1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 package etcdmain
16
17 import (
18 "fmt"
19 "strconv"
20
21 cconfig "go.etcd.io/etcd/server/v3/config"
22 "go.etcd.io/etcd/server/v3/embed"
23 "go.etcd.io/etcd/server/v3/etcdserver/api/rafthttp"
24 "golang.org/x/crypto/bcrypt"
25 )
26
27 var (
28 usageline = `Usage:
29
30 etcd [flags]
31 Start an etcd server.
32
33 etcd --version
34 Show the version of etcd.
35
36 etcd -h | --help
37 Show the help information about etcd.
38
39 etcd --config-file
40 Path to the server configuration file. Note that if a configuration file is provided, other command line flags and environment variables will be ignored.
41
42 etcd gateway
43 Run the stateless pass-through etcd TCP connection forwarding proxy.
44
45 etcd grpc-proxy
46 Run the stateless etcd v3 gRPC L7 reverse proxy.
47 `
48 flagsline = `
49 Member:
50 --name 'default'
51 Human-readable name for this member.
52 --data-dir '${name}.etcd'
53 Path to the data directory.
54 --wal-dir ''
55 Path to the dedicated wal directory.
56 --snapshot-count '100000'
57 Number of committed transactions to trigger a snapshot to disk.
58 --heartbeat-interval '100'
59 Time (in milliseconds) of a heartbeat interval.
60 --election-timeout '1000'
61 Time (in milliseconds) for an election to timeout. See tuning documentation for details.
62 --initial-election-tick-advance 'true'
63 Whether to fast-forward initial election ticks on boot for faster election.
64 --listen-peer-urls 'http://localhost:2380'
65 List of URLs to listen on for peer traffic.
66 --listen-client-urls 'http://localhost:2379'
67 List of URLs to listen on for client grpc traffic and http as long as --listen-client-http-urls is not specified.
68 --listen-client-http-urls ''
69 List of URLs to listen on for http only client traffic. Enabling this flag removes http services from --listen-client-urls.
70 --max-snapshots '` + strconv.Itoa(embed.DefaultMaxSnapshots) + `'
71 Maximum number of snapshot files to retain (0 is unlimited).
72 --max-wals '` + strconv.Itoa(embed.DefaultMaxWALs) + `'
73 Maximum number of wal files to retain (0 is unlimited).
74 --quota-backend-bytes '0'
75 Raise alarms when backend size exceeds the given quota (0 defaults to low space quota).
76 --backend-bbolt-freelist-type 'map'
77 BackendFreelistType specifies the type of freelist that boltdb backend uses(array and map are supported types).
78 --backend-batch-interval ''
79 BackendBatchInterval is the maximum time before commit the backend transaction.
80 --backend-batch-limit '0'
81 BackendBatchLimit is the maximum operations before commit the backend transaction.
82 --max-txn-ops '128'
83 Maximum number of operations permitted in a transaction.
84 --max-request-bytes '1572864'
85 Maximum client request size in bytes the server will accept.
86 --max-concurrent-streams 'math.MaxUint32'
87 Maximum concurrent streams that each client can open at a time.
88 --enable-grpc-gateway
89 Enable GRPC gateway.
90 --grpc-keepalive-min-time '5s'
91 Minimum duration interval that a client should wait before pinging server.
92 --grpc-keepalive-interval '2h'
93 Frequency duration of server-to-client ping to check if a connection is alive (0 to disable).
94 --grpc-keepalive-timeout '20s'
95 Additional duration of wait before closing a non-responsive connection (0 to disable).
96 --socket-reuse-port 'false'
97 Enable to set socket option SO_REUSEPORT on listeners allowing rebinding of a port already in use.
98 --socket-reuse-address 'false'
99 Enable to set socket option SO_REUSEADDR on listeners allowing binding to an address in TIME_WAIT state.
100 --raft-read-timeout '` + rafthttp.DefaultConnReadTimeout.String() + `'
101 Read timeout set on each rafthttp connection
102 --raft-write-timeout '` + rafthttp.DefaultConnWriteTimeout.String() + `'
103 Write timeout set on each rafthttp connection
104
105 Clustering:
106 --initial-advertise-peer-urls 'http://localhost:2380'
107 List of this member's peer URLs to advertise to the rest of the cluster.
108 --initial-cluster 'default=http://localhost:2380'
109 Initial cluster configuration for bootstrapping.
110 --initial-cluster-state 'new'
111 Initial cluster state ('new' when bootstrapping a new cluster or 'existing' when adding new members to an existing cluster).
112 After successful initialization (bootstrapping or adding), flag is ignored on restarts.
113 --initial-cluster-token 'etcd-cluster'
114 Initial cluster token for the etcd cluster during bootstrap.
115 Specifying this can protect you from unintended cross-cluster interaction when running multiple clusters.
116 --advertise-client-urls 'http://localhost:2379'
117 List of this member's client URLs to advertise to the public.
118 The client URLs advertised should be accessible to machines that talk to etcd cluster. etcd client libraries parse these URLs to connect to the cluster.
