Commit Graph

252 Commits

Author SHA1 Message Date
Matt Keeler 1ac888aa8c ACL documentation (#4824)
* Updating the ACL guide.

* Update the docs correctly

* Finish updating the ACL docs - for now.
2018-10-19 13:26:31 -07:00
Pierre Souchay fab55bee2b dns: implements prefix lookups for DNS TTL (#4605)
This will fix https://github.com/hashicorp/consul/issues/4509 and allow forinstance lb-* to match services lb-001 or lb-service-007.
2018-10-19 08:41:04 -07:00
Kyle Havlovitz c617326470 re-add Connect multi-dc config changes
This reverts commit 8bcfbaffb6.
2018-10-19 08:41:03 -07:00
Jack Pearkes 8bcfbaffb6 Revert "Connect multi-dc config" (#4784) 2018-10-11 17:32:45 +01:00
danielehc 40017f5e59
Update creating-certificates.html.md (#4780)
In case `verify_server_hostname` is set in the configuration, Consul checks the certificate against  `server.<datacenter>.<domain>`.

The name suggested by the guide generates errors like the following:
```
2018/10/10 12:42:20 [ERR] consul: Failed to confirm peer status for consul-3: rpc error getting client: failed to get conn: x509: certificate is valid for server.node.consul.labs, localhost, not server.consul.labs. Retrying in 16s...
```

Removing the `node` part from the certificate permits them to work also when that option is set.
2018-10-11 14:23:51 +02:00
Aestek 25f04fbd21 [Security] Add finer control over script checks (#4715)
* Add -enable-local-script-checks options

These options allow for a finer control over when script checks are enabled by
giving the option to only allow them when they are declared from the local
file system.

* Add documentation for the new option

* Nitpick doc wording
2018-10-11 13:22:11 +01:00
Paul Banks 51c0001aad
[WIP] Initial draft of Sidecar Service and Managed Proxy deprecation docs (#4752)
* Initial draft of Sidecar Service and Managed Proxy deprecation docs

* Service definition deprecation notices and sidecar service

* gRPC and sidecar service config options; Deprecate managed proxy options

* Envoy Docs: Basic envoy command; envoy getting started/intro

* Remove change that snuck in

* Envoy custom config example

* Add agent/service API docs; deprecate proxy config endpoint

* Misc grep cleanup for managed proxies; capitalize Envoy

* Updates to getting started guide

* Add missing link

* Refactor Envoy guide into a separate guide and add bootstrap reference notes.

* Add limitations to Envoy docs; Highlight no fixes for known managed proxy issues on deprecation page; clarify snake cae stuff; Sidecar Service lifecycle
2018-10-11 10:44:42 +01:00
Pierre Souchay 251156eb68 Added SOA configuration for DNS settings. (#4714)
This will allow to fine TUNE SOA settings sent by Consul in DNS responses,
for instance to be able to control negative ttl.

Will fix: https://github.com/hashicorp/consul/issues/4713

# Example

Override all settings:

* min_ttl: 0 => 60s
* retry: 600 (10m) => 300s (5 minutes),
* expire: 86400 (24h) => 43200 (12h)
* refresh: 3600 (1h) => 1800 (30 minutes)

```
consul agent -dev -hcl 'dns_config={soa={min_ttl=60,retry=300,expire=43200,refresh=1800}}'
```

Result:
```
dig +multiline @localhost -p 8600 service.consul

; <<>> DiG 9.12.1 <<>> +multiline @localhost -p 8600 service.consul
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36557
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;service.consul.		IN A

;; AUTHORITY SECTION:
consul.			0 IN SOA ns.consul. hostmaster.consul. (
				1537959133 ; serial
				1800       ; refresh (30 minutes)
				300        ; retry (5 minutes)
				43200      ; expire (12 hours)
				60         ; minimum (1 minute)
				)

;; Query time: 4 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Wed Sep 26 12:52:13 CEST 2018
;; MSG SIZE  rcvd: 93
```
2018-10-10 15:50:56 -04:00
Kyle Havlovitz 56dc426227 agent: add primary_datacenter and connect replication config options 2018-10-10 12:17:59 -07:00
Kyle Havlovitz 46c829b879 docs: deprecate acl_datacenter and replace it with primary_datacenter 2018-10-10 12:16:47 -07:00
Dan Brown 26c94764b8 Fix retry_join config documentation (#4757)
'retry_join': source data must be an array or slice, got string
2018-10-05 14:16:02 -04:00
Freddy 95c7098848 Update semaphore guide (#4661)
* Fill in gaps in semaphore guide
* Update to match that values come back b64 encoded
* Add that the value needs to be decoded
* Remove outdated reference to session1
* Fix some typos
* Clarify what is mean by a session having an active key
* Clarify requirements for lock holders in semaphore guide
2018-10-04 12:06:53 -10:00
Dan Brown d3b6750c3b Add Deployment Guide and update links (#4487)
* Adds Deployment Guide and update links
* Fixes releases link
* Re-organisation of content
* Cuts down "deployment" doc (which should focus on Reference Architecture) by moving raft and performance tuning to the Server Performance page which already covers some of this.
* Moves backups from "deployment" doc (which should focus on Reference Architecture) to "deployment-guide"
* Cleans up some notes and add single DC diagram
* Removes old link to deployment guide from nav
* Corrects minor styling, formatting, and grammar
2018-10-03 11:37:36 -10:00
Matt Keeler cc8327ed9a
Ensure that errors setting up the DNS servers get propagated back to the shell (#4598)
Fixes: #4578 

