Commit Graph

79 Commits

Author SHA1 Message Date
Kyle Havlovitz bc997688e3 connect/ca: update Consul provider to use new cross-sign CSR method 2018-06-25 12:25:41 -07:00
Paul Banks 597e55e8e2 Misc test fixes 2018-06-25 12:25:39 -07:00
Paul Banks c6ef6a61c9 Refactor to use embedded struct. 2018-06-25 12:25:39 -07:00
Paul Banks 9f559da913 Revert telemetry config changes ready for cleaner approach 2018-06-25 12:25:39 -07:00
Paul Banks d83f2e8e21 Expose telemetry config from RuntimeConfig to proxy config endpoint 2018-06-25 12:25:38 -07:00
Paul Banks 8aeb7bd206 Disable TestAgent proxy execution properly 2018-06-25 12:25:38 -07:00
Mitchell Hashimoto f7fc026e18 agent/config: AllowManagedAPIRegistration 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 4897ca6545 agent/config: add AllowManagedRoot 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 927b45bf91 agent/config: move ports to `ports` structure, update docs 2018-06-25 12:24:15 -07:00
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct 2018-06-25 12:24:10 -07:00
Paul Banks cdc7cfaa36 Abandon daemonize for simpler solution (preserving history):
Reverts:
  - bdb274852ae469c89092d6050697c0ff97178465
  - 2c689179c4f61c11f0016214c0fc127a0b813bfe
  - d62e25c4a7ab753914b6baccd66f88ffd10949a3
  - c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
  - 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
  - 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks 8cf4b3a6eb Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy 2018-06-25 12:24:09 -07:00
Mitchell Hashimoto 37dde6d64a
agent/config: add managed proxy upstreams config to skip
agent/config will turn [{}] into {} (single element maps into a single
map) to work around HCL issues. These are resolved in HCL2 which I'm
sure Consul will switch to eventually.

This breaks the connect proxy configuration in service definition FILES
since we call this patch function. For now, let's just special-case skip
this. In the future we maybe Consul will adopt HCL2 and fix it, or we
can do something else if we want. This works and is tested.
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto 9a62bce03b
agent/config: default connect enabled in dev mode
This enables `consul agent -dev` to begin using Connect features with
the built-in CA. I think this is expected behavior since you can imagine
that new users would want to try.

There is no real downside since we're just using the built-in CA.
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests.
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz b081c34255
Fix config tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz daa8dd1779
Add CA config to connect section of agent config 2018-06-14 09:42:05 -07:00
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined. 2018-06-14 09:41:57 -07:00
Paul Banks e6071051cf
Added connect proxy config and local agent state setup on boot. 2018-06-14 09:41:57 -07:00
Preetha Appan d721da7b67
Also make snapshot interval configurable 2018-05-11 10:43:24 -05:00
Preetha Appan ad09865562
fix spacing 2018-05-11 10:43:24 -05:00
Preetha Appan 66f31cd25a
Make raft snapshot commit threshold configurable 2018-05-11 10:43:24 -05:00
Jack Pearkes 291e8b83ae
Merge pull request #4097 from hashicorp/remove-deprecated
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
Paul Banks 92c6fe0b1e
Make it work for WAN join too and add tests 2018-05-10 14:30:24 +01:00
Kyle Havlovitz ba3971d2c1
Remove deprecated metric names 2018-05-08 16:23:15 -07:00
Kyle Havlovitz b73323aa42
Remove the script field from checks in favor of args 2018-05-08 15:31:53 -07:00
Kyle Havlovitz cc214d45b6
Remove support for EnableTagOverride in config files 2018-05-07 16:19:13 -07:00
Kyle Havlovitz 6461087c25
Remove support for CheckID field in service check definitions 2018-05-07 16:15:08 -07:00
Dino Lukman d538b5666c Fix telemetry default prefix filter
If telemetry metrics contain a hostname starting with
'consul', the metrics will be filtered out the same way
as the deprecated metrics.
2018-05-02 16:56:29 +02:00
Paul Banks c8db140ff7
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition
[BUGFIX] Added Service Meta support in configuration files
2018-04-25 13:08:53 +01:00
Pierre Souchay 303997ff55 Improved unit test (example close to actual value) 2018-04-24 23:15:27 +02:00
Pierre Souchay eccc223480 Fixed Meta name for JSON + Added unit tests for HCL/JSON 2018-04-24 16:39:43 +02:00
Pierre Souchay 9bb15730a6 Added unit test on key length 2018-04-18 23:07:25 +02:00
Pierre Souchay 2f5e67534d Added unit tests for bad meta values 2018-04-18 22:57:33 +02:00
Pierre Souchay d2ab3deacf [BUGFIX] Added Service Meta support in configuration files
Fixes https://github.com/hashicorp/consul/issues/4045

Was not added by mistake in https://github.com/hashicorp/consul/pull/3881
2018-04-18 22:18:58 +02:00
Pierre Souchay 93a01b0949 Now use prometheus_retention_time > 0 to enable prometheus support 2018-04-06 14:21:05 +02:00
Pierre Souchay fd98fb1449 Added support exposing metrics in Prometheus format 2018-04-06 09:18:06 +02:00
Preetha a67d27c756
Adds discovery_max_stale (#4004)
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
Preetha Appan c7581d68c6
Renames agent API layer for service metadata to "meta" for consistency 2018-03-28 09:04:50 -05:00
Preetha daa61c5803
Merge pull request #3881 from pierresouchay/service_metadata
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
Preetha Appan 6c0bb5a810
Fix test and remove unused method 2018-03-27 09:44:41 -05:00
Preetha Appan d77ab91123
Allows disabling WAN federation by setting serf WAN port to -1 2018-03-26 14:21:06 -05:00
Josh Soref 94835a2715 Spelling (#3958)
* spelling: another

* spelling: autopilot

* spelling: beginning

* spelling: circonus

* spelling: default

* spelling: definition

* spelling: distance

* spelling: encountered

* spelling: enterprise

* spelling: expands

* spelling: exits

* spelling: formatting

* spelling: health

* spelling: hierarchy

* spelling: imposed

* spelling: independence

* spelling: inspect

* spelling: last

* spelling: latest

* spelling: client

* spelling: message

* spelling: minimum

* spelling: notify

* spelling: nonexistent

* spelling: operator

* spelling: payload

* spelling: preceded

* spelling: prepared

* spelling: programmatically

* spelling: required

* spelling: reconcile

* spelling: responses

* spelling: request

* spelling: response

* spelling: results

* spelling: retrieve

* spelling: service

* spelling: significantly

* spelling: specifies

* spelling: supported

* spelling: synchronization

* spelling: synchronous

* spelling: themselves

* spelling: unexpected

* spelling: validations

* spelling: value
2018-03-19 16:56:00 +00:00
Devin Canterberry 2187ab1e1c
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry 7236c95e11
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry c901307a47
🔒 Update supported TLS cipher suites
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
2018-03-15 10:19:46 -07:00
Pierre Souchay 0b7f620dc6 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Pierre Souchay 9a57dfd68a Fixed TestSanitize unit test 2018-02-11 12:11:11 +01:00
James Phillips e748c63fff
Merge pull request #3855 from hashicorp/pr-3782-slackpad
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00