Matt Keeler
c891e264ca
Fix issue with choosing a client addr that is 0.0.0.0 or ::
2018-07-16 16:30:15 -04:00
Mitchell Hashimoto
d6ecd97d1d
agent: use the correct ACL token for alias checks
2018-07-12 10:17:53 -07:00
Mitchell Hashimoto
19ced12668
agent: alias checks have no interval
2018-07-12 09:36:11 -07:00
Mitchell Hashimoto
4a67beb734
agent: run alias checks
2018-07-12 09:36:10 -07:00
Paul Banks
9015cd62ab
Merge pull request #4381 from hashicorp/proxy-check-default
...
Proxy check default
2018-07-12 17:08:35 +01:00
Matt Keeler
7572ca0f37
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
...
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
Paul Banks
bb9a5c703b
Default managed proxy TCP check address sanely when proxy is bound to 0.0.0.0.
...
This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.
2018-07-12 12:57:10 +01:00
Matt Keeler
c54b43bef3
PR Updates
...
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
Matt Keeler
3b6eef8ec6
Pass around an API Config object and convert to env vars for the managed proxy
2018-07-10 12:13:51 -04:00
Matt Keeler
962f6a1816
Remove https://prefix from TLSConfig.Address
2018-07-09 12:31:15 -04:00
mkeeler
6813a99081
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Mitchell Hashimoto
a76f652fd2
agent: convert the proxy bind_port to int if it is a float
2018-06-25 12:26:18 -07:00
Paul Banks
17789d4fe3
register TCP check for managed proxies
2018-06-25 12:25:40 -07:00
Paul Banks
280f14d64c
Make proxy only listen after initial certs are fetched
2018-06-25 12:25:40 -07:00
Paul Banks
420ae3df69
Limit proxy telemetry config to only be visible with authenticated with a proxy token
2018-06-25 12:25:39 -07:00
Paul Banks
c6ef6a61c9
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
8aeb7bd206
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
Mitchell Hashimoto
a82726f0b8
agent: RemoveProxy also removes the proxy service
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
ed98d65c2b
agent/proxy: AllowRoot to disable executing managed proxies when root
2018-06-25 12:25:11 -07:00
Paul Banks
e57aa52ca6
Warn about killing proxies in dev mode
2018-06-25 12:24:16 -07:00
Paul Banks
d1c67d90bc
Fixs a few issues that stopped this working in real life but not caught by tests:
...
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
- Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
- Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
- Naming things
2018-06-25 12:24:14 -07:00
Paul Banks
85d6502ab3
Don't kill proxies on agent shutdown; backport manager close fix
2018-06-25 12:24:13 -07:00
Paul Banks
cdc7cfaa36
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
8cf4b3a6eb
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
Paul Banks
2b377dc624
Run daemon processes as a detached child.
...
This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie.
I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.
2018-06-25 12:24:08 -07:00
Paul Banks
e21723a891
Persist proxy state through agent restart
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
cd39f09693
agent: leaf endpoint accepts name, not service ID
...
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
2018-06-14 09:42:20 -07:00
Paul Banks
a80559e439
Make invalid clusterID be fatal
2018-06-14 09:42:17 -07:00
Paul Banks
4aeab3897c
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Mitchell Hashimoto
cfcd733609
agent/cache: implement refresh backoff
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
e54e69d11f
agent: verify local proxy tokens for CA leaf + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
a099c27b07
agent: verify proxy token for ProxyConfig endpoint + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
aaca1fbcf5
agent: increase timer for blocking cache endpoints
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
f5e7993249
agent: clarify why we Kill still
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
2809203408
agent: restore proxy snapshot but still Kill proxies
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
f5ccc65295
agent: only set the proxy manager data dir if its set
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
1e7f253b53
agent/proxy: write pid file whenever the daemon process changes
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
6cdacd1fd9
agent/proxy: send logs to the correct location for daemon proxies
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
171bf8d599
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
6ae95d754c
agent: use os.Executable
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
6539280f2a
agent: fix crash that could happen if proxy was nil on load
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
1a2b28602c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
476ea7b04a
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Paul Banks
90c574ebaa
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Paul Banks
1b197d934a
Don't allow connect watches in agent/cli yet
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
daa8dd1779
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Mitchell Hashimoto
051f004683
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
bd3b8e042a
agent/cache: address PR feedback, lots of typos
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
6c01e402e0
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
6902d721d6
agent: initialize the cache and cache the CA roots
2018-06-14 09:42:00 -07:00
Paul Banks
8d09381b96
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict...