Prior to this fix if there was an error binding to ports for the DNS servers the error would be swallowed by the gated log writer and never output. This fix propagates the DNS server errors back to the shell with a multierror.
2018-09-07 10:48:29 -04:00
Geoffrey Grosenbach 72fac5b823
Adds XL machine spec and notes on large deployments (#4622)
* Adds XL machine spec and notes on large deployments
* Clarifies machine sizes
* Fixes internal links within the document
* Moves datacenter size guidelines to "Single Datacenter" section
2018-08-31 10:41:48 -05:00
Jack Pearkes c1bf14be30
website: use 127.0.0.1 instead of consul.rocks (#4523)
By default, the Consul agent listens on the local interface
at port 8500 for API requests. This change makes the API examples
using `curl` copy-pasteable for this default configuration.
2018-08-28 09:07:15 -07:00
Rémi Jouannet 2767ae860b
Update monitoring-telegraf.html.md 2018-08-24 16:48:02 +02:00
Miroslav Bagljas 3c23979afd Fixes #4483: Add support for Authorization: Bearer token Header (#4502)
Added Authorization Bearer token support as per RFC6750

* appended Authorization header token parsing after X-Consul-Token
* added test cases
* updated website documentation to mention Authorization header

* improve tests, improve Bearer parsing
2018-08-17 16:18:42 -04:00
sandstrom 14f19f75a6 Clarify port usage for agents (#4510) 2018-08-14 16:10:01 -07:00
Geoffrey Grosenbach a03512496f
Consul Production Deployment Guide
Renames guide to "Production Deployment"
Adds link in sidebar menu.
Implements edits suggested by Consul engineering team.
2018-08-10 11:51:05 -07:00
Geoffrey Grosenbach 5d2855ecda Remove all mention of Atlas, even in deprecated changelogs 2018-08-03 10:51:18 -07:00
Jeff Escalante 0f12370cfb a couple more corrections 2018-07-27 19:39:44 -04:00
Jeff Escalante 30d27d8356 fix a couple html errors (#4456) 2018-07-26 16:30:24 -07:00
Peter Souter 0888b435ee Adds Monitoring with Telegraf guide (#4227)
* Installing Telegraf
* Configuring Telegraf 
* Configuring Consul to send metrics to Telegraf
* Important metrics and aggregates
2018-07-23 16:46:43 -07:00
Matt Keeler d19c7d8882
Merge pull request #4303 from pierresouchay/non_blocking_acl
Only send one single ACL cache refresh across network when TTL is over
2018-07-10 08:57:33 -04:00
Pierre Souchay 1e7665c0d5 Updated documentation and adding more test case for async-cache 2018-07-01 23:50:30 +02:00
Pierre Souchay bfc83ce045 Updated ACL guide 2018-07-01 23:50:30 +02:00
Siva e281a3f925 Changes made :
1. Website
Changed some of the wordings and reorganized the content of the website.
2. Code:
Removed sleep and exit lines from the code.
2018-06-28 21:18:14 -04:00
Siva 7969d16e42 Added guide for Windows Service 2018-06-26 18:23:55 -04:00
mkeeler 6813a99081 Merge remote-tracking branch 'connect/f-connect' 2018-06-25 19:42:51 +00:00
Paul Banks 2a467003a0 Fix some doc typos. 2018-06-25 12:26:21 -07:00
Paul Banks f0059665bb Add proxy config reference and Complete TODOs in production guide 2018-06-25 12:26:20 -07:00
Paul Banks 959f0c612c Fix relative links 2018-06-25 12:26:20 -07:00
Paul Banks 20a6a40216 Link from getting started; note on incremental adoption 2018-06-25 12:26:20 -07:00
Paul Banks ac0c5c2bfa Connect production guide draft 1 2018-06-25 12:26:20 -07:00
Paul Banks b757b5cc48 Initial draft of connect production guide 2018-06-25 12:26:20 -07:00
Matt Keeler 585f0e8113
Merge pull request #4150 from hashicorp/topfunky-patch-1
Minor clarification of server nodes
2018-06-20 10:55:45 -04:00
Omar Khawaja 8f66362770
update encryption doc and add guide for creating certificates (#4238)
* update encryption doc and add guide for creating certificates in consul with cfssl

* add details about CLI and disabling HTTP

* delete $ symbols and add guide elements

* add missing periods and steps heading
2018-06-18 15:25:35 -04:00
Matt Keeler 5286b3843d Put systemd-resolved in backticks 2018-06-05 10:38:42 -04:00
Matt Keeler 316f0ea729 Mention that PTR queries get sent to all resolvers 2018-06-04 13:56:34 -04:00
Matt Keeler 1db6ab6f39 Update DNS forwarding docs to include how to use with systemd-resolved 2018-06-04 13:43:47 -04:00
Geoffrey Grosenbach 071576c0db
Minor clarification of server nodes
In **Node Removal** section, clarify that server nodes are being discussed.
2018-05-23 14:59:31 -07:00
Geoffrey Grosenbach 0c8e77b2a5 Consul production deployment guide 2018-05-11 19:30:13 -07:00
Geoffrey Grosenbach 660673f831 WIP Edits to Consul production deployment guide 2018-05-10 18:18:08 -07:00
Geoffrey Grosenbach 0fa62a8e3c WIP Consul deployment guide 2018-05-10 17:47:44 -07:00
Jack Pearkes 559d35156a
Merge pull request #3929 from sryabkov/patch-1
Highlighting the dead link in documentation
2018-03-19 16:00:32 -07:00
Jack Pearkes 6fb94ff40a website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes c66628a06f website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
2018-03-14 16:46:04 -07:00
Jack Pearkes 652e821511
Merge pull request #3884 from rberlind/master
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Sergei Ryabkov 82d195b695
Highlighting the dead link
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00