README
¶
Overview
nomad/structs/config is a package for configuration structs that are
shared among packages that needs the same struct definitions, but can't
import each other without creating a cyle. This config package must be
terminal in the import graph (or very close to terminal in the dependency
graph).
Documentation
¶
Index ¶
Constants ¶
View Source
const ( // DefaultVaultConnectRetryIntv is the retry interval between trying to // connect to Vault DefaultVaultConnectRetryIntv = 30 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConsulConfig ¶
type ConsulConfig struct {
// ServerServiceName is the name of the service that Nomad uses to register
// servers with Consul
ServerServiceName string `mapstructure:"server_service_name"`
// ClientServiceName is the name of the service that Nomad uses to register
// clients with Consul
ClientServiceName string `mapstructure:"client_service_name"`
// AutoAdvertise determines if this Nomad Agent will advertise its
// services via Consul. When true, Nomad Agent will register
// services with Consul.
AutoAdvertise bool `mapstructure:"auto_advertise"`
// ChecksUseAdvertise specifies that Consul checks should use advertise
// address instead of bind address
ChecksUseAdvertise bool `mapstructure:"checks_use_advertise"`
// Addr is the address of the local Consul agent
Addr string `mapstructure:"address"`
// Timeout is used by Consul HTTP Client
Timeout time.Duration `mapstructure:"timeout"`
// Token is used to provide a per-request ACL token. This options overrides
// the agent's default token
Token string `mapstructure:"token"`
// Auth is the information to use for http access to Consul agent
Auth string `mapstructure:"auth"`
// EnableSSL sets the transport scheme to talk to the Consul agent as https
EnableSSL bool `mapstructure:"ssl"`
// VerifySSL enables or disables SSL verification when the transport scheme
// for the consul api client is https
VerifySSL bool `mapstructure:"verify_ssl"`
// CAFile is the path to the ca certificate used for Consul communication
CAFile string `mapstructure:"ca_file"`
// CertFile is the path to the certificate for Consul communication
CertFile string `mapstructure:"cert_file"`
// KeyFile is the path to the private key for Consul communication
KeyFile string `mapstructure:"key_file"`
// ServerAutoJoin enables Nomad servers to find peers by querying Consul and
// joining them
ServerAutoJoin bool `mapstructure:"server_auto_join"`
// ClientAutoJoin enables Nomad servers to find addresses of Nomad servers
// and register with them
ClientAutoJoin bool `mapstructure:"client_auto_join"`
}
ConsulConfig contains the configuration information necessary to communicate with a Consul Agent in order to:
- Register services and their checks with Consul
- Bootstrap this Nomad Client with the list of Nomad Servers registered with Consul
Both the Agent and the executor need to be able to import ConsulConfig.
func DefaultConsulConfig ¶
func DefaultConsulConfig() *ConsulConfig
DefaultConsulConfig() returns the canonical defaults for the Nomad `consul` configuration.
func (*ConsulConfig) ApiConfig ¶
func (c *ConsulConfig) ApiConfig() (*consul.Config, error)
ApiConfig() returns a usable Consul config that can be passed directly to hashicorp/consul/api. NOTE: datacenter is not set
func (*ConsulConfig) Copy ¶ added in v0.5.0
func (c *ConsulConfig) Copy() *ConsulConfig
Copy returns a copy of this Consul config.
func (*ConsulConfig) Merge ¶
func (a *ConsulConfig) Merge(b *ConsulConfig) *ConsulConfig
Merge merges two Consul Configurations together.
type TLSConfig ¶ added in v0.5.0
type TLSConfig struct {
// EnableHTTP enabled TLS for http traffic to the Nomad server and clients
EnableHTTP bool `mapstructure:"http"`
// EnableRPC enables TLS for RPC and Raft traffic to the Nomad servers
EnableRPC bool `mapstructure:"rpc"`
// VerifyServerHostname is used to enable hostname verification of servers. This
// ensures that the certificate presented is valid for server.<region>.nomad
// This prevents a compromised client from being restarted as a server, and then
// intercepting request traffic as well as being added as a raft peer. This should be
// enabled by default with VerifyOutgoing, but for legacy reasons we cannot break
// existing clients.
