From cad86516abe8d5ed6618c50d15046164c425189e Mon Sep 17 00:00:00 2001 From: Stephen Asbury Date: Wed, 29 May 2019 14:13:05 -0700 Subject: [PATCH 1/2] Added doc on replication and activation tokens. --- nats_tools/nas/README.md | 3 +++ nats_tools/nas/nas_conf.md | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/nats_tools/nas/README.md b/nats_tools/nas/README.md index fc48e78..2f036be 100644 --- a/nats_tools/nas/README.md +++ b/nats_tools/nas/README.md @@ -8,6 +8,9 @@ The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that JWT in the store have been modified, updating the NATS server with the updated JWT. +The server supports replica mode, which allows load balancing, fault tolerance and geographic distribution of servers. Replicas are read-only and copy JWTs from the primary based on cache invalidation or NATS notifications. + +The account server can host activation tokens as well as account JWTs. These tokens are used when one account needs to give permission to another account to access a private export. Tokens can be configured as full tokens, or URLs. By hosting them in the account server you can avoid the copy/paste process of embedding tokens. They can also be updated more easily on expiration. ### Memory Resolver diff --git a/nats_tools/nas/nas_conf.md b/nats_tools/nas/nas_conf.md index ff88e71..e9953f5 100644 --- a/nats_tools/nas/nas_conf.md +++ b/nats_tools/nas/nas_conf.md @@ -108,7 +108,8 @@ Let's take a look at the configuration options: | `operatorjwtpath` | The path to an operator JWT. Required for non-read-only servers. Only JWTs signed by the operator (or one of it's signing keys) are accepted. | | `store` | A `store` configuration block specifying store options. | | `systemaccountjwtpath` | Path to an Account JWT that should be returned as the system account. | - +| `primary` | URL for the primary, `protocol://host:port`. | +| `replicationtimeout` | Timeout, in milliseconds, used by the replica when talking to the primary, defaults to `5000`. | #### `store` Configuration @@ -157,8 +158,3 @@ Let's take a look at the configuration options: | `root` | filepath to the CA certificate. | | `cert` | filepath to the certificate. | | `cert` | filepath to the certificate key. | - - - - - From f998097bf6f13096460cd57fd6dabb8e423c29f8 Mon Sep 17 00:00:00 2001 From: Ginger Collison Date: Wed, 29 May 2019 17:36:55 -0500 Subject: [PATCH 2/2] Update README.md --- nats_tools/nas/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nats_tools/nas/README.md b/nats_tools/nas/README.md index 2f036be..29084fd 100644 --- a/nats_tools/nas/README.md +++ b/nats_tools/nas/README.md @@ -6,7 +6,7 @@ The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an - an [NSC](../nsc/nsc.md) directory - memory (for testing purposes) -The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that JWT in the store have been modified, updating the NATS server with the updated JWT. +The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that a JWT in the store has been modified, updating the NATS server with the updated JWT. The server supports replica mode, which allows load balancing, fault tolerance and geographic distribution of servers. Replicas are read-only and copy JWTs from the primary based on cache invalidation or NATS notifications. @@ -16,4 +16,4 @@ The account server can host activation tokens as well as account JWTs. These tok For very simple installations, where JWTs are mostly static, the NATS server also supports a _Memory Resolver_ that can be configured statically in the server's configuration file. -You can learn more about how to configure the [memory resolver here](mem_resolver.md). \ No newline at end of file +You can learn more about how to configure the [memory resolver here](mem_resolver.md).