used for serving TLS connections. 199 // Must be provided to serve TLS connections. 200 KeyFile string 201 202 // ServerName is used with the TLS certificate to ensure the name we 203 // provide matches the certificate 204 ServerName string 205 206 // TLSMinVersion is used to set the minimum TLS version used for TLS connections. 207 TLSMinVersion string 208 209 // TLSCipherSuites is used to specify the list of supported ciphersuites. 210 TLSCipherSuites []uint16 211 212 // TLSPreferServerCipherSuites specifies whether to prefer the server's ciphersuite 213 // over the client ciphersuites. 214 TLSPreferServerCipherSuites bool 215 216 // RejoinAfterLeave controls our interaction with Serf. 217 // When set to false (default), a leave causes a Consul to not rejoin 218 // the cluster until an explicit join is received. If this is set to 219 // true, we ignore the leave, and rejoin the cluster on start. 220 RejoinAfterLeave bool 221 222 // AdvertiseReconnectTimeout is the duration after which this node should be 223 // assumed to not be returning and thus should be reaped within Serf. This 224 // can only be set for Client agents 225 AdvertiseReconnectTimeout time.Duration 226 227 // Build is a string that is gossiped around, and can be used to help 228 // operators track which versions are actively deployed 229 Build string 230 231 // ACLEnabled is used to enable ACLs 232 ACLsEnabled bool 233 234 // ACLMasterToken is used to bootstrap the ACL system. It should be specified 235 // on the servers in the ACLDatacenter. When the leader comes online, it ensures 236 // that the Master token is available. This provides the initial token. 237 ACLMasterToken string 238 239 // ACLDatacenter provides the authoritative datacenter for ACL 240 // tokens. If not provided, ACL verification is disabled. 241 ACLDatacenter string 242 243 // ACLTokenTTL controls the time-to-live of cached ACL tokens. 244 // It can be set to zero to disable caching, but this adds 245 // a substantial cost. 246 ACLTokenTTL time.Duration 247 248 // ACLPolicyTTL controls the time-to-live of cached ACL policies. 249 // It can be set to zero to disable caching, but this adds 250 // a substantial cost. 251 ACLPolicyTTL time.Duration 252 253 // ACLRoleTTL controls the time-to-live of cached ACL roles. 254 // It can be set to zero to disable caching, but this adds 255 // a substantial cost. 256 ACLRoleTTL time.Duration 257 258 // ACLDisabledTTL is the time between checking if ACLs should be 259 // enabled. This 260 ACLDisabledTTL time.Duration 261 262 // ACLTokenReplication is used to enabled token replication. 263 // 264 // By default policy-only replication is enabled. When token 265 // replication is off and the primary datacenter is not 266 // yet upgraded to the new ACLs no replication will be performed 267 ACLTokenReplication bool 268 269 // ACLDefaultPolicy is used to control the ACL interaction when 270 // there is no defined policy. This can be "allow" which means 271 // ACLs are used to deny-list, or "deny" which means ACLs are 272 // allow-lists. 273 ACLDefaultPolicy string 274 275 // ACLDownPolicy controls the behavior of ACLs if the ACLDatacenter 276 // cannot be contacted. It can be either "deny" to deny all requests, 277 // "extend-cache" or "async-cache" which ignores the ACLCacheInterval and 278 // uses cached policies. 279 // If a policy is not in the cache, it acts like deny. 280 // "allow" can be used to allow all requests. This is not recommended. 