From e48ea4717fb3153ddf623539711e822ac09e1ff7 Mon Sep 17 00:00:00 2001 From: pierwill Date: Wed, 2 Dec 2020 15:15:21 -0800 Subject: [PATCH 1/3] Add etc flags to chronograf docs --- .../chronograf/v1.8/tools/chronograf-cli/_index.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/content/chronograf/v1.8/tools/chronograf-cli/_index.md b/content/chronograf/v1.8/tools/chronograf-cli/_index.md index 9669297bb..0251f2a4e 100644 --- a/content/chronograf/v1.8/tools/chronograf-cli/_index.md +++ b/content/chronograf/v1.8/tools/chronograf-cli/_index.md @@ -124,3 +124,15 @@ chronograf [flags] | `--generic-auth-url` | Authorization endpoint URL for the OAuth 2.0 provider | `$GENERIC_AUTH_URL` | | `--generic-token-url` | Token endpoint URL for the OAuth 2.0 provider | `$GENERIC_TOKEN_URL` | | `--generic-api-url` | URL that returns OpenID UserInfo-compatible information | `$GENERIC_API_URL` | + +### etcd flags + +| Flag | Description | Env. Variable | +|:--------------------------|:-------------------------------------------------------------------------------------------------------------|:------------------------| +| `-e`, `--etcd-endpoints=` | List of etcd endpoints. | `$ETCD_ENDPOINTS` | +| `--etcd-username=` | Username to log into etcd. | `$ETCD_USERNAME` | +| `--etcd-password=` | Password to log into etcd. | `$ETCD_PASSWORD` | +| `--etcd-dial-timeout=` | Total time to wait before timing out while connecting to etcd endpoints. 0 means no timeout. (default: -1s) | `$ETCD_DIAL_TIMEOUT` | +| `--etcd-request-timeout=` | Total time to wait before timing out the etcd view or update. 0 means no timeout. (default: -1s) | `$ETCD_REQUEST_TIMEOUT` | +| `--etcd-cert=` | Path to PEM encoded TLS public key certificate for use with TLS. | `$ETCD_CERTIFICATE` | +| `--etcd-key=` | Path to private key associated with given certificate for use with TLS. | `$ETCD_PRIVATE_KEY` | From af54981fe9b621449bc0141d5fe481744b75cf24 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Wed, 2 Dec 2020 21:46:02 -0700 Subject: [PATCH 2/3] added more information about etcd TLS options --- .../v1.8/administration/config-options.md | 12 ++++ .../create-high-availability.md | 11 +++ .../v1.8/tools/chronograf-cli/_index.md | 68 +++++++++---------- 3 files changed, 57 insertions(+), 34 deletions(-) diff --git a/content/chronograf/v1.8/administration/config-options.md b/content/chronograf/v1.8/administration/config-options.md index 2b8a7870e..3ca739973 100644 --- a/content/chronograf/v1.8/administration/config-options.md +++ b/content/chronograf/v1.8/administration/config-options.md @@ -258,6 +258,18 @@ The default is 1s. Environment variable: `$ETCD_REQUEST_TIMEOUT` +#### `--etcd-cert=` + +Path to etcd PEM-encoded TLS public key certificate. + +Environment variable: `$ETCD_CERTIFICATE` + +#### `--etcd-key=` + +Path to private key associated with specified etcd certificate. + +Environment variable: `$ETCD_PRIVATE_KEY` + ### Other service options #### `--custom-link :` diff --git a/content/chronograf/v1.8/administration/create-high-availability.md b/content/chronograf/v1.8/administration/create-high-availability.md index a10cd8dda..c2c4d46a9 100644 --- a/content/chronograf/v1.8/administration/create-high-availability.md +++ b/content/chronograf/v1.8/administration/create-high-availability.md @@ -58,4 +58,15 @@ export ETCD_ENDPOINTS=localhost:2379,192.168.1.61:2379,192.192.168.1.100:2379 chronograf ``` +##### Define etcd endpoints with TLS enabled +Use the `--etcd-cert` flag to specify the path to the etcd PEM-encoded public +certificate file and the `--etcd-key` flag to specify the path to the private key +associated with the etcd certificate. + +```sh +chronograf --etcd-endpoints=localhost:2379 \ + --etcd-cert=path/to/etcd-certificate.pem \ + --etcd-key=path/to/etcd-private-key.key +``` + For more information, see [Chronograf etcd configuration options](/chronograf/v1.8/administration/config-options#etcd-options). diff --git a/content/chronograf/v1.8/tools/chronograf-cli/_index.md b/content/chronograf/v1.8/tools/chronograf-cli/_index.md index 0251f2a4e..87b1bbcd2 100644 --- a/content/chronograf/v1.8/tools/chronograf-cli/_index.md +++ b/content/chronograf/v1.8/tools/chronograf-cli/_index.md @@ -19,17 +19,17 @@ chronograf [flags] ## Chronograf service flags -| Flag | Description | Env. Variable | -|:-----------------------------|:------------------------------------------------------------------------------------------------------------------------------------------|:---------------------| -| `--host` | IP