aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'admin-docs'
${ noResults }
boundary/website/content/docs/configuration/index.mdx

72 lines
3.0 KiB
Raw Permalink Blame History Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
layout: docs
page_title: Server Configuration
sidebar_title: Configuration
description: Boundary configuration reference.
---
# Configuration
[listener]: /docs/configuration/listener
[telemetry]: /docs/configuration/telemetry
[controller]: /docs/configuration/controller
[worker]: /docs/configuration/worker
[kms]: /docs/configuration/kms
Outside of development mode, Boundary controllers and workers are configured using a file.
The format of this file is [HCL](https://github.com/hashicorp/hcl). In this section you'll find
configuration block examples for Boundary controllers and workers.
After the configuration is written, use the `-config` flag to specify a local path to the file.
## Parameters
- `controller` <tt>([Controller][controller]: \<required\>)</tt> - Controller specific configuration. Only required when running a `boundary controller`.
- `worker` <tt>([Worker][worker]: \<required\>)</tt> - Worker specific configuration. Only required when running a `boundary worker`.
- `listener` <tt>([Listener][listener]: \<required\>)</tt> Configures the Boundary server
options for controllers and workers.
Controllers will have two listener blocks, one for the API server and the other for the data-plane
server. By default, controller API server runs on :9200 and the data-plane (which is used for
worker communication) uses :9201.
Workers will have only one listener.
- `kms` <tt>([KMS][kms]: \<required\>)</tt> Configures KMS blocks for root, worker authentication, and recovery keys.
- `disable_mlock` `(bool: false)`  Disables the server from executing the
`mlock` syscall. `mlock` prevents memory from being swapped to disk. Disabling
`mlock` is not recommended in production, but is fine for local development
and testing.
Disabling `mlock` is not recommended unless the systems running Vault only
use encrypted swap or do not use swap at all. Boundary only supports memory
locking on UNIX-like systems that support the mlock() syscall (Linux, FreeBSD, etc).
Non UNIX-like systems (e.g. Windows, NaCL, Android) lack the primitives to keep a
process's entire memory address space from spilling to disk and is therefore
automatically disabled on unsupported platforms.
On Linux, to give the Boundary executable the ability to use the `mlock`
syscall without running the process as root, run:
```shell
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
```
If you use a Linux distribution with a modern version of systemd, you can add
the following directive to the "[Service]" configuration section:
```ini
LimitMEMLOCK=infinity
```
- `telemetry` <tt>([Telemetry][telemetry]: &lt;none&gt;)</tt> Not yet implemented.
- `log_level` `(string: "")` Specifies the log level to use; overridden by
CLI and env var parameters. Supported log levels: Trace, Debug, Error, Warn, Info.
- `log_format` `(string: "")` Specifies the log format to use; overridden by
CLI and env var parameters. Supported log formats: "standard", "json".
Reference in new issue View Git Blame Copy Permalink