Translate to: https://github.com/hashicorp/consul-template
Consul-Template configuration files are written using [HashiCorp Configuration Language (HCL)]. This means ```Consul Template is JSON-compatible. For more information, please see [HCL Specification](https:#github.com/ hashcorp/hcl)
consul = "127.0.0.1:8500"
#This is the address of the Consul Agent to connect to. The default is 127.0.0.1:8500. This is the default binding address and port of Consul. It is not recommended to directly interact with the Consul Server, please interact with the local Consul Agent. The reason for this is that the local agent can reuse the connection with the server. Reduce the number of HTTP connections. In addition, this address is easier to remember.
token = "abcd1234"
# This is the ACL token used to connect to Consul. It does not need to be set if your cluster is not enabled. This option can also be set through the environment variable CONSUL_TOKEN
reload_signal = "SIGHUP"
# This is the signal that listens for the reload event. The default value is SIGHUP. Setting this value to empty will cause CT to not listen to the reload event.
dump_signal = "SIGQUIT"
# This is the signal that listens for the core dump event. The default value is SIGQUIT. Setting this value to empty will cause CT to not listen to the core dump signal.
kill_signal = "SIGINT"
# This is the signal that listens for the graceful stop event. The default value is SIGINT. Setting this value to empty will cause CT to not listen for the graceful stop signal.
retry = "10s"
# This is the retry time for connecting to Consul. Consul Template is designed with high fault tolerance. This means that it will not exit if it fails. Instead, it will perform exponential compensation and retry according to the conventions of distributed systems to wait for the cluster to recover.
max_stale = "10m"
#This is the maximum time to allow stale data. Consul defaults only the leader to respond to requests. All requests to followers will be forwarded to the leader. In large clusters with a large number of requests, this is not scalable enough. So this option allows Any follower responds to the query, as long as the last replicated data is within this range. The higher the value, the less the cluster load, but the returned data may be outdated.
log_level = "warn"
# Configure the log level. If an error is found in Consul Template, enable the debug debug log so we can help identify the problem; it can also be specified via the command line.
pid_file = "/path/to/pid"
# Path to the PID file for the process ID of the Consul Template process. Used when a custom signal needs to be sent to the process.
wait = "5s:10s"
#This is a static timer, which defines the minimum and maximum time to wait for the cluster to reach a consistent state before template rendering. This is useful in some systems with large changes, which can reduce the number of template renderings
# This part configures the basic permission verification information for the request
auth {
enabled = true
username = "test"
password = "test"
}
# This section configures the SSL information for connecting to the Consul server.
ssl {
enabled = true # This switch needs to be turned on first to use SSL
verify = true #Enable ssl authentication, the default setting and true, when enabled, it will check the global CA chain to confirm whether the certificate is valid, if it is a self-signed certificate, you need to disable ssl authentication, that is, set it to false
cert = "/path/to/client/cert"
key = "/path/to/client/key"
#The certificate storage location for authentication. If only the certificate is provided, it needs to be an X509 certificate converted from the certificate and key. If the certificate and key are specified at the same time, conul template will automatically combine them to form an X509 certificate
# This is the path to the certificate authority to use as a CA. This isuseful for self-signed certificates or for organizations using their own internal certificate authority.
ca_cert = "/path/to/ca"
# This is the path the certificate authority uses as a CA, for self-signed certificates or organizations using their own internal certificate authority
}
# Set the configuration to connect to the syslog server for logging
syslog {
enabled = true # turn on the switch
facility = "LOCAL5" # facility name
}
# This section defines the configuration of de-duplication mode
deduplicate {
enabled = true
#Enable de-duplication mode. Specify other related options to also enable de-duplication mode.
prefix = "consul-template/dedup/"
# The directory prefix for storing the pre-rendered kv value of the de-duplication template
}
# This section is used to define the configuration of exec mode
exec {
command = "/usr/bin/app"
# This is the command to be executed via the subprocess. There can only be one command per Consul template.
splay = "5s" # This is a random wait state before killing the command. The default is 0 (do not wait), but large clusters should consider setting the splay value to prevent simultaneous reloading of all child processes when data changes occur. When this value is set to non-zero, the Consul template will wait a random amount of time not greater than the splay value before reloading or terminating the child process.