the Chronograf service listens on. By default, `0.0.0.0` | `$HOST` | -| `--port` | Port the Chronograf service listens on for insecure connections. By default, `8888` | `$PORT` | -| `-b`,`--bolt-path` | File path to the BoltDB file. By default, `./chronograf-v1.db` | `$BOLT_PATH` | -| `-c`,`--canned-path` | File path to the directory of canned dashboard files. By default, `/usr/share/chronograf/canned` | `$CANNED_PATH` | -| `--resources-path` | Path to directory of canned dashboards, sources, Kapacitor connections, and organizations. By default, `/usr/share/chronograf/resources` | `$RESOURCES_PATH` | -| `-b`, `--basepath` | URL path prefix under which all Chronograf routes will be mounted. | `$BASE_PATH` | -| `--status-feed-url` | URL of JSON feed to display as a news feed on the client status page. By default, `https://www.influxdata.com/feed/json` | `$STATUS_FEED_URL` | -| `-v`, `--version` | Displays the version of the Chronograf service | | -| `-h`, `--host-page-disabled` | Disables the hosts page | `$HOST_PAGE_DISABLED`| +| Flag | Description | Env. Variable | +|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------|:---------------------| +| `--host` | IP the Chronograf service listens on. By default, `0.0.0.0` | `$HOST` | +| `--port` | Port the Chronograf service listens on for insecure connections. By default, `8888` | `$PORT` | +| `-b`,`--bolt-path` | File path to the BoltDB file. By default, `./chronograf-v1.db` | `$BOLT_PATH` | +| `-c`,`--canned-path` | File path to the directory of canned dashboard files. By default, `/usr/share/chronograf/canned` | `$CANNED_PATH` | +| `--resources-path` | Path to directory of canned dashboards, sources, Kapacitor connections, and organizations. By default, `/usr/share/chronograf/resources` | `$RESOURCES_PATH` | +| `-b`, `--basepath` | URL path prefix under which all Chronograf routes will be mounted. | `$BASE_PATH` | +| `--status-feed-url` | URL of JSON feed to display as a news feed on the client status page. By default, `https://www.influxdata.com/feed/json` | `$STATUS_FEED_URL` | +| `-v`, `--version` | Displays the version of the Chronograf service | | +| `-h`, `--host-page-disabled` | Disables the hosts page | `$HOST_PAGE_DISABLED`| ## InfluxDB connection flags @@ -49,23 +49,23 @@ chronograf [flags] ## TLS (Transport Layer Security) flags -| Flag | Description | Env. Variable | -|:---------|:------------------------------------------------------------|:--------------------| -| `--cert` | File path to PEM-encoded public key certificate | `$TLS_CERTIFICATE` | -| `--key` | File path to private key associated with given certificate | `$TLS_PRIVATE_KEY` | -| `--tls-ciphers` | Comma-separated list of supported cipher suites. Use `help` to print available ciphers. | `$TLS_CIPHERS` | -| `--tls-min-version` | Minimum version of the TLS protocol that will be negotiated. (default: 1.2) | `$TLS_MIN_VERSION` | -| `--tls-max-version` | Maximum version of the TLS protocol that will be negotiated. | `$TLS_MAX_VERSION` | +| Flag | Description | Env. Variable | +|:--------- |:------------------------------------------------------------ |:--------------------| +| `--cert` | File path to PEM-encoded public key certificate | `$TLS_CERTIFICATE` | +| `--key` | File path to private key associated with given certificate | `$TLS_PRIVATE_KEY` | +| `--tls-ciphers` | Comma-separated list of supported cipher suites. Use `help` to print available ciphers. | `$TLS_CIPHERS` | +| `--tls-min-version` | Minimum version of the TLS protocol that will be negotiated. (default: 1.2) | `$TLS_MIN_VERSION` | +| `--tls-max-version` | Maximum version of the TLS protocol that will be negotiated. | `$TLS_MAX_VERSION` | ## Other service option flags -| Flag | Description | Env. Variable | -|:---------------------------------------------|:------------------------------------------------------------------------|:----------------------| -| `--custom-link` :| Custom link added to Chronograf user menu options. Useful for providing links to internal company resources for your Chronograf users. Can be used when any OAuth 2.0 authentication is enabled. To add another custom link, repeat the custom link option. | | -| `-r`, `--reporting-disabled` | Disables reporting of usage statistics. Usage statistics reported once every 24 hours include: `OS`, `arch`, `version`, `cluster_id`, and `uptime`. | `$REPORTING_DISABLED` | -| `-l`, `--log-level` | Sets the logging level. Valid