etcd/etcdmain/help.go

// Copyright 2015 CoreOS, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package etcdmain

var (
	usageline = `usage: etcd [flags]
       start an etcd server

       etcd --version
       show the version of etcd

       etcd -h | --help
       show the help information about etcd
	`
	flagsline = `
member flags:

	--name 'default'
		human-readable name for this member.
	--data-dir '${name}.etcd'
		path to the data directory.
	--wal-dir ''
		path to the dedicated wal directory.
	--snapshot-count '10000'
		number of committed transactions to trigger a snapshot to disk.
	--heartbeat-interval '100'
		time (in milliseconds) of a heartbeat interval.
	--election-timeout '1000'
		time (in milliseconds) for an election to timeout. See tuning documentation for details.
	--listen-peer-urls 'http://localhost:2380,http://localhost:7001'
		list of URLs to listen on for peer traffic.
	--listen-client-urls 'http://localhost:2379,http://localhost:4001'
		list of URLs to listen on for client traffic.
	-cors ''
		comma-separated whitelist of origins for CORS (cross-origin resource sharing).


clustering flags:

	--initial-advertise-peer-urls 'http://localhost:2380,http://localhost:7001'
		list of this member's peer URLs to advertise to the rest of the cluster.
	--initial-cluster 'default=http://localhost:2380,default=http://localhost:7001'
		initial cluster configuration for bootstrapping.
	--initial-cluster-state 'new'
		initial cluster state ('new' or 'existing').
	--initial-cluster-token 'etcd-cluster'
		initial cluster token for the etcd cluster during bootstrap.
		Specifying this can protect you from unintended cross-cluster interaction when running multiple clusters.
	--advertise-client-urls 'http://localhost:2379,http://localhost:4001'
		list of this member's client URLs to advertise to the public.
		The client URLs advertised should be accessible to machines that talk to etcd cluster. etcd client libraries parse these URLs to connect to the cluster.
	--discovery ''
		discovery URL used to bootstrap the cluster.
	--discovery-fallback 'proxy'
		expected behavior ('exit' or 'proxy') when discovery services fails.
	--discovery-proxy ''
		HTTP proxy to use for traffic to discovery service.
	--discovery-srv ''
		dns srv domain used to bootstrap the cluster.
	--strict-reconfig-check
		reject reconfiguration requests that would cause quorum loss.

proxy flags:

	--proxy 'off'
		proxy mode setting ('off', 'readonly' or 'on').
	--proxy-failure-wait 5000
		time (in milliseconds) an endpoint will be held in a failed state.
	--proxy-refresh-interval 30000
		time (in milliseconds) of the endpoints refresh interval.
	--proxy-dial-timeout 1000
		time (in milliseconds) for a dial to timeout.
	--proxy-write-timeout 5000
		time (in milliseconds) for a write to timeout.
	--proxy-read-timeout 0
		time (in milliseconds) for a read to timeout.


security flags:

	--ca-file '' [DEPRECATED]
		path to the client server TLS CA file. '-ca-file ca.crt' could be replaced by '-trusted-ca-file ca.crt -client-cert-auth' and etcd will perform the same.
	--cert-file ''
		path to the client server TLS cert file.
	--key-file ''
		path to the client server TLS key file.
	--client-cert-auth 'false'
		enable client cert authentication.
	--trusted-ca-file ''
		path to the client server TLS trusted CA key file.
	--peer-ca-file '' [DEPRECATED]
		path to the peer server TLS CA file. '-peer-ca-file ca.crt' could be replaced by '-peer-trusted-ca-file ca.crt -peer-client-cert-auth' and etcd will perform the same.
	--peer-cert-file ''
		path to the peer server TLS cert file.
	--peer-key-file ''
		path to the peer server TLS key file.
	--peer-client-cert-auth 'false'
		enable peer client cert authentication.
	--peer-trusted-ca-file ''
		path to the peer server TLS trusted CA file.

logging flags

	--debug 'false'
		enable debug-level logging for etcd.
	--log-package-levels ''
		specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG').

unsafe flags:

Please be CAUTIOUS when using unsafe flags because it will break the guarantees
given by the consensus protocol.

	--force-new-cluster 'false'
		force to create a new one-member cluster.


experimental flags:

	--experimental-v3demo 'false'
		enable experimental v3 demo API.
	--experimental-gRPC-addr '127.0.0.1:2378'
		gRPC address for experimental v3 demo API.
`
)
*: switch to line comments for copyright Build tags are not compatible with block comments. Also adds copyright header to a few places it was missing. 2015-01-25 06:19:16 +03:00			`// Copyright 2015 CoreOS, Inc.`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

etcdmain: format usage 2014-12-05 04:07:04 +03:00			`package etcdmain`

			`var (`
			usageline = `usage: etcd [flags]
			`start an etcd server`

			`etcd --version`
			`show the version of etcd`

			`etcd -h \| --help`
			`show the help information about etcd`
			`
			flagsline = `
			`member flags:`

