Commit Graph

136 Commits

Author SHA1 Message Date
Kyle Havlovitz b70e419aeb Add TLS cipher suite options and CA path support (#2963)
This patch adds options to configure the available
TLS cipher suites and adds support for a path
for multiple CA certificates.

Fixes #2959
2017-04-27 01:29:39 -07:00
Frank Schroeder cf3ec1cf5c golint: Rename fields and structs 2017-04-25 09:26:13 -07:00
James Phillips fa04c24978
Adds a new -disable-host-node-id option to help when testing with containers.
Fixes #2877.
2017-04-12 22:07:18 -07:00
James Phillips 7e2dcb61bf
Changes `disable_remote_exec` default to true so remote exec is opt-in. 2017-03-30 09:43:32 -07:00
James Phillips 4d3f3ea8d2
Changes verson 8 ACLs to opt-out. 2017-03-24 12:12:24 -07:00
Seth Vargo 4622ac634b
Re-add RPC parsing
This makes the upgrade path a bit nicer, since people will likely have
older configurations. This prints out a warning instead of just failing
if the old rpc addr or ports definition is in the config.
2017-03-23 17:10:14 -04:00
Kyle Havlovitz 390f41d8d5
Add advanced autopilot features 2017-03-22 15:25:16 -07:00
Kyle Havlovitz 2eefe3ca5b
Add autopilot server health tracking
This adds two goroutines to perform autopilot tasks on the leader - one
to monitor the health of servers and another to periodically clean up
dead servers with a limit on removal count. Also adds a new http endpoint,
`/v1/operator/autopilot/health`, for querying this information through an
operator RPC endpoint.
2017-03-06 16:00:10 -08:00
Kyle Havlovitz ab6c49ab4c Merge pull request #2771 from hashicorp/f-autopilot
Autopilot dead server cleanup, config, and raft version compatibility
2017-02-28 15:04:16 -08:00
Kyle Havlovitz 92c8b9c3a0
Rename DeadServerCleanup and make wording adjustments 2017-02-28 14:45:21 -08:00
Kyle Havlovitz 9221aed856
Remove the RPC client interface and update docs 2017-02-28 13:41:09 -08:00
Kyle Havlovitz 81c7a0299e
Add state store table and endpoints for autopilot 2017-02-23 20:32:13 -08:00
Kyle Havlovitz 950a9d2212
Move raft_protocol out of autopilot config 2017-02-23 13:08:40 -08:00
Kyle Havlovitz b20fd222f6
Add raft version 2/3 compatibility 2017-02-22 12:53:32 -08:00
Kyle Havlovitz 07ba3ddb6e
Add TLSMinVersion to config options 2017-02-01 16:20:33 -05:00
James Phillips bd605e330c
Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
Kyle Havlovitz 5ddea8a5df
Merge branch 'master' into f-gce-discovery 2017-01-11 22:57:07 -05:00
Kyle Havlovitz 52d6fd831e
Add support for setting node metadata fields 2017-01-05 14:10:26 -08:00
James Phillips ca7a243b70
Adds ACL management support to the agent. 2016-12-14 07:07:41 -08:00
James Phillips 0139bbb963
Adds support for a new "acl_agent_token" which is used for internal
catalog operations.
2016-12-12 14:52:27 -08:00
Chris Marchesi 6500d1afaa command/agent: Google Compute Engine host discovery
This commit adds several command-line and config options that facilitate
host discovery through Google Compute Engine (GCE), much like the
recently added EC2 host discovery options. This should assist with
bootstrapping and joining servers within GCE when non-static addresses
are used, such as when using managed instance groups.

Documentation has also been added. It should be noted that if running
from within a GCE instance, the only option that should be necessary is
-retry-join-gce-tag-value.
2016-12-06 17:46:40 -08:00
James Phillips 8ae9e17dff
Adds an opt-in for new ACL policies and features coming in Consul 0.8. 2016-12-06 11:06:14 -08:00
matt maier 91a8b43d5a Update Circonus integration expose Check Display Name and Check Tags configuration options. 2016-11-09 15:33:37 -05:00
Kyle McCullough 73b281a27c Add setting to skip ssl certificate verification for HTTP checks (#1984)
* http check: add setting to skip ssl certificate verification

* update http check documentation

* fix typo in documentation

* Add TLSSkipVerify to agent api
2016-11-03 13:17:30 -07:00
James Phillips 233a3a101b Supports WAN and LAN Serf Bind Addresses. (#2468)
* * adding cli config and config file support for specifying the serf wan and lan bind addresses
* updating documentation for serf wan and lan options
Fixes #2007

* Cleans up some small things from #2380.