119 --discovery ''
120 Discovery URL used to bootstrap the cluster.
121 --discovery-fallback 'proxy'
122 Expected behavior ('exit' or 'proxy') when discovery services fails.
123 "proxy" supports v2 API only.
124 --discovery-proxy ''
125 HTTP proxy to use for traffic to discovery service.
126 --discovery-srv ''
127 DNS srv domain used to bootstrap the cluster.
128 --discovery-srv-name ''
129 Suffix to the dns srv name queried when bootstrapping.
130 --strict-reconfig-check '` + strconv.FormatBool(embed.DefaultStrictReconfigCheck) + `'
131 Reject reconfiguration requests that would cause quorum loss.
132 --pre-vote 'true'
133 Enable to run an additional Raft election phase.
134 --auto-compaction-retention '0'
135 Auto compaction retention length. 0 means disable auto compaction.
136 --auto-compaction-mode 'periodic'
137 Interpret 'auto-compaction-retention' one of: periodic|revision. 'periodic' for duration based retention, defaulting to hours if no time unit is provided (e.g. '5m'). 'revision' for revision number based retention.
138 --enable-v2 '` + strconv.FormatBool(embed.DefaultEnableV2) + `'
139 Accept etcd V2 client requests. Deprecated and to be decommissioned in v3.6.
140 --v2-deprecation '` + string(cconfig.V2_DEPR_DEFAULT) + `'
141 Phase of v2store deprecation. Allows to opt-in for higher compatibility mode.
142 Supported values:
143 'not-yet' // Issues a warning if v2store have meaningful content (default in v3.5)
144 'write-only' // Custom v2 state is not allowed (planned default in v3.6)
145 'write-only-drop-data' // Custom v2 state will get DELETED !
146 'gone' // v2store is not maintained any longer. (planned default in v3.7)
147
148 Security:
149 --cert-file ''
150 Path to the client server TLS cert file.
151 --key-file ''
152 Path to the client server TLS key file.
153 --client-cert-auth 'false'
154 Enable client cert authentication.
155 --client-cert-file ''
156 Path to an explicit peer client TLS cert file otherwise cert file will be used when client auth is required.
157 --client-key-file ''
158 Path to an explicit peer client TLS key file otherwise key file will be used when client auth is required.
159 --client-crl-file ''
160 Path to the client certificate revocation list file.
161 --client-cert-allowed-hostname ''
162 Allowed TLS hostname for client cert authentication.
163 --trusted-ca-file ''
164 Path to the client server TLS trusted CA cert file.
165 --auto-tls 'false'
166 Client TLS using generated certificates.
167 --peer-cert-file ''
168 Path to the peer server TLS cert file.
169 --peer-key-file ''
170 Path to the peer server TLS key file.
171 --peer-client-cert-auth 'false'
172 Enable peer client cert authentication.
173 --peer-trusted-ca-file ''
174 Path to the peer server TLS trusted CA file.
175 --peer-cert-allowed-cn ''
176 Required CN for client certs connecting to the peer endpoint.
177 --peer-cert-allowed-hostname ''
178 Allowed TLS hostname for inter peer authentication.
179 --peer-auto-tls 'false'
180 Peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided.
181 --peer-client-cert-file ''
182 Path to an explicit peer client TLS cert file otherwise peer cert file will be used when client auth is required.
183 --peer-client-key-file ''
184 Path to an explicit peer client TLS key file otherwise peer key file will be used when client auth is required.
185 --self-signed-cert-validity '1'
186 The validity period of the client and peer certificates that are automatically generated by etcd when you specify ClientAutoTLS and PeerAutoTLS, the unit is year, and the default is 1.
187 --peer-crl-file ''
188 Path to the peer certificate revocation list file.
189 --cipher-suites ''
190 Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).
191 --cors '*'
192 Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all).
193 --host-whitelist '*'
194 Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all).
195 --tls-min-version 'TLS1.2'
196 Minimum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3.
197 --tls-max-version ''
198 Maximum TLS version supported by etcd. Possible values: TLS1.2, TLS1.3 (empty will be auto-populated by Go).
199
200 Auth:
201 --auth-token 'simple'
202 Specify a v3 authentication token type and its options ('simple' or 'jwt').
203 --bcrypt-cost ` + fmt.Sprintf("%d", bcrypt.DefaultCost) + `
204 Specify the cost / strength of the bcrypt algorithm for hashing auth passwords. Valid values are between ` + fmt.Sprintf("%d", bcrypt.MinCost) + ` and ` + fmt.Sprintf("%d", bcrypt.MaxCost) + `.