2018-06-14 09:41:58 -07:00
Paul Banks
d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
2018-06-14 09:41:57 -07:00
Paul Banks
3e3f0e1f31
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
e6071051cf
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Matt Keeler
40e6d9c720
Fixup a weird merge problem
2018-06-11 16:27:39 -04:00
Matt Keeler
08e26d10b8
Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
...
# Conflicts:
# agent/agent.go
# agent/consul/client.go
2018-06-11 16:11:36 -04:00
Matt Keeler
65746b2f8f
Apply the limits to the clients rpcLimiter
2018-06-11 15:51:17 -04:00
Matt Keeler
88a8c5e968
Merge pull request #4156 from hashicorp/enterprise-coexistence
...
Enterprise/Licensing Cleanup
2018-06-05 10:50:32 -04:00
Matt Keeler
1fbe828c35
Add RunWithConfig and put Run signature back to normal
2018-05-31 20:22:14 -04:00
Matt Keeler
8e0e239e42
Allow passing in a config to the watch plan to use when creating the API client
...
This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
2018-05-31 17:07:36 -04:00
Matt Keeler
b6e9abe926
Allow for easy enterprise/oss coexistence
...
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
Preetha Appan
d721da7b67
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
66f31cd25a
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Kyle Havlovitz
b73323aa42
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Jared Wasinger
672a2a3577
agent: reload limits upon restart
2018-04-08 14:28:29 -07:00
runsisi
b082c8d3ab
minor fix for endpoints shutdown
...
Signed-off-by: runsisi <runsisi@zte.com.cn>
2018-03-29 21:45:46 +08:00
Matt Keeler
ea6767d8bc
Merge pull request #3990 from hashicorp/b-gh-3854
...
Warn when node name isnt a valid DNS label
2018-03-29 09:04:47 -04:00
Preetha
3c96d64eaa
Merge pull request #3984 from hashicorp/f-allow-federation-disable
...
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-27 16:05:53 -05:00
Matt Keeler
ebc6f414ac
Formatting update
2018-03-27 16:31:27 -04:00
Preetha Appan
226cb2e95c
fix typo and remove comment
2018-03-27 14:28:05 -05:00
Matt Keeler
3facce6bfa
GH-3854: Warn when node name isnt a valid DNS label
2018-03-27 15:00:33 -04:00
Preetha Appan
d77ab91123
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
Guido Iaquinti
8cd11d5888
Add package name to log output
2018-03-21 15:56:14 +00:00
Josh Soref
94835a2715
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
James Phillips
533f65b7a6
Merge pull request #3845 from 42wim/tagfix
...
Fix service tags not added to health check. Part two
2018-02-05 16:18:00 -08:00
James Phillips
e748c63fff
Merge pull request #3855 from hashicorp/pr-3782-slackpad
...
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00
James Phillips
5f31c8d8d3
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00
Wim
ce771f1fb3
Fix service tags not added to health check. Part two
2018-01-29 20:32:44 +01:00
Veselkov Konstantin
5f38e1148a
fix refactoring
2018-01-28 22:53:30 +04:00
Veselkov Konstantin
7de57ba4de
remove golint warnings
2018-01-28 22:40:13 +04:00
Kyle Havlovitz
68ae92cb8c
Don't remove the files, just log an error
2018-01-19 14:25:51 -08:00
Kyle Havlovitz
4e325a6b8f
Add graceful handling of malformed persisted service/check files.
