Kyle Havlovitz
bc997688e3
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
6a2fc00997
connect/ca: add URI SAN support to the Vault provider
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
1a8ac686b2
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
Paul Banks
597e55e8e2
Misc test fixes
2018-06-25 12:25:39 -07:00
Paul Banks
c6ef6a61c9
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
9f559da913
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
Paul Banks
d83f2e8e21
Expose telemetry config from RuntimeConfig to proxy config endpoint
2018-06-25 12:25:38 -07:00
Paul Banks
8aeb7bd206
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
Mitchell Hashimoto
f7fc026e18
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
4897ca6545
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
Kyle Havlovitz
edbeeeb23c
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
Paul Banks
0824d1df5f
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
927b45bf91
agent/config: move ports to `ports` structure, update docs
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto
1830c6b308
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
Paul Banks
cdc7cfaa36
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
8cf4b3a6eb
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
Matt Keeler
7f7c703118
Update the runtime tests
2018-06-19 13:59:26 -04:00
Matt Keeler
8216816e3f
Make filtering out TXT RRs only apply when they would end up in Additional section
...
ANY queries are no longer affected.
2018-06-19 10:08:16 -04:00
Mitchell Hashimoto
37dde6d64a
agent/config: add managed proxy upstreams config to skip
...
agent/config will turn [{}] into {} (single element maps into a single
map) to work around HCL issues. These are resolved in HCL2 which I'm
sure Consul will switch to eventually.
This breaks the connect proxy configuration in service definition FILES
since we call this patch function. For now, let's just special-case skip
this. In the future we maybe Consul will adopt HCL2 and fix it, or we
can do something else if we want. This works and is tested.
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
965a902474
agent/structs: validate service definitions, port required for proxy
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
9a62bce03b
agent/config: default connect enabled in dev mode
...
This enables `consul agent -dev` to begin using Connect features with
the built-in CA. I think this is expected behavior since you can imagine
that new users would want to try.
There is no real downside since we're just using the built-in CA.
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
aaa2431350
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks
e0e12e165b
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz
b081c34255
Fix config tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
daa8dd1779
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Paul Banks
3e3f0e1f31
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
e6071051cf
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Matt Keeler
6cc0422408
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Preetha Appan
3ff5fd6ec5
More docs and removed SnapShotInterval from raft timing struct stanza
2018-05-11 10:43:24 -05:00
Preetha Appan
d721da7b67
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
ad09865562
fix spacing
2018-05-11 10:43:24 -05:00
Preetha Appan
66f31cd25a
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Jack Pearkes
291e8b83ae
Merge pull request #4097 from hashicorp/remove-deprecated
...
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
Paul Banks
92c6fe0b1e
Make it work for WAN join too and add tests
2018-05-10 14:30:24 +01:00
Dominik Lekse
ba9991a145
Added support for sockaddr templates in start-join and retry-join configuration
2018-05-10 14:08:41 +01:00
Kyle Havlovitz
75953273e2
Remove unused retry join structs from config
2018-05-08 16:25:34 -07:00
Kyle Havlovitz
ba3971d2c1
Remove deprecated metric names
2018-05-08 16:23:15 -07:00
Kyle Havlovitz
b73323aa42
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Kyle Havlovitz
cc214d45b6
Remove support for EnableTagOverride in config files
2018-05-07 16:19:13 -07:00
Kyle Havlovitz
6461087c25
Remove support for CheckID field in service check definitions
2018-05-07 16:15:08 -07:00
Dino Lukman
d538b5666c
Fix telemetry default prefix filter
...
If telemetry metrics contain a hostname starting with
'consul', the metrics will be filtered out the same way
as the deprecated metrics.
2018-05-02 16:56:29 +02:00
Paul Banks
c8db140ff7
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition
...
[BUGFIX] Added Service Meta support in configuration files
2018-04-25 13:08:53 +01:00
Pierre Souchay
303997ff55
Improved unit test (example close to actual value)
2018-04-24 23:15:27 +02:00
Pierre Souchay
eccc223480
Fixed Meta name for JSON + Added unit tests for HCL/JSON
2018-04-24 16:39:43 +02:00
Pierre Souchay
06a181955d
Use safer stringVal()
2018-04-18 23:18:16 +02:00
Pierre Souchay
9bb15730a6
Added unit test on key length
2018-04-18 23:07:25 +02:00
Pierre Souchay
2f5e67534d
Added unit tests for bad meta values
2018-04-18 22:57:33 +02:00
Pierre Souchay
d2ab3deacf
[BUGFIX] Added Service Meta support in configuration files
...