#This part is related to the configuration of the child process environment variables
env {
pristine = false #This specifies whether the child process should inherit the parent's environment variables. By default, the child process has access to the environment variables of the parent process. Setting it to true will only send the value specified in `custom_env` to child processes.
custom = ["PATH=$PATH:/etc/myapp/bin"] #Custom environment variables passed to the runtime environment of the child process. If a custom environment variable shares its name with a system environment variable, the custom environment variable takes precedence. All values in this option will be provided to the child process even if pristine, whitelist and blacklist are specified.
whitelist = ["CONSUL_*"] #Specify the whitelist of environment variables to be exposed to child processes. If specified, only those environment variables that match the given pattern will be exposed to child processes. These strings are matched using Go's glob function, so wildcards are allowed.
blacklist = ["VAULT_*"] #Specify the blacklist of environment variables to be exposed to child processes. If specified, any environment variables matching the given pattern will not be exposed to child processes, even if they are whitelisted. The value in this option takes precedence over the value in the whitelist. These strings are matched using Go's glob function, so wildcards are allowed.
}
reload_signal = "SIGUSR1"
# This defines the signal that will be sent to the child process when the watch template changes. The signal will only be sent after the process has started, and the process will not start until all related templates have been rendered at least once. The default value is "" (null or zero), which tells the Consul template to restart the child process instead of sending a signal. Because some applications don't load config files well
kill_signal = "SIGINT"
# This defines the signal sent to the child process when the Consul template is closed gracefully. The application should start to clean up gracefully. If the application does not terminate before `kill_timeout`, it will be force terminated ("kill -9"). The default value is "SIGTERM".
kill_timeout = "2s"
# This defines how long to wait for the child process to terminate normally when the Consul template exits. After this specific time, the child process will be forcibly killed (effectively "kill -9"). The default value is "30s"
}
# This part defines the configuration of the template, which is different from other configuration blocks. This part can be configured multiple times for different templates. It can also be configured directly in the CLI command head
template {
source = "/path/on/disk/to/template.ctmpl"
# This is the configuration file path of the input template. If you do not use the contents option, you must configure this item
destination = "/path/on/disk/where/template/will/render.txt"
# Specify the path of the rendered template. If the parent directory does not exist, Consul Template will be created automatically unless create_dest_dirs is set to false.
create_dest_dirs = true
# Defaults to true, automatically created when the parent directory of the target path does not exist
contents = "{{ keyOrDefault \"service/redis/maxconns@east-aws\" \"5\" }}"
# This option allows to embed the content of the template into the config file instead of giving the "source" path to the template file. This is useful for short templates. This option is mutually exclusive with the `source` option.
command = "restart service foo"
# The command to run when the template is rendered, optional parameter. This command will only run if the generated template has changed. The command must return within 30 seconds (configurable) and must have a successful exit code, Consul Template is not a substitute for process monitoring or the init system
command_timeout = "60s"
# This is the maximum time to wait for the command to return, the default is 30 seconds
# Access a non-existing structure or map field/key to exit with an error. When the accessed field does not exist, "<no value>" is printed by default. It is recommended to set it to "true"
error_on_missing_key = false
perms = 0600
# Specify the permission of the rendered file. If not specified, the consul template will match other files in this directory. If it is an empty directory, the rendered file permission will be set to 644
backup = true
# Before rendering the file, the original file will be backed up, which can be used as a fallback strategy for misoperation
left_delimiter = "{{"
right_delimiter = "}}"
# Specify the delimiter of the template, the default is {{ and }}, but some templates may be more suitable to specify other delimiters to avoid conflicts with the rendered file
wait = "2s:6s"
# Specify the maximum and minimum time to wait for a new template to render to disk and trigger the script, in the format `minimum(:maximum), separated by ':'. If no maximum is specified, it is set to 4 times the minimum, which is a numeric time with a unit suffix ("5s"). There is no default value. The wait value of the template has a higher priority than the globally configured wait time.
}