content/operate/rs/references/cli-utilities/rladmin/cluster/config.md
Updates the cluster configuration.
rladmin cluster config
[ auditing db_conns audit_protocol { TCP | local }
audit_address <audit_address> audit_port <audit_port> ]
[ availability_lag_tolerance_ms <milliseconds> ]
[bigstore_driver {speedb | rocksdb} ]
[ control_cipher_suites <BoringSSL cipher list> ]
[ cm_port <number> ]
[ cm_session_timeout_minutes <minutes> ]
[ cnm_http_port <number> ]
[ cnm_https_port <number> ]
[ crdb_coordinator_port <number> ]
[ data_cipher_list <openSSL cipher list> ]
[ data_cipher_suites_tls_1_3 <openSSL cipher list> ]
[ debuginfo_path <filepath> ]
[ encrypt_pkeys { enabled | disabled } ]
[ envoy_admin_port <new-port> ]
[ envoy_mgmt_server_port <new-port> ]
[ external_ipv6 { enabled | disabled } ]
[ handle_redirects { enabled | disabled } ]
[ handle_metrics_redirects { enabled | disabled } ]
[ http_support { enabled | disabled } ]
[ ipv6 { enabled | disabled } ]
[ min_control_TLS_version { 1.2 | 1.3 } ]
[ min_data_TLS_version { 1.2 | 1.3 } ]
[ min_sentinel_TLS_version { 1.2 | 1.3 } ]
[ options_method_forbidden { enabled | disabled } ]
[ reserved_ports <list of ports/port ranges> ]
[ s3_url <URL> ]
[ s3_ca_cert <filepath> ]
[ sentinel_tls_mode { allowed | required | disabled } ]
[ sentinel_cipher_suites <golang cipher list> ]
[ services { alert_mgr | call_home_agent | cm_server |
crdb_controller | crdb_coordinator | crdb_worker |
entraid_agent_mgr | ldap_agent_mgr | mdns_server |
pdns_server | sentinel_service |
stats_archiver } { enabled | disabled } ]
[ upgrade_mode { enabled | disabled } ]
| Parameter | Type/Value | Description |
|---|---|---|
| audit_address | string | TCP/IP address where a listener can capture [audit event notifications]({{< relref "/operate/rs/security/audit-events" >}}) |
| audit_port | string | Port where a listener can capture [audit event notifications]({{< relref "/operate/rs/security/audit-events" >}}) |
| audit_protocol | tcp | |
local | Protocol used for [audit event notifications]({{< relref "/operate/rs/security/audit-events" >}}) | |
For production systems, only tcp is supported. | ||
| availability_lag_tolerance_ms | integer | Availability lag tolerance in milliseconds |
| control_cipher_suites | list of ciphers | Cipher suites used for TLS connections to the Cluster Manager UI (specified in the format understood by the BoringSSL library) |
(previously named cipher_suites) | ||
| cm_port | integer | UI server listening port |
| cm_session_timeout_minutes | integer | Timeout in minutes for the CM session |
| cnm_http_port | integer | HTTP REST API server listening port |
| cnm_https_port | integer | HTTPS REST API server listening port |
| crdb_coordinator_port | integer, (range: 1024-65535) (default: 9081) | CRDB coordinator port |
| data_cipher_list | list of ciphers | Cipher suites used by the the data plane (specified in the format understood by the OpenSSL library) |
| data_cipher_suites_tls_1_3 | list of ciphers | Specifies the enabled TLS 1.3 ciphers for the data plane |
| debuginfo_path | filepath | Local directory to place generated support package files |
| encrypt_pkeys | enabled | |
disabled | Enable or turn off encryption of private keys | |
| envoy_admin_port | integer, (range: 1024-65535) | Envoy admin port. Changing this port during runtime might result in an empty response because envoy serves as the cluster gateway. |
| envoy_mgmt_server_port | integer, (range: 1024-65535) | Envoy management server port |
| external_ipv6 | enabled | |
disabled | Enable or disable use of IPv6 for external cluster communications | |
| handle_redirects | enabled | |
disabled | Enable or turn off handling DNS redirects when DNS is not configured and running behind a load balancer | |
| handle_metrics_redirects | enabled | |
disabled | Enable or turn off handling cluster redirects internally for Metrics API | |
| http_support | enabled | |
disabled | Enable or turn off using HTTP for REST API connections | |
| ipv6 | enabled | |
disabled | Enable or turn off IPv6 connections to the Cluster Manager UI (deprecated; use external_ipv6 instead) | |
| min_control_TLS_version | 1.2 | |
1.3 | The minimum TLS protocol version that is supported for the control path | |
| min_data_TLS_version | 1.2 | |
1.3 | The minimum TLS protocol version that is supported for the data path | |
| min_sentinel_TLS_version | 1.2 | |
1.3 | The minimum TLS protocol version that is supported for the discovery service | |
| options_method_forbidden | enabled | |
disabled | Enable or turn off forbidding OPTIONS method for CNM HTTPS port | |
| reserved_ports | list of ports/port ranges | List of reserved ports and/or port ranges to avoid using for database endpoints (for example reserved_ports 11000 13000-13010) |
| s3_url | string | The URL of S3 export and import |
| s3_ca_cert | string | The CA certificate filepath for S3 export and import |
| sentinel_cipher_suites | list of ciphers | Cipher suites used by the discovery service (supported ciphers are implemented by the cipher_suites.go package) |
| sentinel_tls_mode | allowed | |
required | ||
disabled | Define the SSL policy for the discovery service | |
(previously named sentinel_ssl_policy) | ||
| services | alert_mgr | |
call_home_agent | ||
cm_server | ||
crdb_controller | ||
crdb_coordinator | ||
crdb_worker | ||
entraid_agent_mgr | ||
ldap_agent_mgr | ||
mdns_server | ||
pdns_server | ||
sentinel_service | ||
stats_archiver |
enabled
disabled | Enable or turn off selected cluster services |
| upgrade_mode | enabled
disabled | Enable or turn off upgrade mode on the cluster |
Reports whether the cluster was configured successfully. Displays an error message if the configuration attempt fails.
$ rladmin cluster config cm_session_timeout_minutes 20
Cluster configured successfully