281 ACLDownPolicy string 282 283 // ACLReplicationRate is the max number of replication rounds that can 284 // be run per second. Note that either 1 or 2 RPCs are used during each replication 285 // round 286 ACLReplicationRate int 287 288 // ACLReplicationBurst is how many replication RPCs can be bursted after a 289 // period of idleness 290 ACLReplicationBurst int 291 292 // ACLReplicationApplyLimit is the max number of replication-related 293 // apply operations that we allow during a one second period. This is 294 // used to limit the amount of Raft bandwidth used for replication. 295 ACLReplicationApplyLimit int 296 297 // ACLEnableKeyListPolicy is used to gate enforcement of the new "list" policy that 298 // protects listing keys by prefix. This behavior is opt-in 299 // by default in Consul 1.0 and later. 300 ACLEnableKeyListPolicy bool 301 302 AutoConfigEnabled bool 303 AutoConfigIntroToken string 304 AutoConfigIntroTokenFile string 305 AutoConfigServerAddresses []string 306 AutoConfigDNSSANs []string 307 AutoConfigIPSANs []net.IP 308 AutoConfigAuthzEnabled bool 309 AutoConfigAuthzAuthMethod structs.ACLAuthMethod 310 AutoConfigAuthzClaimAssertions []string 311 AutoConfigAuthzAllowReuse bool 312 313 // TombstoneTTL is used to control how long KV tombstones are retained. 314 // This provides a window of time where the X-Consul-Index is monotonic. 315 // Outside this window, the index may not be monotonic. This is a result 316 // of a few trade offs: 317 // 1) The index is defined by the data view and not globally. This is a 318 // performance optimization that prevents any write from incrementing the 319 // index for all data views. 320 // 2) Tombstones are not kept indefinitely, since otherwise storage required 321 // is also monotonic. This prevents deletes from reducing the disk space 322 // used. 323 // In theory, neither of these are intrinsic limitations, however for the 324 // purposes of building a practical system, they are reasonable trade offs. 325 // 326 // It is also possible to set this to an incredibly long time, thereby 327 // simulating infinite retention. This is not recommended however. 328 // 329 TombstoneTTL time.Duration 330 331 // TombstoneTTLGranularity is used to control how granular the timers are 332 // for the Tombstone GC. This is used to batch the GC of many keys together 333 // to reduce overhead. It is unlikely a user would ever need to tune this. 334 TombstoneTTLGranularity time.Duration 335 336 // Minimum Session TTL 337 SessionTTLMin time.Duration 338 339 // maxTokenExpirationDuration is the maximum difference allowed between 340 // ACLToken CreateTime and ExpirationTime values if ExpirationTime is set 341 // on a token. 342 ACLTokenMaxExpirationTTL time.Duration 343 344 // ACLTokenMinExpirationTTL is the minimum difference allowed between 345 // ACLToken CreateTime and ExpirationTime values if ExpirationTime is set 346 // on a token. 347 ACLTokenMinExpirationTTL time.Duration 348 349 // ServerUp callback can be used to trigger a notification that 350 // a Consul server is now up and known about. 351 ServerUp func() 352 353 // UserEventHandler callback can be used to handle incoming 354 // user events. This function should not block. 355 UserEventHandler func(serf.UserEvent) 356 357 // ConfigReplicationRate is the max number of replication rounds that can 358 // be run per second. Note that either 1 or 2 RPCs are used during each replication 359 // round 360 ConfigReplicationRate int 361 362 // ConfigReplicationBurst is how many replication rounds can be bursted after a 363 // period of idleness 364 ConfigReplicationBurst int 365 366 // ConfigReplicationApply limit is the max number of replication-related 367 // apply operations that we allow during a one second period. This is 368 // used to limit the amount of Raft bandwidth used for replication. 