diff --git a/website/source/docs/agent/configuration/client.html.md b/website/source/docs/agent/configuration/client.html.md
index 1e458ed61..6adfb2aad 100644
--- a/website/source/docs/agent/configuration/client.html.md
+++ b/website/source/docs/agent/configuration/client.html.md
@@ -31,13 +31,13 @@ client {
## `client` Parameters
- `alloc_dir` `(string: "[data_dir]/alloc")` - Specifies the directory to use
- to allocation data. By default, this is - the top-level
- [data_dir](/docs/agent/configuration/index.html#data_dir) suffixed with
- "alloc", like `"/opt/nomad/alloc"`. This must be an absolute path
+ for allocation data. By default, this is the top-level
+ [data_dir](/docs/agent/configuration/index.html#data_dir) suffixed with
+ "alloc", like `"/opt/nomad/alloc"`. This must be an absolute path
-- `chroot_env` ([ChrootEnv](#chroot_env-parameters): nil) - Specififes
- a key-value mapping that defines the chroot environment for jobs using the
- Exec and Java drivers.
+- `chroot_env` ([ChrootEnv](#chroot_env-parameters): nil) -
+ Specifies a key-value mapping that defines the chroot environment for jobs
+ using the Exec and Java drivers.
- `enabled` `(bool: false)` - Specifies if client mode is enabled. All other
client configuration options depend on this value.
@@ -116,7 +116,7 @@ the full list.
### `options` Parameters
-The following is not an exhaustive list of options for **only** the Nomad
+The following is not an exhaustive list of options for only the Nomad
client. To find the options supported by each individual Nomad driver, please
see the [drivers documentation](/docs/drivers/index.html).
diff --git a/website/source/docs/agent/configuration/index.html.md b/website/source/docs/agent/configuration/index.html.md
index 20e3a1819..124740c19 100644
--- a/website/source/docs/agent/configuration/index.html.md
+++ b/website/source/docs/agent/configuration/index.html.md
@@ -77,8 +77,7 @@ testing.
- `addresses` `(Addresses: see below)` - Specifies the bind address for
individual network services. Any values configured in this stanza take
- precedence over the default [bind_addr](#bind_addr). If provided, **all
- network addresses must be defined** (you cannot override just one address).
+ precedence over the default [bind_addr](#bind_addr).
- `http` - The address the HTTP server is bound to. This is the most common
bind address to change.
@@ -87,26 +86,16 @@ testing.
exposed only to other cluster members if possible.
- `serf` - The address used to bind the gossip layer to. Both a TCP and UDP
- listener will be exposed on this address. Should be restricted to only
- server nodes from the same datacenter if possible.
-
- The default values are:
-
- ```hcl
- ports {
- http = "127.0.0.1"
- rpc = "127.0.0.1"
- serf = "127.0.0.1"
- }
- ```
+ listener will be exposed on this address. Should be exposed only to other
+ cluster members if possible.
- `advertise` `(Advertise: see below)` - Specifies the advertise address for
individual network services. This can be used to advertise a different address
to the peers of a server or a client node to support more complex network
configurations such as NAT. This configuration is optional, and defaults to
- the bind address of the specific network service if it is not provided. If
- provided, **all advertise addresses must be defined** (you cannot override
- just one property).
+ the bind address of the specific network service if it is not provided. Any
+ values configured in this stanza take precedence over the default
+ [bind_addr](#bind_addr).
- `http` - The address to advertise for the HTTP interface. This should be
reachable by all the nodes from which end users are going to use the Nomad
@@ -119,16 +108,6 @@ testing.
reachable from all server nodes. It is not required that clients can reach
this address.
- The default values are:
-
- ```hcl
- advertise {
- http = "127.0.0.1:4646"
- rpc = "127.0.0.1:4647"
- serf = "127.0.0.1:4648"
- }
- ```
-
- `atlas` ([Atlas][atlas]: nil) - Specifies if Nomad should connect
to Nomad Enterprise and Atlas.
@@ -186,8 +165,7 @@ testing.
unique per-datacenter.
