mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
0dba086cdb
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
91 lines
4.7 KiB
Plaintext
91 lines
4.7 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Agents: Configuration Explained
|
|
description: >-
|
|
Agent configuration is the process of defining server and client agent properties with CLI flags and configuration files. Learn what properties can be configured on reload and how Consul sets precedence for configuration settings.
|
|
---
|
|
|
|
# Agent Configuration
|
|
|
|
The agent has various configuration options that can be specified via
|
|
the command-line or via configuration files. All of the configuration
|
|
options are completely optional. Defaults are specified with their
|
|
descriptions.
|
|
|
|
Configuration precedence is evaluated in the following order:
|
|
|
|
1. [Command line arguments](/docs/agent/config/cli-flags)
|
|
2. [Configuration files](/docs/agent/config/config-files)
|
|
|
|
When loading configuration, the Consul agent loads the configuration from files and
|
|
directories in lexical order. For example, configuration file
|
|
`basic_config.json` will be processed before `extra_config.json`. Configuration
|
|
can be in either [HCL](https://github.com/hashicorp/hcl#syntax) or JSON format.
|
|
Available in Consul 1.0 and later, the HCL support now requires an `.hcl` or
|
|
`.json` extension on all configuration files in order to specify their format.
|
|
|
|
Configuration specified later will be merged into configuration specified
|
|
earlier. In most cases, "merge" means that the later version will override the
|
|
earlier. In some cases, such as event handlers, merging appends the handlers to
|
|
the existing configuration. The exact merging behavior is specified for each
|
|
option below.
|
|
|
|
The Consul agent also supports reloading configuration when it receives the
|
|
SIGHUP signal. Not all changes are respected, but those that are
|
|
documented below in the
|
|
[Reloadable Configuration](#reloadable-configuration) section. The
|
|
[reload command](/commands/reload) can also be used to trigger a
|
|
configuration reload.
|
|
|
|
You can test the following configuration options by following the
|
|
[Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-install?utm_source=docs)
|
|
tutorials to install a local agent.
|
|
|
|
## Ports Used
|
|
|
|
Consul requires up to 6 different ports to work properly, some on
|
|
TCP, UDP, or both protocols.
|
|
|
|
Review the [required ports](/docs/install/ports) table for a list of
|
|
required ports and their default settings.
|
|
|
|
## Reloadable Configuration
|
|
|
|
Reloading configuration does not reload all configuration items. The
|
|
items which are reloaded include:
|
|
|
|
- ACL Tokens
|
|
- [Configuration Entry Bootstrap](/docs/agent/config/config-files#config_entries_bootstrap)
|
|
- Checks
|
|
- [Discard Check Output](/docs/agent/config/config-files#discard_check_output)
|
|
- HTTP Client Address
|
|
- Log level
|
|
- [Metric Prefix Filter](/docs/agent/config/config-files#telemetry-prefix_filter)
|
|
- [Node Metadata](/docs/agent/config/config-files#node_meta)
|
|
- Some Raft options (since Consul 1.10.0)
|
|
- [`raft_snapshot_threshold`](/docs/agent/config/config-files#_raft_snapshot_threshold)
|
|
- [`raft_snapshot_interval`](/docs/agent/config/config-files#_raft_snapshot_interval)
|
|
- [`raft_trailing_logs`](/docs/agent/config/config-files#_raft_trailing_logs)
|
|
- These can be important in certain outage situations so being able to control
|
|
them without a restart provides a recovery path that doesn't involve
|
|
downtime. They generally shouldn't be changed otherwise.
|
|
- [RPC rate limiting](/docs/agent/config/config-files#limits)
|
|
- [HTTP Maximum Connections per Client](/docs/agent/config/config-files#http_max_conns_per_client)
|
|
- Services
|
|
- TLS Configuration
|
|
- Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading.
|
|
- To avoid a potential security issue, the following TLS configuration parameters do not automatically reload when [-auto-reload-config](/docs/agent/config/cli-flags#_auto_reload_config) is enabled:
|
|
- [encrypt_verify_incoming](/docs/agent/config/config-files#encrypt_verify_incoming)
|
|
- [verify_incoming](/docs/agent/config/config-files#verify_incoming)
|
|
- [verify_incoming_rpc](/docs/agent/config/config-files#verify_incoming_rpc)
|
|
- [verify_incoming_https](/docs/agent/config/config-files#verify_incoming_https)
|
|
- [verify_outgoing](/docs/agent/config/config-files#verify_outgoing)
|
|
- [verify_server_hostname](/docs/agent/config/config-files#verify_server_hostname)
|
|
- [ca_file](/docs/agent/config/config-files#ca_file)
|
|
- [ca_path](/docs/agent/config/config-files#ca_path)
|
|
|
|
If any of those configurations are changed while [-auto-reload-config](/docs/agent/config/cli-flags#_auto_reload_config) is enabled,
|
|
Consul will issue the following warning, `Static Runtime config has changed and need a manual config reload to be applied`.
|
|
You must manually issue the `consul reload` command or send a `SIGHUP` to the Consul process to reload the new values.
|
|
- Watches
|