values include `info` (default), `debug`, and `error`. | `$LOG_LEVEL` | -| `-d`, `--develop` | Runs the Chronograf service in developer mode | | -| `-h`, `--help` | Displays command line help for Chronograf | | +| Flag | Description | Env. Variable | +|:---------------------------- |:------------------------------------------------------------------------ |:----------------------| +| `--custom-link` | Add a custom link to Chronograf user menu options using `:` syntax. For multiple custom links, include multiple flags. | | +| `-r`, `--reporting-disabled` | Disables reporting of usage statistics. Usage statistics reported once every 24 hours include: `OS`, `arch`, `version`, `cluster_id`, and `uptime`. | `$REPORTING_DISABLED` | +| `-l`, `--log-level` | Sets the logging level. Valid values include `info` (default), `debug`, and `error`. | `$LOG_LEVEL` | +| `-d`, `--develop` | Runs the Chronograf service in developer mode | | +| `-h`, `--help` | Displays command line help for Chronograf | | ## Authentication option flags @@ -127,12 +127,12 @@ chronograf [flags] ### etcd flags -| Flag | Description | Env. Variable | -|:--------------------------|:-------------------------------------------------------------------------------------------------------------|:------------------------| -| `-e`, `--etcd-endpoints=` | List of etcd endpoints. | `$ETCD_ENDPOINTS` | -| `--etcd-username=` | Username to log into etcd. | `$ETCD_USERNAME` | -| `--etcd-password=` | Password to log into etcd. | `$ETCD_PASSWORD` | -| `--etcd-dial-timeout=` | Total time to wait before timing out while connecting to etcd endpoints. 0 means no timeout. (default: -1s) | `$ETCD_DIAL_TIMEOUT` | -| `--etcd-request-timeout=` | Total time to wait before timing out the etcd view or update. 0 means no timeout. (default: -1s) | `$ETCD_REQUEST_TIMEOUT` | -| `--etcd-cert=` | Path to PEM encoded TLS public key certificate for use with TLS. | `$ETCD_CERTIFICATE` | -| `--etcd-key=` | Path to private key associated with given certificate for use with TLS. | `$ETCD_PRIVATE_KEY` | +| Flag | Description | Env. Variable | +|:--------------------------|:-----------------------------------------------------------------------------------------------------------|:------------------------| +| `-e`, `--etcd-endpoints` | etcd endpoint URL (include multiple flags for multiple endpoints) | `$ETCD_ENDPOINTS` | +| `--etcd-username` | etcd username | `$ETCD_USERNAME` | +| `--etcd-password` | etcd password | `$ETCD_PASSWORD` | +| `--etcd-dial-timeout` | Total time to wait before timing out while connecting to etcd endpoints (0 means no timeout, default: -1s) | `$ETCD_DIAL_TIMEOUT` | +| `--etcd-request-timeout` | Total time to wait before timing out the etcd view or update (0 means no timeout, default: -1s) | `$ETCD_REQUEST_TIMEOUT` | +| `--etcd-cert` | Path to PEM encoded TLS public key certificate for use with TLS | `$ETCD_CERTIFICATE` | +| `--etcd-key` | Path to private key associated with given certificate for use with TLS | `$ETCD_PRIVATE_KEY` | From 6758bfb8d0437ca456a81fc9adb0f2bbddef8763 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 3 Dec 2020 15:59:00 -0700 Subject: [PATCH 3/3] updated chronograf cli doc to address PR feedback --- content/chronograf/v1.8/tools/chronograf-cli/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/chronograf/v1.8/tools/chronograf-cli/_index.md b/content/chronograf/v1.8/tools/chronograf-cli/_index.md index 87b1bbcd2..86f8361d6 100644 --- a/content/chronograf/v1.8/tools/chronograf-cli/_index.md +++ b/content/chronograf/v1.8/tools/chronograf-cli/_index.md @@ -61,7 +61,7 @@ chronograf [flags] | Flag | Description | Env. Variable | |:---------------------------- |:------------------------------------------------------------------------ |:----------------------| -| `--custom-link` | Add a custom link to Chronograf user menu options using `:` syntax. For multiple custom links, include multiple flags. | | +| `--custom-link` | Adds a custom link to Chronograf user menu options using `:` syntax. For multiple custom links, include multiple flags. | | | `-r`, `--reporting-disabled` | Disables reporting of usage statistics. Usage statistics reported once every 24 hours include: `OS`, `arch`, `version`, `cluster_id`, and `uptime`. | `$REPORTING_DISABLED` | | `-l`, `--log-level` | Sets the logging level. Valid values include `info` (default), `debug`, and `error`. | `$LOG_LEVEL` | | `-d`, `--develop` | Runs the Chronograf service in developer mode | |