Commit Graph

20 Commits (b97f78d356d13f7a5170e5735dc1169b823e0ad6)

Author SHA1 Message Date
Yiqiao Pu ddc4f8bd45 etcdmain: Add max-snapshots and max-wals to help
Based on the configuration doc, seems these two flags are missing
in the help. So add them and the descriptions are from config.go in
the same directory.

Signed-off-by: Yiqiao Pu <ypu@redhat.com>
2015-11-19 11:58:00 +08:00
Gyu-Ho Lee 5eb57c2aee etcdmain: more description for init cluster token
This adds more description to initial-cluster-token from
https://github.com/coreos/etcd/issues/3690 to help.go.
2015-11-10 09:40:08 -08:00
Xiang Li ab4892ade2 Merge pull request #3749 from gyuho/etcdmain_flags_20151025
etcdmain: make flags and formats idential
2015-10-26 20:54:37 -07:00
Gyu-Ho Lee 52782cf8ee etcdmain: make flags and formats idential
This makes flagsline and config.go identical in its flag description and some
punctuation conventions.
2015-10-25 06:31:37 -07:00
Hitoshi Mitake 78791f81a6 doc: add a description of -strict-reconfig-check 2015-09-24 11:44:55 +09:00
Xiang Li d94e712d91 *: support wal dir 2015-09-01 09:54:27 -07:00
Yicheng Qin c0747a7b8b etcdmain: update -ca-file description
so people could deprecate old flags and use new flags much easier.
2015-08-17 22:36:04 -07:00
Xiang Li c1e0b19f9f *: better flag 2015-08-10 09:53:17 -07:00
Yicheng Qin ec214030d0 etcdmain: reject unreasonably high values of -election-timeout
This helps users to detect setting problem early.
2015-07-28 10:07:57 -07:00
Wolfgang Ebner 1264dbe24d proxy: added endpoint refresh and timeout configuration values
the default dial timeout was set to 30 seconds this made the proxy a pain to use
in failure scenarios.

fixes 2862
2015-06-13 09:42:18 +02:00
Yicheng Qin 3f90394fbb etcdmain: advertise-client-urls must be set if listen-client-urls is set
Before this PR, people can set listen-client-urls without setting
advertise-client-urls, and leaves advertise-client-urls as default
localhost value. The client libraries which sync the cluster info
fetch wrong advertise-client-urls and cannot connect to the cluster.
This PR avoids this case and provides better UX.

On the other hand, this change is safe because people always want to set
advertise-client-urls if listen-client-urls is set. The default localhost
advertise url cannot be accessed from the outside, and should always be
set except that etcd is bootstrapped with no flag.
2015-04-29 09:52:15 -07:00
Barak Michener ad8e3ea5dc etcdmain: fix logging flag documentation 2015-04-28 16:31:19 -04:00
Yicheng Qin 2f7b9a2232 etcdmain: deprecate --ca-file and --peer-ca-file
1. Print out DEPRECATE warning when running and configuration doc.
2. Use new flags for security example.
2015-04-09 10:14:32 -07:00
Brandon Philips 408cfc4f28 Documentation: fixup grammar around the unsafe flags 2015-03-18 16:39:45 -07:00
Kelsey Hightower 8dd8b1cdc2 etcd: server SSL and client cert auth configuration is more explicit
etcd does not provide enough flexibility to configure server SSL and
client authentication separately. When configuring server SSL the
`--ca-file` flag is required to trust self-signed SSL certificates
used to service client requests.

The `--ca-file` has the side effect of enabling client cert
authentication. This can be surprising for those looking to simply
secure communication between an etcd server and client.

Resolve this issue by introducing four new flags:

    --client-cert-auth
    --peer-client-cert-auth
    --trusted-ca-file
    --peer-trusted-ca-file

These new flags will allow etcd to support a more explicit SSL
configuration for both etcd clients and peers.

Example usage:

Start etcd with server SSL and no client cert authentication:

    etcd -name etcd0 \
    --advertise-client-urls https://etcd0.example.com:2379 \
    --cert-file etcd0.example.com.crt \
    --key-file etcd0.example.com.key \
    --trusted-ca-file ca.crt

Start etcd with server SSL and enable client cert authentication:

    etcd -name etcd0 \
    --advertise-client-urls https://etcd0.example.com:2379 \
    --cert-file etcd0.example.com.crt \
    --key-file etcd0.example.com.key \
    --trusted-ca-file ca.crt \
    --client-cert-auth

Start etcd with server SSL and client cert authentication for both
peer and client endpoints:

    etcd -name etcd0 \
    --advertise-client-urls https://etcd0.example.com:2379 \
    --cert-file etcd0.example.com.crt \
    --key-file etcd0.example.com.key \
    --trusted-ca-file ca.crt \
    --client-cert-auth \
    --peer-cert-file etcd0.example.com.crt \
    --peer-key-file etcd0.example.com.key \
    --peer-trusted-ca-file ca.crt \
    --peer-client-cert-auth

This change is backwards compatible with etcd versions 2.0.0+. The
current behavior of the `--ca-file` flag is preserved.

Fixes #2499.
2015-03-12 23:09:54 -07:00
Jonathan Boulle f1ed69e883 *: switch to line comments for copyright
Build tags are not compatible with block comments.
Also adds copyright header to a few places it was missing.
2015-01-26 09:53:30 -08:00
Xiang Li 276a4abac0 etcdserver: make heartbeat/election configurable 2015-01-15 11:11:33 -08:00
Xiang Li ee7f23d0d5 doc: doc addition/fix for discovery-srv flag 2014-12-22 12:10:04 -08:00
Xiang Li 0fa754d90e etcdmain: add config.go 2014-12-19 18:33:19 -08:00
Xiang Li a1f648e5db etcdmain: format usage 2014-12-04 17:21:23 -08:00