205 --auth-token-ttl 300
206 Time (in seconds) of the auth-token-ttl.
207
208 Profiling and Monitoring:
209 --enable-pprof 'false'
210 Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof/"
211 --metrics 'basic'
212 Set level of detail for exported metrics, specify 'extensive' to include server side grpc histogram metrics.
213 --listen-metrics-urls ''
214 List of URLs to listen on for the metrics and health endpoints.
215
216 Logging:
217 --logger 'zap'
218 Currently only supports 'zap' for structured logging.
219 --log-outputs 'default'
220 Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd, or list of comma separated output targets.
221 --log-level 'info'
222 Configures log level. Only supports debug, info, warn, error, panic, or fatal.
223 --enable-log-rotation 'false'
224 Enable log rotation of a single log-outputs file target.
225 --log-rotation-config-json '{"maxsize": 100, "maxage": 0, "maxbackups": 0, "localtime": false, "compress": false}'
226 Configures log rotation if enabled with a JSON logger config. MaxSize(MB), MaxAge(days,0=no limit), MaxBackups(0=no limit), LocalTime(use computers local time), Compress(gzip)".
227
228 Experimental distributed tracing:
229 --experimental-enable-distributed-tracing 'false'
230 Enable experimental distributed tracing.
231 --experimental-distributed-tracing-address 'localhost:4317'
232 Distributed tracing collector address.
233 --experimental-distributed-tracing-service-name 'etcd'
234 Distributed tracing service name, must be same across all etcd instances.
235 --experimental-distributed-tracing-instance-id ''
236 Distributed tracing instance ID, must be unique per each etcd instance.
237 --experimental-distributed-tracing-sampling-rate '0'
238 Number of samples to collect per million spans for distributed tracing. Disabled by default.
239
240 v2 Proxy (to be deprecated in v3.6):
241 --proxy 'off'
242 Proxy mode setting ('off', 'readonly' or 'on').
243 --proxy-failure-wait 5000
244 Time (in milliseconds) an endpoint will be held in a failed state.
245 --proxy-refresh-interval 30000
246 Time (in milliseconds) of the endpoints refresh interval.
247 --proxy-dial-timeout 1000
248 Time (in milliseconds) for a dial to timeout.
249 --proxy-write-timeout 5000
250 Time (in milliseconds) for a write to timeout.
251 --proxy-read-timeout 0
252 Time (in milliseconds) for a read to timeout.
253
254 Experimental feature:
255 --experimental-initial-corrupt-check 'false'
256 Enable to check data corruption before serving any client/peer traffic.
257 --experimental-corrupt-check-time '0s'
258 Duration of time between cluster corruption check passes.
259 --experimental-compact-hash-check-enabled 'false'
260 Enable leader to periodically check followers compaction hashes.
261 --experimental-compact-hash-check-time '1m'
262 Duration of time between leader checks followers compaction hashes.
263 --experimental-enable-v2v3 ''
264 Serve v2 requests through the v3 backend under a given prefix. Deprecated and to be decommissioned in v3.6.
265 --experimental-enable-lease-checkpoint 'false'
266 ExperimentalEnableLeaseCheckpoint enables primary lessor to persist lease remainingTTL to prevent indefinite auto-renewal of long lived leases.
267 --experimental-enable-lease-checkpoint-persist 'false'
268 Enable persisting remainingTTL to prevent indefinite auto-renewal of long lived leases. Always enabled in v3.6. Should be used to ensure smooth upgrade from v3.5 clusters with this feature enabled. Requires experimental-enable-lease-checkpoint to be enabled.
269 --experimental-compaction-batch-limit 1000
270 ExperimentalCompactionBatchLimit sets the maximum revisions deleted in each compaction batch.
271 --experimental-peer-skip-client-san-verification 'false'
272 Skip verification of SAN field in client certificate for peer connections.
273 --experimental-watch-progress-notify-interval '10m'
274 Duration of periodical watch progress notification.
275 --experimental-downgrade-check-time
276 Duration of time between two downgrade status checks.
277 --experimental-memory-mlock
278 Enable to enforce etcd pages (in particular bbolt) to stay in RAM.
279 --experimental-warning-apply-duration '100ms'
280 Warning is generated if requests take more than this duration.
281 --experimental-txn-mode-write-with-shared-buffer 'true'
282 Enable the write transaction to use a shared buffer in its readonly check operations.
283 --experimental-bootstrap-defrag-threshold-megabytes
284 Enable the defrag during etcd server bootstrap on condition that it will free at least the provided threshold of disk space. Needs to be set to non-zero value to take effect.
285
286 Unsafe feature:
287 --force-new-cluster 'false'
288 Force to create a new one-member cluster.
289 --unsafe-no-fsync 'false'
290 Disables fsync, unsafe, will cause data loss.
291
292 CAUTIOUS with unsafe flag! It may break the guarantees given by the consensus protocol!
293 `
294 )
295
296
297
View as plain text