Consul
Agent Configuration
The agent has various configuration options that can be specified via the command-line or via configuration files. All of the configuration options are completely optional. Defaults are specified with their descriptions.
Configuration precedence is evaluated in the following order:
When loading configuration, the Consul agent loads the configuration from files and
directories in lexical order. For example, configuration file
basic_config.json
will be processed before extra_config.json
. Configuration
can be in either HCL or JSON format.
Available in Consul 1.0 and later, the HCL support now requires an .hcl
or
.json
extension on all configuration files in order to specify their format.
Configuration specified later will be merged into configuration specified earlier. In most cases, "merge" means that the later version will override the earlier. In some cases, such as event handlers, merging appends the handlers to the existing configuration. The exact merging behavior is specified for each option below.
The Consul agent also supports reloading configuration when it receives the SIGHUP signal. Not all changes are respected, but those that are documented below in the Reloadable Configuration section. The reload command can also be used to trigger a configuration reload.
You can test the following configuration options by following the Get Started tutorials to install an agent in a VM.
Ports Used
Consul requires up to 6 different ports to work properly, some on TCP, UDP, or both protocols.
Review the required ports table for a list of required ports and their default settings.
Reloadable Configuration
Some agent configuration options are reloadable at runtime.
You can run the consul reload
command to manually reload supported options from configuration files in the configuration directory.
To configure the agent to automatically reload configuration files updated on disk,
set the auto_reload_config
configuration option parameter to true
.
The following agent configuration options are reloadable at runtime:
ACL Tokens
Checks
HTTP Client Address
Log level
Some Raft options (since Consul 1.10.0)
raft_snapshot_threshold
raft_snapshot_interval
raft_trailing_logs
- These can be important in certain outage situations so being able to control them without a restart provides a recovery path that doesn't involve downtime. They generally shouldn't be changed otherwise.
Services
TLS Configuration
Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading.
To avoid a potential security issue, the following TLS configuration parameters do not automatically reload when -auto-reload-config is enabled:
- encrypt_verify_incoming
- verify_incoming
- verify_incoming_rpc
- verify_incoming_https
- verify_outgoing
- verify_server_hostname
- ca_file
- ca_path
If any of those configurations are changed while -auto-reload-config is enabled, Consul will issue the following warning,
Static Runtime config has changed and need a manual config reload to be applied
. You must manually issue theconsul reload
command or send aSIGHUP
to the Consul process to reload the new values.
Watches