			`--name 'default'`
			`human-readable name for this member.`
			`--data-dir '${name}.etcd'`
			`path to the data directory.`
*: support wal dir 2015-09-01 01:01:18 +03:00			`--wal-dir ''`
			`path to the dedicated wal directory.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--snapshot-count '10000'`
			`number of committed transactions to trigger a snapshot to disk.`
etcdserver: make heartbeat/election configurable 2015-01-15 22:11:33 +03:00			`--heartbeat-interval '100'`
			`time (in milliseconds) of a heartbeat interval.`
			`--election-timeout '1000'`
etcdmain: reject unreasonably high values of -election-timeout This helps users to detect setting problem early. 2015-07-24 00:48:11 +03:00			`time (in milliseconds) for an election to timeout. See tuning documentation for details.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--listen-peer-urls 'http://localhost:2380,http://localhost:7001'`
			`list of URLs to listen on for peer traffic.`
			`--listen-client-urls 'http://localhost:2379,http://localhost:4001'`
			`list of URLs to listen on for client traffic.`
			`-cors ''`
			`comma-separated whitelist of origins for CORS (cross-origin resource sharing).`


			`clustering flags:`

			`--initial-advertise-peer-urls 'http://localhost:2380,http://localhost:7001'`
etcdmain: fix logging flag documentation 2015-04-28 23:29:58 +03:00			`list of this member's peer URLs to advertise to the rest of the cluster.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--initial-cluster 'default=http://localhost:2380,default=http://localhost:7001'`
			`initial cluster configuration for bootstrapping.`
			`--initial-cluster-state 'new'`
			`initial cluster state ('new' or 'existing').`
			`--initial-cluster-token 'etcd-cluster'`
			`initial cluster token for the etcd cluster during bootstrap.`
etcdmain: more description for init cluster token This adds more description to initial-cluster-token from https://github.com/coreos/etcd/issues/3690 to help.go. 2015-11-10 20:26:33 +03:00			`Specifying this can protect you from unintended cross-cluster interaction when running multiple clusters.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--advertise-client-urls 'http://localhost:2379,http://localhost:4001'`
etcdmain: advertise-client-urls must be set if listen-client-urls is set Before this PR, people can set listen-client-urls without setting advertise-client-urls, and leaves advertise-client-urls as default localhost value. The client libraries which sync the cluster info fetch wrong advertise-client-urls and cannot connect to the cluster. This PR avoids this case and provides better UX. On the other hand, this change is safe because people always want to set advertise-client-urls if listen-client-urls is set. The default localhost advertise url cannot be accessed from the outside, and should always be set except that etcd is bootstrapped with no flag. 2015-04-26 18:15:19 +03:00			`list of this member's client URLs to advertise to the public.`
			`The client URLs advertised should be accessible to machines that talk to etcd cluster. etcd client libraries parse these URLs to connect to the cluster.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--discovery ''`
			`discovery URL used to bootstrap the cluster.`
			`--discovery-fallback 'proxy'`
			`expected behavior ('exit' or 'proxy') when discovery services fails.`
			`--discovery-proxy ''`
			`HTTP proxy to use for traffic to discovery service.`
etcdmain: add config.go 2014-12-20 01:47:07 +03:00			`--discovery-srv ''`
doc: doc addition/fix for discovery-srv flag 2014-12-22 23:10:04 +03:00			`dns srv domain used to bootstrap the cluster.`
doc: add a description of -strict-reconfig-check 2015-09-18 08:05:57 +03:00			`--strict-reconfig-check`
			`reject reconfiguration requests that would cause quorum loss.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00
			`proxy flags:`

			`--proxy 'off'`
			`proxy mode setting ('off', 'readonly' or 'on').`
proxy: added endpoint refresh and timeout configuration values the default dial timeout was set to 30 seconds this made the proxy a pain to use in failure scenarios. fixes 2862 2015-06-12 21:35:38 +03:00			`--proxy-failure-wait 5000`
			`time (in milliseconds) an endpoint will be held in a failed state.`
			`--proxy-refresh-interval 30000`
			`time (in milliseconds) of the endpoints refresh interval.`
			`--proxy-dial-timeout 1000`
			`time (in milliseconds) for a dial to timeout.`
			`--proxy-write-timeout 5000`
			`time (in milliseconds) for a write to timeout.`
			`--proxy-read-timeout 0`
			`time (in milliseconds) for a read to timeout.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00