369 ConfigReplicationApplyLimit int 370 371 // FederationStateReplicationRate is the max number of replication rounds that can 372 // be run per second. Note that either 1 or 2 RPCs are used during each replication 373 // round 374 FederationStateReplicationRate int 375 376 // FederationStateReplicationBurst is how many replication rounds can be bursted after a 377 // period of idleness 378 FederationStateReplicationBurst int 379 380 // FederationStateReplicationApply limit is the max number of replication-related 381 // apply operations that we allow during a one second period. This is 382 // used to limit the amount of Raft bandwidth used for replication. 383 FederationStateReplicationApplyLimit int 384 385 // CoordinateUpdatePeriod controls how long a server batches coordinate 386 // updates before applying them in a Raft transaction. A larger period 387 // leads to fewer Raft transactions, but also the stored coordinates 388 // being more stale. 389 CoordinateUpdatePeriod time.Duration 390 391 // CoordinateUpdateBatchSize controls the maximum number of updates a 392 // server batches before applying them in a Raft transaction. 393 CoordinateUpdateBatchSize int 394 395 // CoordinateUpdateMaxBatches controls the maximum number of batches we 396 // are willing to apply in one period. After this limit we will issue a 397 // warning and discard the remaining updates. 398 CoordinateUpdateMaxBatches int 399 400 // CheckOutputMaxSize control the max size of output of checks 401 CheckOutputMaxSize int 402 403 // RPCHandshakeTimeout limits how long we will wait for the initial magic byte 404 // on an RPC client connection. It also governs how long we will wait for a 405 // TLS handshake when TLS is configured however the timout applies separately 406 // for the initial magic byte and the TLS handshake and inner magic byte. 407 RPCHandshakeTimeout time.Duration 408 409 // RPCHoldTimeout is how long an RPC can be "held" before it is errored. 410 // This is used to paper over a loss of leadership by instead holding RPCs, 411 // so that the caller experiences a slow response rather than an error. 412 // This period is meant to be long enough for a leader election to take 413 // place, and a small jitter is applied to avoid a thundering herd. 414 RPCHoldTimeout time.Duration 415 416 // RPCRateLimit and RPCMaxBurst control how frequently RPC calls are allowed 417 // to happen. In any large enough time interval, rate limiter limits the 418 // rate to RPCRateLimit tokens per second, with a maximum burst size of 419 // RPCMaxBurst events. As a special case, if RPCRateLimit == Inf (the infinite 420 // rate), RPCMaxBurst is ignored. 421 // 422 // See https://en.wikipedia.org/wiki/Token_bucket for more about token 423 // buckets. 424 RPCRateLimit rate.Limit 425 RPCMaxBurst int 426 427 // RPCMaxConnsPerClient is the limit of how many concurrent connections are 428 // allowed from a single source IP. 429 RPCMaxConnsPerClient int 430 431 // LeaveDrainTime is used to wait after a server has left the LAN Serf 432 // pool for RPCs to drain and new requests to be sent to other servers. 433 LeaveDrainTime time.Duration 434 435 // AutopilotConfig is used to apply the initial autopilot config when 436 // bootstrapping. 437 AutopilotConfig *structs.AutopilotConfig 438 439 // ServerHealthInterval is the frequency with which the health of the 440 // servers in the cluster will be updated. 441 ServerHealthInterval time.Duration 442 443 // AutopilotInterval is the frequency with which the leader will perform 444 // autopilot tasks, such as promoting eligible non-voters and removing 445 // dead servers. 446 AutopilotInterval time.Duration 447 448 // MetricsReportingInterval is the frequency with which the server will 449 // report usage metrics to the configured go-metrics Sinks. 