* Uses the bind default for the agent test for Serf WAN and LAN.
2016-11-03 12:58:58 -07:00
Kyle Havlovitz d4d6e2b482
Move EC2 discovery logic into retryJoin for robustness 2016-11-02 14:35:37 -04:00
Kyle Havlovitz 9c75e69f65
Add testing around EC2 discovery config 2016-11-01 18:26:15 -04:00
James Phillips 95d418d7da
Removes reap config option. 2016-10-06 21:45:18 -07:00
James Phillips d19995c067 Merge pull request #2322 from hashicorp/pr-2321-slackpad
Adds a configurable timeout for DNS recursor client.
2016-09-01 22:11:54 -07:00
James Phillips fce0052a70
Adds a recursor timeout line to the merge test. 2016-09-01 21:53:33 -07:00
Pivotal DX129 fe61650ef0 Merge remote-tracking branch 'upstream/master' 2016-09-01 10:15:32 -04:00
James Phillips 55ef6c54a6
Changes default for `leave_on_terminate` based on server or client mode. 2016-08-31 23:39:11 -07:00
James Phillips ed7356dd5c
Changes default DNS allow_stale to true. 2016-08-30 13:55:19 -07:00
Pierre Delagrave d9bd41fc4d Renamed dns config parameter internal_client_timeout for recursor_timeout 2016-08-26 15:22:04 -04:00
Pierre Delagrave 3fe117c24d Merge remote-tracking branch 'pierre/master' 2016-08-26 15:12:38 -04:00
James Phillips 17b70c7efd
Adds a max raft multiplier and tweaks documentation. 2016-08-25 15:36:05 -07:00
James Phillips 57db4bcce6
Adds performance tuning capability for Raft, detuned defaults, and supplemental docs. 2016-08-24 21:58:37 -07:00
Pierre Delagrave c8c4b9d344 Added a configurable timeout to the client making DNS queries to downstream name servers 2016-08-23 16:59:38 -04:00
James Phillips 4a3d7db24f
Adds ability to deregister a service based on critical check state longer than a timeout. 2016-08-16 01:00:26 -07:00
James Phillips bcb0f71759
Finishes up DNS compression by adding opt-out, tests, and documentation. Fixes trim routine. 2016-08-11 16:27:08 -07:00
James Phillips d336bdd7b0
Adds basic ACL replication plumbing. 2016-08-03 21:24:04 -07:00
James Phillips 500ea080d2 Removes top-level key support for Circonus configs.
This was a feature to help migrate to the new telemetry sub-structure,
but since this is all new we don't need it.
2016-07-19 15:46:57 -07:00
matt maier f4525d2582 fix: typo coupled, default token app to "consul", switch submit_interval/SubmitInterval to submission_interval/SubmissionInterval 2016-07-18 15:46:11 -04:00
matt maier fb76256c26 Add Circonus support for Telemetry metrics 2016-07-18 09:34:43 -04:00
James Phillips cf00c11221 Sets an anti-footgun floor for the configurable reap time. 2016-04-20 13:49:51 -07:00
James Phillips eedeba682b Makes reap time configurable for LAN and WAN. 2016-04-11 00:38:25 -07:00
Sean Chittenden 45bd128f12 Rely exclusively on error to signal failure
Pointed out by: slackpad
2016-04-01 10:34:45 -07:00
Sean Chittenden 7a814fce63 Print a helpful message re: duplicate addresses
IP sockets provide nice endpoints where the kernel will fail to bind and will error out saying socket already in use.  UNIX sockets, however, don't enjoy this nice property when cleaning up stale sockets on listen.  Given the number of addresses in Consul, provide operators with a helpful message that indicates the source of the reused address.

Before this fix, it was possible for the HTTP socket to unlink the RPC socket, leading to confusing blocked behavior when running commands like `consul info`.

```
% cat tmp.config.json
{
    "addresses": {
	"http": "unix:///tmp/.consul.sock",
	"rpc": "unix:///tmp/.consul.sock"
    },
    "unix_sockets": {
	"mode": "0700"
    }
}
% consul agent -config-file tmp.config.json -advertise=127.0.0.1 -data-dir=/tmp/
==> All listening endpoints must be unique: HTTP address already configured for RPC
Exit 1
```
2016-04-01 10:20:45 -07:00
Sean Chittenden 5994c9efbf skip_leave_on_int's default changes based on agent mode
`skip_leave_on_int`'s behavior now changes based on whether or not the agent is acting as a client or server.

Fixes: 1687
2016-03-31 17:45:14 -07:00
Sean Chittenden c2d4354563 Use a non-default config value 2016-03-29 23:06:31 -07:00