aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b47b71d26c'
${ noResults }
boundary/website/content/docs/configuration/index.mdx

72 lines
2.8 KiB
Raw Blame History Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
layout: docs
page_title: Server Configuration
description: Boundary configuration reference.
---
# Configuration
[listener]: /docs/configuration/listener
[telemetry]: /docs/configuration/telemetry
[controller]: /docs/configuration/controller
[worker]: /docs/configuration/worker
[kms]: /docs/configuration/kms
Outside of development mode, Boundary controllers and workers are configured using a file.
The format of this file is [HCL](https://github.com/hashicorp/hcl). In this section you'll find
configuration block examples for Boundary controllers and workers.
After the configuration is written, use the `-config` flag to specify a local path to the file.
## Parameters
- [`controller`](/docs/configuration/controller): Controller specific
configuration. If present, `boundary server` will start a Controller subprocess.
- [`worker`](/docs/configuration/worker): Worker specific configuration. If
present, `boundary server` will start a Worker subprocess.
- [`listener`](/docs/configuration/listener): Configures the listeners on which
Boundary serves traffic (API, cluster, and proxy).
Controllers will have two listener blocks: one marked for `api` purpose and
the other marked for `cluster` purpose. By default, the API listener runs on
:9200 and the cluster listener (currently used for worker communication) uses
:9201.
Workers will have only one listener, marked for `proxy` purpose.
- [`kms`](/docs/configuration/kms): Configures KMS blocks [for various
purposes](/docs/concepts/security/data-encryption).
- `disable_mlock` `(bool: false)`  Disables the server from executing the
`mlock` syscall, which prevents memory from being swapped to disk. This is
fine for local development and testing; in production, it is not recommended
unless the systems running Boundary only use encrypted swap or do not use swap
at all. Boundary only supports memory locking on UNIX-like systems that
support the mlock() syscall (Linux, FreeBSD, etc).
On Linux, to give the Boundary executable the ability to use the `mlock`
syscall without running the process as root, run:
```shell
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which boundary))
```
If you use a Linux distribution with a modern version of systemd, you can add
the following directive to the "[Service]" configuration section:
```ini
LimitMEMLOCK=infinity
```
- `log_level` `(string: "info")` Specifies the log level to use; overridden by
CLI and env var parameters. Supported log levels: Trace, Debug, Error, Warn, Info.
- `log_format` `(string: "")` Specifies the log format to use; overridden by
CLI and env var parameters. Supported log formats: `"standard"`, `"json"`.
## Example Configurations
For complete example configurations see the sections for [controller](/docs/configuration/controller) and [worker](/docs/configuration/worker).
Reference in new issue View Git Blame Copy Permalink