450 MetricsReportingInterval time.Duration 451 452 // ConnectEnabled is whether to enable Connect features such as the CA. 453 ConnectEnabled bool 454 455 // ConnectMeshGatewayWANFederationEnabled determines if wan federation of 456 // datacenters should exclusively traverse mesh gateways. 457 ConnectMeshGatewayWANFederationEnabled bool 458 459 // DisableFederationStateAntiEntropy solely exists for use in unit tests to 460 // disable a background routine. 461 DisableFederationStateAntiEntropy bool 462 463 // OverrideInitialSerfTags solely exists for use in unit tests to ensure 464 // that a serf tag is initially set to a known value, rather than the 465 // default to test some consul upgrade scenarios with fewer races. 466 OverrideInitialSerfTags func(tags map[string]string) 467 468 // CAConfig is used to apply the initial Connect CA configuration when 469 // bootstrapping. 470 CAConfig *structs.CAConfiguration 471 472 // ConfigEntryBootstrap contains a list of ConfigEntries to ensure are created 473 // If entries of the same Kind/Name exist already these will not update them. 474 ConfigEntryBootstrap []structs.ConfigEntry 475 476 // AutoEncryptAllowTLS is whether to enable the server responding to 477 // AutoEncrypt.Sign requests. 478 AutoEncryptAllowTLS bool 479 480 RPCConfig RPCConfig 481 482 // Embedded Consul Enterprise specific configuration 483 *EnterpriseConfig 484} 485 486// ToTLSUtilConfig is only used by tests, usually the config is being passed 487// down from the agent. 488func (c *Config) ToTLSUtilConfig() tlsutil.Config { 489 return tlsutil.Config{ 490 VerifyIncoming: c.VerifyIncoming, 491 VerifyOutgoing: c.VerifyOutgoing, 492 VerifyServerHostname: c.VerifyServerHostname, 493 CAFile: c.CAFile, 494 CAPath: c.CAPath, 495 CertFile: c.CertFile, 496 KeyFile: c.KeyFile, 497 NodeName: c.NodeName, 498 Domain: c.Domain, 499 ServerName: c.ServerName, 500 TLSMinVersion: c.TLSMinVersion, 501 CipherSuites: c.TLSCipherSuites, 502 PreferServerCipherSuites: c.TLSPreferServerCipherSuites, 503 } 504} 505 506// CheckProtocolVersion validates the protocol version. 507func (c *Config) CheckProtocolVersion() error { 508 if c.ProtocolVersion < ProtocolVersionMin { 509 return fmt.Errorf("Protocol version '%d' too low. Must be in range: [%d, %d]", c.ProtocolVersion, ProtocolVersionMin, ProtocolVersionMax) 510 } 511 if c.ProtocolVersion > ProtocolVersionMax { 512 return fmt.Errorf("Protocol version '%d' too high. Must be in range: [%d, %d]", c.ProtocolVersion, ProtocolVersionMin, ProtocolVersionMax) 513 } 514 return nil 515} 516 517// CheckACL validates the ACL configuration. 518func (c *Config) CheckACL() error { 519 switch c.ACLDefaultPolicy { 520 case "allow": 521 case "deny": 522 default: 523 return fmt.Errorf("Unsupported default ACL policy: %s", c.ACLDefaultPolicy) 524 } 525 switch c.ACLDownPolicy { 526 case "allow": 527 case "deny": 528 case "async-cache", "extend-cache": 529 default: 530 return fmt.Errorf("Unsupported down ACL policy: %s", c.ACLDownPolicy) 531 } 532 return nil 533} 534 535// DefaultConfig returns a default configuration. 536func DefaultConfig() *Config { 537 hostname, err := os.Hostname() 538 if err != nil { 539 panic(err) 540 } 541 542 conf := &Config{ 543 Build: version.Version, 544 Datacenter: DefaultDC, 545 NodeName: hostname, 546 RPCAddr: DefaultRPCAddr, 547 RaftConfig: raft.DefaultConfig(), 548 SerfLANConfig: libserf.DefaultConfig(), 549 SerfWANConfig: libserf.DefaultConfig(), 550 SerfFloodInterval: 60 * time.Second, 551 ReconcileInterval: 60 * time.Second, 552 ProtocolVersion: ProtocolVersion2Compatible, 553 ACLRoleTTL: 30 * time.Second, 554 ACLPolicyTTL: 30 * time.Second, 555 ACLTokenTTL: 30 * time.Second, 556 ACLDefaultPolicy: "allow", 557 ACLDownPolicy: "extend-cache", 558 ACLReplicationRate: 1, 559 ACLReplicationBurst: 5, 560 ACLReplicationApplyLimit: 