Commit Graph

2696 Commits

Author SHA1 Message Date
R.B. Boyer 0fa96a2fa8 xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel (#9765)
Fixes #9311

This only fails if the kernel has ipv6 hard-disabled. It is not sufficient to merely not provide an ipv6 address for a network interface.
2021-02-19 20:39:21 +00:00
Daniel Nephin 5a8fc428bd Merge pull request #9772 from hashicorp/streamin-fix-bad-cached-snapshot
streaming: fix snapshot cache bug
2021-02-16 20:28:33 +00:00
Daniel Nephin 8db1a08fc9 Merge pull request #9758 from hashicorp/dnephin/fix-streaming-bugs
http: error if near is used with streaming
2021-02-12 15:38:33 +00:00
Chris Piraino db8cc8624b Log replication warnings when no error suppression is defined (#9320)
* Log replication warnings when no error suppression is defined

* Add changelog file
2021-02-10 23:32:04 +00:00
R.B. Boyer dd277b8ca8
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 (#9737) (#9753) 2021-02-10 13:28:12 -06:00
Daniel Nephin 137374adb7 Merge pull request #9745 from hashicorp/dnephin/fix-streaming-bugs
streaming: fix a couple bugs
2021-02-09 23:31:23 +00:00
R.B. Boyer 1b01d6f9f8
connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate (#9428) (#9733)
1.9.x backport of #9428
2021-02-09 16:55:11 -06:00
Matt Keeler 975c196f7c Stop background refresh of cached data for requests that result in ACL not found errors (#9738) 2021-02-09 15:16:35 +00:00
Freddy 760c28a2df Avoid potential proxycfg/xDS deadlock using non-blocking send 2021-02-08 23:18:32 +00:00
R.B. Boyer 17effdeb28 xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists (#9651)
Also fix a similar issue in Terminating Gateways that was masked by an overzealous test.
2021-02-08 16:20:32 +00:00
R.B. Boyer cab795ecc3 xds: deduplicate mesh gateway listeners in a stable way (#9650)
In a situation where the mesh gateway is configured to bind to multiple
network interfaces, we use a feature called 'tagged addresses'.
Sometimes an address is duplicated across multiple tags such as 'lan'
and 'lan_ipv4'.

There is code to deduplicate these things when creating envoy listeners,
but that code doesn't ensure that the same tag wins every time. If the
winning tag flaps between xDS discovery requests it will cause the
listener to be drained and replaced.
2021-02-05 22:28:52 +00:00
hashicorp-ci 30538fd8ff
update bindata_assetfs.go 2021-02-01 15:16:04 +00:00
R.B. Boyer fa9b61ba15 server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag (#9519)
This way we only have to wait for the serf barrier to pass once before
we can make use of federation state APIs Without this patch every
restart needs to re-compute the change.
2021-01-28 16:35:19 +00:00
Daniel Nephin 86afa3024a Merge pull request #9252 from hashicorp/dnephin/config-unmethod
config: remove Builder receiver from funcs that dont use it
2021-01-27 22:32:25 +00:00
Matt Keeler ab1e689c4a Upgrade raft-autopilot and wait for autopilot it to stop when revoking leadership (#9644)
Fixes: 9626
2021-01-27 16:15:37 +00:00
Hans Hasselberg a625d8f11b Add flags to support CA generation for Connect (#9585) 2021-01-27 07:55:24 +00:00
R.B. Boyer f25a21960e server: initialize mgw-wanfed to use local gateways more on startup (#9528)
Fixes #9342
2021-01-25 23:31:21 +00:00
R.B. Boyer 30c3af893a server: add OSS stubs supporting validation of source namespaces in service-intentions config entries (#9527) 2021-01-25 17:28:19 +00:00
R.B. Boyer 5fe99cc2bd server: when wan federating via mesh gateways only do heuristic primary DC bypass on the leader (#9366)
Fixes #9341
2021-01-22 16:07:06 +00:00
hashicorp-ci d2705af11f
update bindata_assetfs.go 2021-01-20 22:52:26 +00:00
John Cowen cdb1730a21 Fix -ui-content-path without regex (#9569)
* Add templating to inject JSON into an application/json script tag

Plus an external script in order to pick it out and inject the values we
need injecting into ember's environment meta tag.

The UI still uses env style naming (CONSUL_*) but we uses the new style
JSON/golang props behind the scenes.

Co-authored-by: Paul Banks <banks@banksco.de>
2021-01-20 18:48:32 +00:00
Matt Keeler fb09ac5456 Fix flaky test by marking mock expectations as optional (#9596)
These expectations are optional because in a slow CI environment the deadline to cancell the context might occur before the go routine reaches issuing the RPC. Either way we are successfully ensuring context cancellation is working.
2021-01-20 15:59:07 +00:00
Freddy f2cfbde1b0 Update topology mapping Refs on all proxy instance deletions (#9589)
* Insert new upstream/downstream mapping to persist new Refs

* Avoid upserting mapping copy if it's a no-op

* Add test with panic repro

* Avoid deleting up/downstreams from inside memdb iterator

* Avoid deleting gateway mappings from inside memdb iterator

* Add CHANGELOG entry

* Tweak changelog entry

Co-authored-by: Paul Banks <banks@banksco.de>
2021-01-20 15:18:09 +00:00
Daniel Nephin 7f14ce7a7e Merge pull request #9591 from hashicorp/dnephin/state-store-coordinates-iter
state: do not delete from inside an iteration (coordinates)
2021-01-19 23:17:29 +00:00
Matt Keeler 5f3a185cb0 Merge pull request #9570 from hashicorp/bugfix/9498 2021-01-19 21:30:47 +00:00
Chris Piraino db3400c22d Fix bug in usage metrics when multiple service instances are changed in a single transaction (#9440)
* Fix bug in usage metrics that caused a negative count to occur

There were a couple of instances were usage metrics would do the wrong
thing and result in incorrect counts, causing the count to attempt to
decrement below zero and return an error. The usage metrics did not
account for various places where a single transaction could
delete/update/add multiple service instances at once.

We also remove the error when attempting to decrement below zero, and
instead just make sure we do not accidentally underflow the unsigned
integer. This is a more graceful failure than returning an error and not
allowing a transaction to commit.

* Add changelog
2021-01-12 21:32:29 +00:00
Daniel Nephin 7efc2e7516 Merge pull request #9444 from hashicorp/dnephin/config-tests-sanitize
config: Use golden for TestRuntimeConfig_Sanitize
2021-01-11 22:43:01 +00:00
Pierre Souchay 2f80430304 Display a warning when rpc.enable_streaming = true is set on a client (#9530)
* Display a warning when rpc.enable_streaming = true is set on a client

This option has no effect when running as an agent

* Added warning when server starts with use_streaming_backend but without rpc.enable_streaming

* Added unit test
2021-01-08 20:23:58 +00:00
Daniel Nephin 6dd7d1c6e6 Merge pull request #9250 from hashicorp/dnephin/config-tags-2
config: remove unnecessary json/hcl struct tags
2021-01-08 19:09:18 +00:00
Daniel Nephin bac369b0f4 Merge pull request #9249 from hashicorp/dnephin/config-tags
config: use fields to detect enterprise-only settings
2021-01-08 00:50:15 +00:00
Daniel Nephin 156c14ae14 Merge pull request #9251 from hashicorp/dnephin/config-cleanup-flags-and-opts
config: move testing shims and cleanup some defaults
2021-01-08 00:22:03 +00:00
Daniel Nephin 223b85f89e Merge pull request #7583 from hashicorp/dnephin/id-printing
Fix printing of ID types
2021-01-08 00:02:59 +00:00
Daniel Nephin 36193c17d1 Merge pull request #9461 from hashicorp/dnephin/xds-server
xds: enable race detector and some small cleanup
2021-01-07 23:35:32 +00:00
Daniel Nephin 7292fe7db0 Merge pull request #9213 from hashicorp/dnephin/resolve-tokens-take-2
acl: Remove some unused things and document delegate method
2021-01-06 23:52:17 +00:00
Daniel Nephin 84a9ac1589 Merge pull request #9512 from pierresouchay/streaming_fix_grpc_tls2
[Streaming][bugfix] handle TLS signalisation when TLS is disabled on client side (alternative to #9494)
2021-01-06 22:11:21 +00:00
Daniel Nephin c18234cba1 Merge pull request #9067 from naemono/6074-allow-config-MaxHeaderBytes
Adds option to configure HTTP Server's MaxHeaderBytes
2021-01-05 17:29:33 +00:00
Matt Keeler 3faee062a5 Special case the error returned when we have a Raft leader but are not tracking it in the ServerLookup (#9487)
This can happen when one other node in the cluster such as a client is unable to communicate with the leader server and sees it as failed. When that happens its failing status eventually gets propagated to the other servers in the cluster and eventually this can result in RPCs returning “No cluster leader” error.

That error is misleading and unhelpful for determing the root cause of the issue as its not raft stability but rather and client -> server networking issue. Therefore this commit will add a new error that will be returned in that case to differentiate between the two cases.
2021-01-04 19:05:53 +00:00
R.B. Boyer 85205a63e8 server: deletions of intentions by name using the intention API is now idempotent (#9278)
Restoring a behavior inadvertently changed while fixing #9254
2021-01-04 17:27:50 +00:00
John Cowen 6cd7ad3952 api: Ensure the internal/ui/service endpoint responds with an array (#9397)
In some circumstances this endpoint will have no results in it (dues to
ACLs, Namespaces or filtering).

This ensures that the response is at least an empty array (`[]`) rather
than `null`
2020-12-15 16:52:37 +00:00
hashicorp-ci 8b9b803589
update bindata_assetfs.go 2020-12-11 03:26:04 +00:00
R.B. Boyer aa03e9979e acl: global tokens created by auth methods now correctly replicate to secondary datacenters (#9351)
Previously the tokens would fail to insert into the secondary's state
store because the AuthMethod field of the ACLToken did not point to a
known auth method from the primary.
2020-12-09 21:27:24 +00:00
Kenia 0ee745c899 Create consul version metric with version label (#9350)
* create consul version metric with version label

* agent/agent.go: add pre-release Version as well as label

Co-Authored-By: Radha13 <kumari.radha3@gmail.com>

* verion and pre-release version labels.

* hyphen/- breaks prometheus

* Add Prometheus gauge defintion for version metric

* Add new metric to telemetry docs

Co-authored-by: Radha Kumari <kumari.radha3@gmail.com>
Co-authored-by: Aestek <thib.gilles@gmail.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-12-09 14:17:51 +00:00
Kyle Havlovitz 38bbf32a9c Merge pull request #9318 from hashicorp/ca-update-followup
connect: Fix issue with updating config in secondary
2020-12-02 20:18:26 +00:00
Kyle Havlovitz ff93919034 Merge pull request #9009 from hashicorp/update-secondary-ca
connect: Fix an issue with updating CA config in a secondary datacenter
2020-11-30 22:50:26 +00:00
Daniel Nephin 60d7f30169 Merge pull request #9284 from hashicorp/dnephin/agent-service-register
local: mark service as InSync when added to local agent state
2020-11-27 20:50:53 +00:00
Hans Hasselberg b3a0b8edd9 fix serf_wan documentation (#9289)
WAN config is different than LAN config, source of truth is
f72d2042a8/config.go (L315-L326)
and now the docs are correct.
2020-11-27 19:51:04 +00:00
Daniel Nephin d230cea541 Merge pull request #9247 from pierresouchay/streaming_predictible_order_for_health
[Streaming] Predictable order for results of /health/service/:serviceName to mimic memdb
2020-11-25 20:55:00 +00:00
Mike Morris 3ee6d1c14f
Merge branch 'release/1.9.x' into release/1.9.0 2020-11-24 14:50:39 -05:00
Mike Morris dbb1249f13 Merge branch 'stable-website' into release/1.9.0 2020-11-24 14:44:53 -05:00
hashicorp-ci 79bb27a363
update bindata_assetfs.go 2020-11-24 19:05:48 +00:00