			`security flags:`

etcdmain: deprecate --ca-file and --peer-ca-file 1. Print out DEPRECATE warning when running and configuration doc. 2. Use new flags for security example. 2015-04-07 01:26:41 +03:00			`--ca-file '' [DEPRECATED]`
etcdmain: update -ca-file description so people could deprecate old flags and use new flags much easier. 2015-08-14 23:58:22 +03:00			`path to the client server TLS CA file. '-ca-file ca.crt' could be replaced by '-trusted-ca-file ca.crt -client-cert-auth' and etcd will perform the same.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--cert-file ''`
			`path to the client server TLS cert file.`
			`--key-file ''`
			`path to the client server TLS key file.`
etcd: server SSL and client cert auth configuration is more explicit etcd does not provide enough flexibility to configure server SSL and client authentication separately. When configuring server SSL the `--ca-file` flag is required to trust self-signed SSL certificates used to service client requests. The `--ca-file` has the side effect of enabling client cert authentication. This can be surprising for those looking to simply secure communication between an etcd server and client. Resolve this issue by introducing four new flags: --client-cert-auth --peer-client-cert-auth --trusted-ca-file --peer-trusted-ca-file These new flags will allow etcd to support a more explicit SSL configuration for both etcd clients and peers. Example usage: Start etcd with server SSL and no client cert authentication: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt Start etcd with server SSL and enable client cert authentication: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt \ --client-cert-auth Start etcd with server SSL and client cert authentication for both peer and client endpoints: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt \ --client-cert-auth \ --peer-cert-file etcd0.example.com.crt \ --peer-key-file etcd0.example.com.key \ --peer-trusted-ca-file ca.crt \ --peer-client-cert-auth This change is backwards compatible with etcd versions 2.0.0+. The current behavior of the `--ca-file` flag is preserved. Fixes #2499. 2015-03-13 08:26:46 +03:00			`--client-cert-auth 'false'`
			`enable client cert authentication.`
			`--trusted-ca-file ''`
			`path to the client server TLS trusted CA key file.`
etcdmain: deprecate --ca-file and --peer-ca-file 1. Print out DEPRECATE warning when running and configuration doc. 2. Use new flags for security example. 2015-04-07 01:26:41 +03:00			`--peer-ca-file '' [DEPRECATED]`
etcdmain: update -ca-file description so people could deprecate old flags and use new flags much easier. 2015-08-14 23:58:22 +03:00			`path to the peer server TLS CA file. '-peer-ca-file ca.crt' could be replaced by '-peer-trusted-ca-file ca.crt -peer-client-cert-auth' and etcd will perform the same.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--peer-cert-file ''`
			`path to the peer server TLS cert file.`
			`--peer-key-file ''`
			`path to the peer server TLS key file.`
etcd: server SSL and client cert auth configuration is more explicit etcd does not provide enough flexibility to configure server SSL and client authentication separately. When configuring server SSL the `--ca-file` flag is required to trust self-signed SSL certificates used to service client requests. The `--ca-file` has the side effect of enabling client cert authentication. This can be surprising for those looking to simply secure communication between an etcd server and client. Resolve this issue by introducing four new flags: --client-cert-auth --peer-client-cert-auth --trusted-ca-file --peer-trusted-ca-file These new flags will allow etcd to support a more explicit SSL configuration for both etcd clients and peers. Example usage: Start etcd with server SSL and no client cert authentication: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt Start etcd with server SSL and enable client cert authentication: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt \ --client-cert-auth Start etcd with server SSL and client cert authentication for both peer and client endpoints: etcd -name etcd0 \ --advertise-client-urls https://etcd0.example.com:2379 \ --cert-file etcd0.example.com.crt \ --key-file etcd0.example.com.key \ --trusted-ca-file ca.crt \ --client-cert-auth \ --peer-cert-file etcd0.example.com.crt \ --peer-key-file etcd0.example.com.key \ --peer-trusted-ca-file ca.crt \ --peer-client-cert-auth This change is backwards compatible with etcd versions 2.0.0+. The current behavior of the `--ca-file` flag is preserved. Fixes #2499. 2015-03-13 08:26:46 +03:00			`--peer-client-cert-auth 'false'`
			`enable peer client cert authentication.`
			`--peer-trusted-ca-file ''`
			`path to the peer server TLS trusted CA file.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00
etcdmain: fix logging flag documentation 2015-04-28 23:29:58 +03:00			`logging flags`

			`--debug 'false'`
			`enable debug-level logging for etcd.`
			`--log-package-levels ''`
etcdmain: make flags and formats idential This makes flagsline and config.go identical in its flag description and some punctuation conventions. 2015-10-25 16:31:37 +03:00			`specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG').`
etcdmain: format usage 2014-12-05 04:07:04 +03:00
			`unsafe flags:`

Documentation: fixup grammar around the unsafe flags 2015-03-19 02:39:45 +03:00			`Please be CAUTIOUS when using unsafe flags because it will break the guarantees`
			`given by the consensus protocol.`
etcdmain: fix logging flag documentation 2015-04-28 23:29:58 +03:00
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`--force-new-cluster 'false'`
			`force to create a new one-member cluster.`
*: better flag 2015-08-10 19:53:17 +03:00

			`experimental flags:`

			`--experimental-v3demo 'false'`
etcdmain: make flags and formats idential This makes flagsline and config.go identical in its flag description and some punctuation conventions. 2015-10-25 16:31:37 +03:00			`enable experimental v3 demo API.`
			`--experimental-gRPC-addr '127.0.0.1:2378'`
			`gRPC address for experimental v3 demo API.`
etcdmain: format usage 2014-12-05 04:07:04 +03:00			`
			`)`