100, // ops / sec 561 ConfigReplicationRate: 1, 562 ConfigReplicationBurst: 5, 563 ConfigReplicationApplyLimit: 100, // ops / sec 564 FederationStateReplicationRate: 1, 565 FederationStateReplicationBurst: 5, 566 FederationStateReplicationApplyLimit: 100, // ops / sec 567 TombstoneTTL: 15 * time.Minute, 568 TombstoneTTLGranularity: 30 * time.Second, 569 SessionTTLMin: 10 * time.Second, 570 ACLTokenMinExpirationTTL: 1 * time.Minute, 571 ACLTokenMaxExpirationTTL: 24 * time.Hour, 572 573 // These are tuned to provide a total throughput of 128 updates 574 // per second. If you update these, you should update the client- 575 // side SyncCoordinateRateTarget parameter accordingly. 576 CoordinateUpdatePeriod: 5 * time.Second, 577 CoordinateUpdateBatchSize: 128, 578 CoordinateUpdateMaxBatches: 5, 579 580 CheckOutputMaxSize: checks.DefaultBufSize, 581 582 RPCRateLimit: rate.Inf, 583 RPCMaxBurst: 1000, 584 585 TLSMinVersion: "tls10", 586 587 // TODO (slackpad) - Until #3744 is done, we need to keep these 588 // in sync with agent/config/default.go. 589 AutopilotConfig: &structs.AutopilotConfig{ 590 CleanupDeadServers: true, 591 LastContactThreshold: 200 * time.Millisecond, 592 MaxTrailingLogs: 250, 593 ServerStabilizationTime: 10 * time.Second, 594 }, 595 596 CAConfig: &structs.CAConfiguration{ 597 Provider: "consul", 598 Config: map[string]interface{}{ 599 "LeafCertTTL": structs.DefaultLeafCertTTL, 600 "IntermediateCertTTL": structs.DefaultIntermediateCertTTL, 601 }, 602 }, 603 604 // Stay under the 10 second aggregation interval of 605 // go-metrics. This ensures we always report the 606 // usage metrics in each cycle. 607 MetricsReportingInterval: 9 * time.Second, 608 ServerHealthInterval: 2 * time.Second, 609 AutopilotInterval: 10 * time.Second, 610 DefaultQueryTime: 300 * time.Second, 611 MaxQueryTime: 600 * time.Second, 612 613 EnterpriseConfig: DefaultEnterpriseConfig(), 614 } 615 616 // Increase our reap interval to 3 days instead of 24h. 617 conf.SerfLANConfig.ReconnectTimeout = 3 * 24 * time.Hour 618 conf.SerfWANConfig.ReconnectTimeout = 3 * 24 * time.Hour 619 620 // WAN Serf should use the WAN timing, since we are using it 621 // to communicate between DC's 622 conf.SerfWANConfig.MemberlistConfig = memberlist.DefaultWANConfig() 623 624 // Ensure we don't have port conflicts 625 conf.SerfLANConfig.MemberlistConfig.BindPort = DefaultLANSerfPort 626 conf.SerfWANConfig.MemberlistConfig.BindPort = DefaultWANSerfPort 627 628 // Allow dead nodes to be replaced after 30 seconds. 629 conf.SerfLANConfig.MemberlistConfig.DeadNodeReclaimTime = 30 * time.Second 630 conf.SerfWANConfig.MemberlistConfig.DeadNodeReclaimTime = 30 * time.Second 631 632 // Raft protocol version 3 only works with other Consul servers running 633 // 0.8.0 or later. 634 conf.RaftConfig.ProtocolVersion = 3 635 636 // Disable shutdown on removal 637 conf.RaftConfig.ShutdownOnRemove = false 638 639 // Check every 5 seconds to see if there are enough new entries for a snapshot, can be overridden 640 conf.RaftConfig.SnapshotInterval = 30 * time.Second 641 642 // Snapshots are created every 16384 entries by default, can be overridden 643 conf.RaftConfig.SnapshotThreshold = 16384 644 645 return conf 646} 647 648// RPCConfig settings for the RPC server 649// 650// TODO: move many settings to this struct. 651type RPCConfig struct { 652 EnableStreaming bool 653} 654 655// ReloadableConfig is the configuration that is passed to ReloadConfig when 656// application config is reloaded. 657type ReloadableConfig struct { 658 RPCRateLimit rate.Limit 659 RPCMaxBurst int 660 RPCMaxConnsPerClient int 661 ConfigEntryBootstrap []structs.ConfigEntry 662 RaftSnapshotThreshold int 663 RaftSnapshotInterval time.Duration 664 RaftTrailingLogs int 665} 666