...
Previously a change was made to make the file writing atomic,
but that wasn't enough to cover something like an OS crash so we
needed something here to handle the situation more gracefully.
Fixes #1221 .
2018-01-19 14:07:36 -08:00
Dmytro Kostiuchenko
1a10b08e82
Add gRPC health-check #3073
2018-01-04 16:42:30 -05:00
James Phillips
f491a55e47
Merge pull request #3642 from yfouquet/master
...
[Fix] Service tags not added to health checks
2017-12-14 13:59:39 -08:00
James Phillips
2892f91d0b
Copies the autopilot settings from the runtime config.
...
Fixes #3730
2017-12-13 10:32:05 -08:00
Yoann Fouquet
986148cfe5
[Fix] Service tags not added to health checks
...
Since commit 9685bdcd0b
, service tags are added to the health checks.
Otherwise, when adding a service, tags are not added to its check.
In updateSyncState, we compare the checks of the local agent with the checks of the catalog.
It appears that the service tags are different (missing in one case), and so the check is synchronized.
That increase the ModifyIndex periodically when nothing changes.
Fixed it by adding serviceTags to the check.
Note that the issue appeared in version 0.8.2.
Looks related to #3259 .
2017-12-12 13:39:37 +01:00
James Phillips
93f68555d0
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
James Phillips
4a2cafe525
Adds HTTP/2 support to Consul's HTTPS server. ( #3657 )
...
* Refactors the HTTP listen path to create servers in the same spot.
* Adds HTTP/2 support to Consul's HTTPS server.
* Vendors Go HTTP/2 library and associated deps.
2017-11-07 15:06:59 -08:00
Kyle Havlovitz
dbab3cd5f6
Merge branch 'master' into esm-changes
2017-11-01 11:37:48 -07:00
Frank Schroeder
164ec3ec39
docker: stop previous check on replace
2017-10-26 12:03:07 +02:00
Kyle Havlovitz
ce4e8c46fa
Add deregister critical service field and refactor duration parsing
2017-10-25 19:17:41 -07:00
Frank Schroeder
8f145559d8
Decouple the code that executes checks from the agent
2017-10-25 11:18:07 +02:00
Frank Schroeder
3231385089
ae: fix typo in constructor name
2017-10-23 10:56:05 +02:00
Frank Schroeder
de57b16d99
local state: address review comments
...
* move non-blocking notification mechanism into ae.Trigger
* move Pause/Resume into separate type
2017-10-23 10:56:04 +02:00
Frank Schroeder
b803bf3091
local state: tests compile
2017-10-23 10:56:03 +02:00
Frank Schroeder
0a9ac9749e
local state: replace multi-map state with structs
...
The state of the service and health check records was spread out over
multiple maps guarded by a single lock. Access to the maps has to happen
in a coordinated effort and the tests often violated this which made
them brittle and racy.
This patch replaces the multiple maps with a single one for both checks
and services to make the code less fragile.
This is also necessary since moving the local state into its own package
creates circular dependencies for the tests. To avoid this the tests can
no longer access internal data structures which they should not be doing
in the first place.
The tests still don't compile but this is a ncessary step in that
direction.
2017-10-23 10:56:03 +02:00
Frank Schroeder
6027a9e2a5
local state: move to separate package
...
This patch moves the local state to a separate package to further
decouple it from the agent code.
The code compiles but the tests do not yet.
2017-10-23 10:56:03 +02:00
Frank Schroeder
c00bbdb5e4
agent: simplify some loops
2017-10-23 10:56:03 +02:00
Frank Schroeder
94ef1041a1
agent: cleanup StateSyncer
...
This patch cleans up the state syncer code by renaming fields, adding
helpers and documentation.
2017-10-23 10:56:03 +02:00