VerifyServerHostname bool `mapstructure:"verify_server_hostname"`
// CAFile is a path to a certificate authority file. This is used with VerifyIncoming
// or VerifyOutgoing to verify the TLS connection.
CAFile string `mapstructure:"ca_file"`
// CertFile is used to provide a TLS certificate that is used for serving TLS connections.
// Must be provided to serve TLS connections.
CertFile string `mapstructure:"cert_file"`
// KeyFile is used to provide a TLS key that is used for serving TLS connections.
// Must be provided to serve TLS connections.
KeyFile string `mapstructure:"key_file"`
}
TLSConfig provides TLS related configuration
type VaultConfig ¶ added in v0.5.0
type VaultConfig struct {
// Enabled enables or disables Vault support.
Enabled *bool `mapstructure:"enabled"`
// Token is the Vault token given to Nomad such that it can
// derive child tokens. Nomad will renew this token at half its lease
// lifetime.
Token string `mapstructure:"token"`
// AllowUnauthenticated allows users to submit jobs requiring Vault tokens
// without providing a Vault token proving they have access to these
// policies.
AllowUnauthenticated *bool `mapstructure:"allow_unauthenticated"`
// TaskTokenTTL is the TTL of the tokens created by Nomad Servers and used
// by the client. There should be a minimum time value such that the client
// does not have to renew with Vault at a very high frequency
TaskTokenTTL string `mapstructure:"task_token_ttl"`
// Addr is the address of the local Vault agent. This should be a complete
// URL such as "http://vault.example.com"
Addr string `mapstructure:"address"`
// ConnectionRetryIntv is the interval to wait before re-attempting to
// connect to Vault.
ConnectionRetryIntv time.Duration
// TLSCaFile is the path to a PEM-encoded CA cert file to use to verify the
// Vault server SSL certificate.
TLSCaFile string `mapstructure:"ca_file"`
// TLSCaFile is the path to a directory of PEM-encoded CA cert files to
// verify the Vault server SSL certificate.
TLSCaPath string `mapstructure:"ca_path"`
// TLSCertFile is the path to the certificate for Vault communication
TLSCertFile string `mapstructure:"cert_file"`
// TLSKeyFile is the path to the private key for Vault communication
TLSKeyFile string `mapstructure:"key_file"`
// TLSSkipVerify enables or disables SSL verification
TLSSkipVerify *bool `mapstructure:"tls_skip_verify"`
// TLSServerName, if set, is used to set the SNI host when connecting via TLS.
TLSServerName string `mapstructure:"tls_server_name"`
}
VaultConfig contains the configuration information necessary to communicate with Vault in order to:
- Renew Vault tokens/leases.
- Pass a token for the Nomad Server to derive sub-tokens.
- Create child tokens with policy subsets of the Server's token.
func DefaultVaultConfig ¶ added in v0.5.0
func DefaultVaultConfig() *VaultConfig
DefaultVaultConfig() returns the canonical defaults for the Nomad `vault` configuration.
func (*VaultConfig) AllowsUnauthenticated ¶ added in v0.5.0
func (a *VaultConfig) AllowsUnauthenticated() bool
AllowsUnauthenticated returns whether the config allows unauthenticated access to Vault
func (*VaultConfig) ApiConfig ¶ added in v0.5.0
func (c *VaultConfig) ApiConfig() (*vault.Config, error)
ApiConfig() returns a usable Vault config that can be passed directly to hashicorp/vault/api.
func (*VaultConfig) Copy ¶ added in v0.5.0
func (c *VaultConfig) Copy() *VaultConfig
Copy returns a copy of this Vault config.
func (*VaultConfig) IsEnabled ¶ added in v0.5.0
func (a *VaultConfig) IsEnabled() bool
IsEnabled returns whether the config enables Vault integration
func (*VaultConfig) Merge ¶ added in v0.5.0
func (a *VaultConfig) Merge(b *VaultConfig) *VaultConfig
Merge merges two Vault configurations together.
Source Files
Click to show internal directories.
Click to hide internal directories.