Commit Graph

308 Commits

Author SHA1 Message Date
Frank Schroeder 34fd31b7b1 agent: move config reloading into the agent 2017-06-03 19:08:50 +02:00
Frank Schroeder aa1519c9f7 agent: move parseMetaPair to config and export 2017-06-03 19:08:50 +02:00
Frank Schroeder d977aa1fe7 agent: move retry join into agent 2017-06-03 19:08:50 +02:00
Frank Schroeder 55a513da2e agent: add GossipEncrypted function
Remove dead code and expose a GossipEncrypted() method
on the agent instead of accessing the internal delegate.
2017-06-03 19:08:50 +02:00
James Phillips b0b5df579f
Cleans up an unrelated vet error. 2017-06-02 21:07:15 -07:00
Frank Schroeder 4034d0ac0b
agent: use agent logger for consul client and deps 2017-05-31 11:05:02 +02:00
Frank Schroeder a9451d596f
agent: set tcpKeepAliveListener when there is no error 2017-05-31 10:24:32 +02:00
Frank Schroeder d6c7404b34
agent: simplify shutdown timeout logging
Note that we are currently timing out every time. This still
needs to be investigated.
2017-05-31 09:41:58 +02:00
Frank Schroeder 30ba712857
agent: set proto to http since we are logging it now 2017-05-31 09:41:16 +02:00
Frank Schroeder ec729693d7
Address review comments 2017-05-31 01:05:21 +02:00
Frank Schroeder b6c69ebf5d
agent: refactor DNS and HTTP server
* refactor DNS server to be ready for multiple bind addresses
* drop tcpKeepAliveListener since it is default for the HTTP servers
* add startup timeout watcher for HTTP servers identical to DNS server
2017-05-31 00:29:29 +02:00
Frank Schroeder 10540f8d5f
agent: fix logging
* use agent logger for consul/serf/raft/dns/agent/...
* support optional id for concurrent tests
2017-05-31 00:29:27 +02:00
Frank Schroeder 1df74e36bd
agent: print more useful shutdown message 2017-05-31 00:29:27 +02:00
Frank Schroeder 0325a42089
test: fix data race with endpoints 2017-05-31 00:29:26 +02:00
Frank Schroeder e16589c079
agent: shutdown delegate if created
When the TestAgent shuts down a half-started agent
the delegate may not have been created at this point.
2017-05-31 00:29:26 +02:00
Frank Schroeder 3658d4d428
test: address pull request comments 2017-05-31 00:29:25 +02:00
Frank Schroeder 3865f14a25
agent: simplify agent creation
This patch creates an agent with just a config struct
and allows for other fields to be set as required.
2017-05-31 00:29:23 +02:00
Frank Schroeder 82650f73e3
agent: move http/dns endpoints into agent
Move the HTTP and DNS endpoints into the agent and control
their lifespan via the agent.

This removes the requirement to manage HTTP and DNS servers
indpendent of the agent since the agent is mostly useless
without an endpoint and the endpoints without the agent.
2017-05-31 00:29:23 +02:00
Kyle Havlovitz 62f72f104c Add settings for upshifting to encrypted gossip (#3079) 2017-05-30 08:51:37 -07:00
Frank Schroeder 8ad66f4bea
agent: support custom check id and name
This patch adds support for a custom check id and name when
registering a service.

This is achieved by adding a CheckID and a Name field to the
CheckType structure which is used to register checks with a
service and when returning health check definitions.

CheckDefinition is a superset of CheckType which duplicates
some of the fields of CheckType. This patch decouples these
two structures by removing the embedding of CheckType in
CheckDefinition.

Fixes #3047
2017-05-17 20:17:08 +02:00
Frank Schroeder ad40a855bd agent: move isAddrANY to separate package 2017-05-15 22:44:43 +02:00
Frank Schroeder e2c37b47ee agent: Replace client/server with delegate interface
This patch adds a new internal interface clientServer
which defines the common methods of consul.Client and
consul.Server. This allows to replace the following
code

    if a.server != nil {
        a.server.do()
    } else {
        a.client.do()
    }

with

    a.delegate.do()

In case a specific type is required a type check can
be performed:

    if srv, ok := a.delegate.(*consul.Server); ok {
        srv.doSrv()
    }
2017-05-15 18:35:38 +02:00
Frank Schroeder 41f01a0cfc agent: allow "::" as IPv6 bind address
Fixes #2285
2017-05-15 17:51:33 +02:00
Frank Schroeder 914a83cae0 agent: use bind address as src unless INADDR_ANY
Use the bind address as source address for outgoing
RPC connections unless it is INADDR_ANY.

The current code uses the advertise address which will
not work in certain environments where the advertise
address is not routable in the network of the agent,
e.g. NAT environment, container... After all, that is
the purpose of the advertise address.

See #2822
2017-05-11 00:34:14 +02:00
Frank Schroeder e6c6f8cedd agent: use helper for INADDR_ANY 2017-05-11 00:34:14 +02:00
Kyle Havlovitz 5bab68b9bb Add a path for transitioning to TLS on an existing cluster (#3001)
Fixes #1705
2017-05-10 14:25:48 -07:00
Frank Schroeder 8c2b261c61 Use bind address as source for outgoing connections (#2822)
This patch configures consul to use the bind address as the
source address for outgoing connections.

Fixes #2822
2017-05-04 01:41:47 +02:00
Frank Schroeder fb83790cb9 Do not modify config after creation II
Move code for finding the advertise address via a
template into consulConfig() so that the config
object is not modified after creation.
2017-05-04 01:41:47 +02:00
Frank Schroeder a235986a28 Do not modify config after creation
Make sure the RPCAdvertise address is always set
so that the configuration does not have to be modified
after creation.
2017-05-04 01:41:47 +02:00
Frank Schroeder d34ba3e823 Cleanup agent config 2017-05-04 01:41:47 +02:00
Kyle Havlovitz cd56a5ebdd Add separate option for verifying incoming HTTPS traffic (#2974)
* Add separate option for verifying incoming HTTPS traffic
2017-04-28 16:15:55 -07:00
Kyle Havlovitz b70e419aeb Add TLS cipher suite options and CA path support (#2963)
This patch adds options to configure the available
TLS cipher suites and adds support for a path
for multiple CA certificates.

Fixes #2959
2017-04-27 01:29:39 -07:00
Frank Schroeder 3e00e36f41 golint: Untangle if blocks with return in else 2017-04-25 09:26:13 -07:00
Frank Schroeder eddb1af603 Remove duplicate constants
This patch removes duplicate internal copies of constants in the structs
package which are also defined in the api package. The api.KVOp type
with all its values for the TXN endpoint and the api.HealthXXX constants
are now used throughout the codebase.

This resulted in some circular dependencies in the testutil package
which have been resolved by copying code and constants and moving the
WaitForLeader function into a separate testrpc package.
2017-04-20 09:54:49 -07:00
James Phillips fa04c24978
Adds a new -disable-host-node-id option to help when testing with containers.
Fixes #2877.
2017-04-12 22:07:18 -07:00
Alex Dadgar 7f6d95f1c9 Hash host ID so its stable and well distributed
This PR takes the host ID and runs it through a hash so that it is well
distributed. This makes it so that machines that report similar host IDs
are easily distinguished.

Instances of similar IDs occur on EC2 where the ID is prefixed and on
motherboards created in the same batch.
2017-04-10 11:57:24 -07:00
James Phillips 8940d1c3fe
Keeps the service and check tokens around for deregistration.
We fixed a few related issues while we were in here. We now only let
services register checks with a matching token, and we also close out
service and check delete operations if the catalog deregister claims
it doesn't know about the ID of the service or check being deleted.
2017-03-24 17:15:20 -07:00
Kyle Havlovitz 390f41d8d5
Add advanced autopilot features 2017-03-22 15:25:16 -07:00
James Phillips 26dddb428c
Forces user-supplied node IDs to lower case for consistency. 2017-03-13 19:51:56 -07:00
Kyle Havlovitz 2eefe3ca5b
Add autopilot server health tracking
This adds two goroutines to perform autopilot tasks on the leader - one
to monitor the health of servers and another to periodically clean up
dead servers with a limit on removal count. Also adds a new http endpoint,
`/v1/operator/autopilot/health`, for querying this information through an
operator RPC endpoint.
2017-03-06 16:00:10 -08:00
Kyle Havlovitz ab6c49ab4c Merge pull request #2771 from hashicorp/f-autopilot
Autopilot dead server cleanup, config, and raft version compatibility
2017-02-28 15:04:16 -08:00
Kyle Havlovitz 92c8b9c3a0
Rename DeadServerCleanup and make wording adjustments 2017-02-28 14:45:21 -08:00
Kyle Havlovitz 9221aed856
Remove the RPC client interface and update docs 2017-02-28 13:41:09 -08:00
Kyle Havlovitz 81c7a0299e
Add state store table and endpoints for autopilot 2017-02-23 20:32:13 -08:00
Kyle Havlovitz b20fd222f6
Add raft version 2/3 compatibility 2017-02-22 12:53:32 -08:00
Kyle Havlovitz a533e255ab Merge pull request #2699 from hashicorp/f-tls-min-version
Add TLSMinVersion to config options
2017-02-01 16:31:53 -05:00
Kyle Havlovitz 07ba3ddb6e
Add TLSMinVersion to config options 2017-02-01 16:20:33 -05:00
Sean Chittenden fd2ae702c9
Re-cherry-pick 71d807f607 and e2320d69b6. 2017-02-01 10:27:04 -08:00
James Phillips 91f3555dd8 Revert "Adds gopsutil in the loop when trying to make the node ID." 2017-01-31 19:13:49 -08:00
James Phillips e2320d69b6
Gets rid of a goto. 2017-01-31 19:02:25 -08:00
James Phillips 71d807f607
Adds gopsutil into node ID process and attempts to use host ID, if availabile. 2017-01-31 08:51:33 -08:00
Kyle Havlovitz a55968f009
Merge branch 'master' into f-prepared-query-nodemeta 2017-01-23 20:17:48 -05:00
Kyle Havlovitz 3f3d7f9891
Add tests for node meta in prepared queries and update docs 2017-01-23 19:17:30 -05:00
James Phillips bd605e330c
Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
Kyle Havlovitz 7f91cd12f4
Add -node-meta to agent command line options 2017-01-11 16:09:04 -05:00
Kyle Havlovitz c9e430c396
Validate metadata config earlier and handle multiple filters 2017-01-11 15:12:03 -05:00
Kyle Havlovitz 03273e4ed2
Fix formatting 2017-01-09 13:49:33 -08:00
Kyle Havlovitz 84504a20fc
Add meta key validations and more tests 2017-01-09 11:21:49 -08:00
Kyle Havlovitz e44bcb9716
Add tests for node metadata functionality 2017-01-05 17:21:56 -08:00
Kyle Havlovitz 52d6fd831e
Add support for setting node metadata fields 2017-01-05 14:10:26 -08:00
James Phillips ca7a243b70
Adds ACL management support to the agent. 2016-12-14 07:07:41 -08:00
James Phillips bcf1ffad99
Adds complete ACL coverage for /v1/coordinate/nodes and Coordinate.Update RPC. 2016-12-12 14:52:27 -08:00
James Phillips 0139bbb963
Adds support for a new "acl_agent_token" which is used for internal
catalog operations.
2016-12-12 14:52:27 -08:00
James Phillips 66b437ca33
Removes the exception for the "consul" service in the catalog. 2016-12-07 17:58:23 -08:00
Sean Chittenden 830125a8b3
Run all known addresses through go-sockaddr/template.
The following is now possible:

```
$ consul agent -dev -client="{{GetPrivateIP}}" -bind='{{GetInterfaceIP "en0"}}'
```
2016-12-02 16:35:38 +11:00
Kyle Havlovitz bd69c6d871 Add reload/leave http endpoints (#2516) 2016-11-30 13:29:42 -05:00
Seth Vargo 4179aacf11
Add an API method for determining the best status
Given a list of HealthChecks, this determines the "best" status for the
collective group. This is useful for nodes and services, which may have
multiple checks associated with them.
2016-11-29 18:41:46 -05:00
Kyle Havlovitz 338e36cc5d Add logWriter to agent Create() method 2016-11-28 18:36:26 -05:00
Kyle Havlovitz 124f907063 Add monitor http endpoint 2016-11-28 18:36:26 -05:00
Kyle Havlovitz 92ce2c9e39 Use uuids in persist temp files to avoid race (#2494) 2016-11-09 15:22:53 -08:00
Kyle Havlovitz b1760b223e Improve logging when deregistering a nonexistent service (#2492)
Log a warning instead of a success message when attempting to deregister a nonexistent service. In Consul 0.8 this can be changed to giving an error outright, but for now we can keep the idempotent delete behavior.
2016-11-09 16:56:54 -05:00
Kyle Havlovitz 83d2f36b54 Merge pull request #2480 from hashicorp/b-atomic-writes
Atomic writes for persisting service/check state
2016-11-07 15:36:35 -05:00
Kyle Havlovitz 7a3e0f8275
Add a note about not calling sync for persistCheckState 2016-11-07 15:24:31 -05:00
Kyle Havlovitz e30b289c6f
Call fsync() for saving check/service state 2016-11-07 13:51:03 -05:00
Kyle McCullough 73b281a27c Add setting to skip ssl certificate verification for HTTP checks (#1984)
* http check: add setting to skip ssl certificate verification

* update http check documentation

* fix typo in documentation

* Add TLSSkipVerify to agent api
2016-11-03 13:17:30 -07:00
James Phillips 233a3a101b Supports WAN and LAN Serf Bind Addresses. (#2468)
* * adding cli config and config file support for specifying the serf wan and lan bind addresses
* updating documentation for serf wan and lan options
Fixes #2007

* Cleans up some small things from #2380.

* Uses the bind default for the agent test for Serf WAN and LAN.
2016-11-03 12:58:58 -07:00
James Phillips c01a3871c9 Adds support for snapshots and restores. (#2396)
* Updates Raft library to get new snapshot/restore API.

* Basic backup and restore working, but need some cleanup.

* Breaks out a snapshot module and adds a SHA256 integrity check.

* Adds snapshot ACL and fills in some missing comments.

* Require a consistent read for snapshots.

* Make sure snapshot works if ACLs aren't enabled.

* Adds a bit of package documentation.

* Returns an empty response from restore to avoid EOF errors.

* Adds API client support for snapshots.

* Makes internal file names match on-disk file snapshots.

* Adds DC and token coverage for snapshot API test.

* Adds missing documentation.

* Adds a unit test for the snapshot client endpoint.

* Moves the connection pool out of the client for easier testing.

* Fixes an incidental issue in the prepared query unit test.

I realized I had two servers in bootstrap mode so this wasn't a good setup.

* Adds a half close to the TCP stream and fixes panic on error.

* Adds client and endpoint tests for snapshots.

* Moves the pool back into the snapshot RPC client.

* Adds a TLS test and fixes half-closes for TLS connections.

* Tweaks some comments.

* Adds a low-level snapshot test.

This is independent of Consul so we can pull this out into a library
later if we want to.

* Cleans up snapshot and archive and completes archive tests.

* Sends a clear error for snapshot operations in dev mode.

Snapshots require the Raft snapshots to be readable, which isn't supported
in dev mode. Send a clear error instead of a deep-down Raft one.

* Adds docs for the snapshot endpoint.

* Adds a stale mode and index feedback for snapshot saves.

This gives folks a way to extract data even if the cluster has no
leader.

* Changes the internal format of a snapshot from zip to tgz.

* Pulls in Raft fix to cancel inflight before a restore.

* Pulls in new Raft restore interface.

* Adds metadata to snapshot saves and a verify function.

* Adds basic save and restore snapshot CLI commands.

* Gets rid of tarball extensions and adds restore message.

* Fixes an incidental bad link in the KV docs.

* Adds documentation for the snapshot CLI commands.

* Scuttle any request body when a snapshot is saved.

* Fixes archive unit test error message check.

* Allows for nil output writers in snapshot RPC handlers.

* Renames hash list Decode to DecodeAndVerify.

* Closes the client connection for snapshot ops.

* Lowers timeout for restore ops.

* Updates Raft vendor to get new Restore signature and integrates with Consul.

* Bounces the leader's internal state when we do a restore.
2016-10-25 19:20:24 -07:00
James Phillips 03ae813bc7 Merge pull request #2389 from hashicorp/jbs-2019
Lower Service tag DNS warning to DEBUG for #2019
2016-10-24 17:05:02 -07:00
Brian Shumate 74a8fbef06
Lower Service tag DNS warning to DEBUG for #2019 2016-10-05 08:45:01 -04:00
Adam Wolfe Gordon 5ac5a8ccfc agent: Stop reaping child processes (resolves #1988)
The consul docker image now uses dumb-init to reap child processes, so
there's no need to reap them ourselves.
2016-10-04 09:36:41 -06:00
James Phillips 57db4bcce6
Adds performance tuning capability for Raft, detuned defaults, and supplemental docs. 2016-08-24 21:58:37 -07:00
James Phillips 4c7a0ed3b0
Merge branch 'master' into f-deregister-critical 2016-08-16 12:53:21 -07:00
James Phillips ba60afd5d8
Cleans up based on code review feedback. 2016-08-16 12:52:30 -07:00
James Phillips fbdd021ab9
Adds an "lan" tagged address so we have a way to get them all.
If we didn't have this, then there would be no way to know the LAN
address if address translation was turned on.
2016-08-16 10:49:03 -07:00
James Phillips 4a3d7db24f
Adds ability to deregister a service based on critical check state longer than a timeout. 2016-08-16 01:00:26 -07:00
James Phillips d336bdd7b0
Adds basic ACL replication plumbing. 2016-08-03 21:24:04 -07:00
Cameron Davison d138752249
atomic write service state and checks files, fixes #1221 2016-08-03 10:34:12 -05:00
Sean Chittenden 112f3fd468
Give log reviewers a hint as to which check is failing 2016-06-20 15:25:21 -07:00
Sean Chittenden 63adcbd5ef
Revert "Move `structs.CheckID` to a new top-level package, `types`."
This reverts commit 2bbd52e3b44ff1b60939a8400264d534662d6d51.
2016-06-07 16:59:02 -04:00
Sean Chittenden cbb945e76a
Move `structs.CheckID` to a new top-level package, `types`.
Per discussion w/ @slackpad, move this type to its own top-level package
2016-06-07 16:59:02 -04:00
Sean Chittenden f5ab25163e
Move `structs.CheckID` to a new top-level package, `types`.
Per discussion w/ @slackpad, move this type to its own top-level package
2016-06-07 16:59:02 -04:00
Sean Chittenden ddbe64a8c8
Float a type balloon. Some strings are square pegs in round holes.
This experiment was brought about because of variable naming
confusion where name and checkIDs were interchanged.  Gave CheckID
an Qualified Type Name and chased downstream changes.
2016-06-07 16:59:02 -04:00
James Phillips 7bf684ece1 Fixes some bad error returns in the persist service and check paths. 2016-04-26 15:03:26 -07:00
James Phillips ceac68c5eb Merge pull request #1762 from mshean/script-timeout
Add Timeout field to CheckMonitor
2016-04-24 23:08:06 -07:00
Matt Shean fe4107019e add Timeout field to CheckMonitor 2016-04-20 11:41:30 -07:00
James Phillips eedeba682b Makes reap time configurable for LAN and WAN. 2016-04-11 00:38:25 -07:00
Wim b5d45322b4 Allow [::] as a bind address (binds to first public IPv6 address) 2016-03-18 23:59:44 +01:00
James Phillips c60a526fde Sets up config for more address tags down the road, renames struct members. 2016-02-07 10:37:34 -08:00
Evan Gilman 8fa2a60208 Rectify value of `AdvertiseAddrWan` when set elsewhere
`AdvertiseAddrs` has been introduced as a configuration option, which
duplicates a few other options, namely `AdvertiseAddrWan`. We need to
use this value elsewhere, so rather than doing a precedence check every
time we need to access it, rectify the value of `AdvertiseAddrWan` to
match
2016-02-06 23:01:45 -08:00
Sean Chittenden 7af6a94edb Factor out duplicate functions into a lib package
Consolidate code duplication and tests into a single lib package.  Most of these functions were from various **/util.go functions that couldn't be imported due to cyclic imports.  The consul/lib package is intended to be a terminal node in an import DAG and a place to stash various consul-only helper functions.  Pulled in hashicorp/go-uuid instead of consolidating UUID access.
2016-01-29 16:57:45 -08:00