- `ports` `(Port: see below)` - Specifies the network ports used for different
- services required by the Nomad agent. If provided, **all network ports must
- be defined** (you cannot override just one port).
+ services required by the Nomad agent.
- `http` - The port used to run the HTTP server.
diff --git a/website/source/docs/agent/configuration/server.html.md b/website/source/docs/agent/configuration/server.html.md
index e249a4e99..9ca8395aa 100644
--- a/website/source/docs/agent/configuration/server.html.md
+++ b/website/source/docs/agent/configuration/server.html.md
@@ -27,7 +27,7 @@ join failures, and more.
```hcl
server {
enabled = true
- bootstrap_expect = 5
+ bootstrap_expect = 3
retry_join = ["1.2.3.4", "5.6.7.8"]
}
```
@@ -161,6 +161,16 @@ server {
}
```
+### Configuring Data Directory
+
+This example shows configuring a custom data directory for the server data.
+
+```hcl
+server {
+ data_dir = "/opt/nomad/server"
+}
+```
+
### Automatic Bootstrapping
The Nomad servers can automatically bootstrap if Consul is configured. For a
diff --git a/website/source/docs/agent/configuration/tls.html.md b/website/source/docs/agent/configuration/tls.html.md
index a50066ce5..d3071a460 100644
--- a/website/source/docs/agent/configuration/tls.html.md
+++ b/website/source/docs/agent/configuration/tls.html.md
@@ -62,9 +62,9 @@ the [Agent's Gossip and RPC Encryption](/docs/agent/encryption.html).
The following examples only show the `tls` stanzas. Remember that the
`tls` stanza is only valid in the placements listed above.
-### Default Configuration
+### Enabling TLS
-This example shows the default TLS configuration. This enables TLS communication
+This example shows enabling TLS configuration. This enables TLS communication
between all servers and clients using the default system CA bundle and
certificates.
diff --git a/website/source/docs/agent/configuration/vault.html.md b/website/source/docs/agent/configuration/vault.html.md
index b2039e837..2a5e6fd67 100644
--- a/website/source/docs/agent/configuration/vault.html.md
+++ b/website/source/docs/agent/configuration/vault.html.md
@@ -4,7 +4,7 @@ page_title: "vault Stanza - Agent Configuration"
sidebar_current: "docs-agent-configuration-vault"
description: |-
The "vault" stanza configures Nomad's integration with HashiCorp's Vault.
- When configured, Nomad can create and distribute secrets to tasks
+ When configured, Nomad can create and distribute Vault tokens to tasks
automatically.
---
@@ -20,10 +20,10 @@ description: |-
-The `vault` stanza configures Nomad's integration with
-[HashiCorp's Vault][vault]. When configured, Nomad can create and distribute
-secrets to tasks automatically. For more information on the architecture and
-setup, please see the [Nomad and Vault integration documentation][nomad-vault].
+The `vault` stanza configures Nomad's integration with [HashiCorp's
+Vault][vault]. When configured, Nomad can create and distribute Vault tokens to
+tasks automatically. For more information on the architecture and setup, please
+see the [Nomad and Vault integration documentation][nomad-vault].
```hcl
vault {
@@ -41,8 +41,9 @@ vault {
- `allow_unauthenticated` `(bool: false)` - Specifies if users submitting jobs
to the Nomad server should be required to provide their own Vault token,
- proving they have access to the policies listed in the job. If enabled, users
- could easily escalate privilege in a job.
+ proving they have access to the policies listed in the job. This option should
+ only ever be enabled in a trusted environment, because, if enabled, users
+ could escalate privilege in a job.
- `enabled` `(bool: false)` - Specifies if the Vault integration should be
activated.
@@ -92,17 +93,6 @@ vault {
The following examples only show the `vault` stanzas. Remember that the
`vault` stanza is only valid in the placements listed above.
-### Default Configuration
-
-This example shows the most basic Vault integration configuration. If all
-defaults are correct, simply include the Vault stanza to enable the integration:
-
-```hcl
-vault {
- enabled = true
-}
-```
-
### Custom Address
This example shows using a custom Vault address: