Commit Graph

85 Commits

Author SHA1 Message Date
Kyle Havlovitz 78c3a86405
Add TLS setting to router areas 2017-07-14 17:38:08 -07:00
James Phillips 0881e46111 Cleans up version 8 ACLs in the agent and the docs. (#3248)
* Moves magic check and service constants into shared structs package.

* Removes the "consul" service from local state.

Since this service is added by the leader, it doesn't really make sense to
also keep it in local state (which requires special ACLs to configure), and
requires a bunch of special cases in the local state logic. This requires
fewer special cases and makes ACL bootstrapping cleaner.

* Makes coordinate update ACL log message a warning, similar to other AE warnings.

* Adds much more detailed examples for bootstrapping ACLs.

This can hopefully replace https://gist.github.com/slackpad/d89ce0e1cc0802c3c4f2d84932fa3234.
2017-07-13 22:33:47 -07:00
Frank Schroeder 764dabfcf7
agent: fix go vet issue 2017-07-11 07:13:46 -07:00
James Phillips 66edec5dfd Adds the ability to blacklist specific HTTP endpoints. (#3252) 2017-07-10 13:51:25 -07:00
James Phillips 7200b8cda8 UI cleanup follow up from #3245. (#3251)
* Removes unnecessary set for model component which will be null.

* Returns a 404 for a missing node, not a 200 with an empty response.

* Updates built-in web assets.
2017-07-10 09:40:00 -07:00
James Phillips aa11956d63 Changes the default ACL token type to "client" in web UI. (#3246)
* Changes the default ACL token type to "client".

* Updates built-in web assets.
2017-07-08 17:28:04 -07:00
James Phillips 86b1e64a33 Cleans up web UI and fixes ACL token "stuckness" issue. (#3245)
* Removes GitHub reference.

* Doesn't display ACL token on the unauthorized page.

* Removes useless fetch for nodes and cleans up comments.

* Provides a path to reset the ACL token when it's invalid.

This included making the settings page global so it's reachable, and adding
some more information about an error on the error page.

* Updates built-in web assets.
2017-07-08 17:16:05 -07:00
Frank Schroeder 1781fd311f address review comments 2017-07-07 09:22:34 +02:00
Frank Schroeder e4b40acc7e agent: remove unused code 2017-07-07 09:22:34 +02:00
Frank Schroeder 8c792ad57d agent: make TestClient_RPC_ConsulServerPing more robust 2017-07-07 09:22:34 +02:00
Frank Schroeder 4a4b91a2db agent: fix data races with registerEndpoint
Only register a different endpoint after it has been
fully created.
2017-07-07 09:22:34 +02:00
Frank Schroeder 19b937ba80 agent: make Reap test timing less aggressive 2017-07-07 09:22:34 +02:00
James Phillips a855d31f84 Adds a comment about flood joining. 2017-07-07 09:22:34 +02:00
James Phillips 5b5217528a Simplifies Serf dynamic port selection code.
This isn't racy, it's just a little dirty. The listen will happen and a port
will be selected and injected into the config once the Serf instance is
created, so we don't need the retry loop here.
2017-07-07 09:22:34 +02:00
James Phillips d8db4bc086 test: Changes WAN/LAN join confirmer to use port number vs. address.
This fixes TestServer_JoinSeparateLanAndWanAddresses which sets bogus
advertise addresses as part of the test. Port numbers uniquely identify
members since everything is running on localhost.
2017-07-07 09:22:34 +02:00
Frank Schroeder d92f70f313 test: make joinLAN/WAN reliable
only return if the members can see each other
2017-07-07 09:22:34 +02:00
Frank Schroeder 112bc19cd5 rpc: make TestServer_JoinSeparateLanAndWanAddresses more robust 2017-07-07 09:22:34 +02:00
Frank Schroeder ffd45f5da5 rpc: make TestClient_SnapshotRPC_TLS more robust 2017-07-07 09:22:34 +02:00
Frank Schroeder c218fdbc77 agent: make timing sensitive tests more robust
* make timing less aggressive
* mark timing tests as non-parallel
2017-07-07 09:22:34 +02:00
Frank Schroeder b12b914017 agent: fix TestCheckHTTP_TLSSkipVerify_true_pass
Make check timing less aggressive and give the test some time
to execute.
2017-07-07 09:22:34 +02:00
Frank Schroeder 7381a05d8d agent: do not modify agent config after NewAgent 2017-07-07 09:22:34 +02:00
Frank Schroeder cec9dcfee8 agent: fix pending data races between localState and agent
This patch creates a local config structure for the local state
which is independent from the agent but populated from its
configuration. This avoids data races between the agent configuration
which can change during tests and concurrent go routines using the
configuraiton at the same time.
2017-07-07 09:22:34 +02:00
Frank Schroeder 00f6ba298e dns: fix data race in TestDNS_ServiceLookup_FilterACL
The agent config cannot be modified after start.
2017-07-07 09:22:34 +02:00
Frank Schroeder bcd2301b81 agent: fix data race in TestAgentAntiEntropy_EnableTagOverride 2017-07-07 09:22:34 +02:00
Frank Schroeder 7f7c0ad65e agent: clone partial consul config
The agent configuration for the consul server is a partial configuration
which needs to be cloned to avoid data races.

This is a stop-gap measure before moving the configuration into
a separate package.
2017-07-07 09:22:34 +02:00
Frank Schroeder 727b6444ad dns: fix data races in DNS compression tests
Make the DisableCompression value configurable at runtime
to allow tests to change it without restarting/recreating
the server.
2017-07-07 09:22:34 +02:00
Frank Schroeder 0763788b82 agent: fix data race between consul server and local state 2017-07-07 09:22:34 +02:00
Frank Schroeder 119f6a1ed7 rpc: monkey patch fix for data races for localState
The tests that use the localState of the agent access the internal
variables and call methods which are not guarded by locks creating
data races in tests. While the use of internal variables is somewhat
easy to spot the fact that not all methods are thread-safe is a
surprise.

A proper fix requires the localState struct to be moved into its own
package so that tests in the agent can only access the external
interface.

However, the localState is currently dependent on the agent.Config
which would create a circular dependency. Therefore, the Config
struct needs to be moved first for this to happen.

This patch literally monkey patches the use of the lock around the
cases which have data races and marks them with a
// todo(fs): data race comment.
2017-07-07 09:22:34 +02:00
Frank Schroeder 2159d499e3 rpc: try shutting down leader first to avoid hang in TestLeader_LeftServer 2017-07-07 09:22:34 +02:00
Frank Schroeder f12fac278e rpc: fix logging and try quicker timing of TestServer_JoinSeparateLanAndWanAddresses 2017-07-07 09:22:34 +02:00
Frank Schroeder bae4b1d045 rpc: less agressive raft timeouts
Allowing more time for raft to consolidate should
drop the number of leader elections.
2017-07-07 09:22:34 +02:00
Frank Schroeder 457b98a099 rpc: run agent/consul tests in parallel 2017-07-07 09:22:34 +02:00
Frank Schroeder 13eeeb720d rpc: refactor sessionTimers and fix racy tests
The sessionTimers map was secured by a lock which wasn't used
properly in the tests. This lead to data races and failing tests
when accessing the length or the members of the map.

This patch adds a separate SessionTimers struct which is safe
for concurrent use and which ecapsulates the behavior of the
sessionTimers map.
2017-07-07 09:22:34 +02:00
Frank Schroeder 05f756853e rpc: fix TestServer_Leave
wait for the leader election.
2017-07-07 09:22:34 +02:00
Frank Schroeder 583959392b rpc: fix TestSession_Renew
make the timing less tight
2017-07-07 09:22:34 +02:00
Frank Schroeder ff2c29c0be rpc: fix TestReadyForConsistentRead
timing was too tight. Standardized name.
2017-07-07 09:22:34 +02:00
Frank Schroeder fcab525053 rpc: fix for 'no leader' in TLS tests
Ensure both servers know about each other before looking
for a leader.
2017-07-07 09:22:34 +02:00
Frank Schroeder b2a71fd8b0 rpc: fix TestServer_JoinWAN_Flood
The second server in the first data center should not be
in bootstrap mode.
2017-07-07 09:22:34 +02:00
Frank Schroeder 8369b6cb9d rpc: provide unique node names for server and client 2017-07-07 09:22:34 +02:00
Frank Schroeder 534977239b rpc: prefix log output with test name 2017-07-07 09:22:34 +02:00
Frank Schroeder c8ef588d8d rpc: discover serf wan port before starting serf lan
When using dynamic ports for the serf clusters then
the actual bind port of the serf WAN cluster needs to
be discovered before the serf LAN cluster is started
since the serf LAN cluster announces the port of the WAN
cluster.
2017-07-07 09:22:34 +02:00
Frank Schroeder 53eab7e970 rpc: bind rpc test server to port 0 2017-07-07 09:22:34 +02:00
Frank Schroeder e9e2c599db rpc: refactor: unify test server setup 2017-07-07 09:22:34 +02:00
Frank Schroeder c803146550 rpc: fix typos 2017-07-07 09:22:34 +02:00
Frank Schroeder a0368e3827 agent: refactor: log to stderr during tests 2017-07-07 09:22:34 +02:00
Frank Schroeder 2afafe6911 agent: refactor: use handler for test http tls server 2017-07-07 09:22:34 +02:00
Frank Schroeder 63447a0cf3 agent: refactor: make address translation part of the agent 2017-07-07 09:22:34 +02:00
Preetha Appan f549c06764 Rename to raftNotifyCh, fix typo 2017-07-06 09:10:36 -05:00
Preetha Appan f2171a6720 Fixes deadlock between barrier write and leader notify channel read . Fixes #3230 2017-07-05 17:09:18 -05:00
Grégoire Seux 940b1513a6 Correctly forward Host header in healthcheck (#3203)
Host header must be set explicitely on http requests

Change-Id: I91a32f0fb1ec3fbc713adf0e10869797e91172c7
Signed-off-by: Grégoire Seux <g.seux@criteo.com>
2017-06-29 16:26:08 -07:00