Agent Configuration

The agent has various configuration options that can be specified via the command-line or via configuration files. All of the configuration options are completely optional. Defaults are specified with their descriptions.

Configuration precedence is evaluated in the following order:

1. Command line arguments
2. Configuration files

When loading configuration, the Consul agent loads the configuration from files and directories in lexical order. For example, configuration file basic_config.json will be processed before extra_config.json. Configuration can be in either HCL or JSON format. Available in Consul 1.0 and later, the HCL support now requires an .hcl or .json extension on all configuration files in order to specify their format.

Configuration specified later will be merged into configuration specified earlier. In most cases, "merge" means that the later version will override the earlier. In some cases, such as event handlers, merging appends the handlers to the existing configuration. The exact merging behavior is specified for each option below.

The Consul agent also supports reloading configuration when it receives the SIGHUP signal. Not all changes are respected, but those that are documented below in the Reloadable Configuration section. The reload command can also be used to trigger a configuration reload.

You can test the following configuration options by following the Getting Started tutorials to install a local agent.

Ports Used

Consul requires up to 6 different ports to work properly, some on TCP, UDP, or both protocols.

Review the required ports table for a list of required ports and their default settings.

Reloadable Configuration

Reloading configuration does not reload all configuration items. The items which are reloaded include:

• ACL Tokens

• Configuration Entry Bootstrap

• Checks

• Discard Check Output

• HTTP Client Address

• Log level

• Metric Prefix Filter

• Node Metadata

• Some Raft options (since Consul 1.10.0)

  • raft_snapshot_threshold
  • raft_snapshot_interval
  • raft_trailing_logs
  • These can be important in certain outage situations so being able to control them without a restart provides a recovery path that doesn't involve downtime. They generally shouldn't be changed otherwise.

• RPC rate limiting

• HTTP Maximum Connections per Client

• Services

• TLS Configuration

  • Please be aware that this is currently limited to reload a configuration that is already TLS enabled. You cannot enable or disable TLS only with reloading.

  • To avoid a potential security issue, the following TLS configuration parameters do not automatically reload when -auto-reload-config is enabled:

    • encrypt_verify_incoming
    • verify_incoming
    • verify_incoming_rpc
    • verify_incoming_https
    • verify_outgoing
    • verify_server_hostname
    • ca_file
    • ca_path

    If any of those configurations are changed while -auto-reload-config is enabled, Consul will issue the following warning, Static Runtime config has changed and need a manual config reload to be applied. You must manually issue the consul reload command or send a SIGHUP to the Consul process to reload the new values.

• Watches

• License