Fixes https://github.com/hashicorp/consul/issues/4045
Was not added by mistake in https://github.com/hashicorp/consul/pull/3881
2018-04-18 22:18:58 +02:00
Pierre Souchay
a680c8e91b
Clearer documentation and comments for enabling Prometheus support
2018-04-09 13:16:45 +02:00
Pierre Souchay
93a01b0949
Now use prometheus_retention_time > 0 to enable prometheus support
2018-04-06 14:21:05 +02:00
Pierre Souchay
fd98fb1449
Added support exposing metrics in Prometheus format
2018-04-06 09:18:06 +02:00
Preetha
a67d27c756
Adds discovery_max_stale ( #4004 )
...
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
Preetha Appan
c7581d68c6
Renames agent API layer for service metadata to "meta" for consistency
2018-03-28 09:04:50 -05:00
Preetha
daa61c5803
Merge pull request #3881 from pierresouchay/service_metadata
...
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
Preetha Appan
6c0bb5a810
Fix test and remove unused method
2018-03-27 09:44:41 -05:00
Preetha Appan
d77ab91123
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
Josh Soref
94835a2715
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
Devin Canterberry
2187ab1e1c
🎨 Formatting changes only; convert leading space to tabs
2018-03-15 10:30:38 -07:00
Devin Canterberry
7236c95e11
✅ Match expectation of TLSCipherSuites to values of tls_cipher_suites
2018-03-15 10:19:46 -07:00
Devin Canterberry
c901307a47
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
Pierre Souchay
0b7f620dc6
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Pierre Souchay
9a57dfd68a
Fixed TestSanitize unit test
2018-02-11 12:11:11 +01:00
Kyle Havlovitz
f6ecaa4a1c
Add enterprise default config section
2018-02-05 13:33:59 -08:00
James Phillips
e748c63fff
Merge pull request #3855 from hashicorp/pr-3782-slackpad
...
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00
James Phillips
5f31c8d8d3
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00
Kyle Havlovitz
8c5be2dd97
Enforce a valid port for the Serf WAN since it can't be disabled.
...
Fixes #3817
2018-01-19 14:22:23 -08:00
James Hartig
aedab91a66
Resolve symlinks in config directory
...
Docker/Openshift/Kubernetes mount the config file as a symbolic link and
IsDir returns true if the file is a symlink. Before calling IsDir, the
symlink should be resolved to determine if it points at a file or
directory.
Fixes #3753
2018-01-12 15:43:38 -05:00
James Phillips
ebcd1787db
Adds more info about how to fix the private IP error.
...
Closes #3790
2018-01-10 09:53:41 -08:00
Dmytro Kostiuchenko
1a10b08e82
Add gRPC health-check #3073
2018-01-04 16:42:30 -05:00
James Phillips
98e837167e
Changes maps to merge vs. overwrite when processing configs.
...
Fixes #3716
2017-12-13 16:06:01 -08:00
James Phillips
46742a5041
Adds TODOs referencing #3744 .
2017-12-13 10:52:06 -08:00
James Phillips
2892f91d0b
Copies the autopilot settings from the runtime config.
...
Fixes #3730
2017-12-13 10:32:05 -08:00
James Phillips
44d824a58f
Renames "segments" to "segment" to be consistent with other files.
2017-11-29 18:36:52 -08:00
James Phillips
34c13925d4
Skips files with unknown extensions when not forcing a format.
...
Fixes #3685
2017-11-10 18:06:07 -08:00
James Phillips
1e49c157c5
Adds a snapshot agent stub to the config structure.
...
Fixes #3678
2017-11-10 13:50:45 -08:00
James Phillips
93f68555d0
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
Frank Schröder
874e350b2f
config: add -config-format option ( #3626 )
...
* config: refactor ReadPath(s) methods without side-effects
Return the sources instead of modifying the state.
* config: clean data dir before every test
* config: add tests for config-file and config-dir
* config: add -config-format option
Starting with Consul 1.0 all config files must have a '.json' or '.hcl'
extension to make it unambigous how the data should be parsed. Some
automation tools generate temporary files by appending a random string
to the generated file which obfuscates the extension and prevents the
file type detection.
This patch adds a -config-format option which can be used to override
the auto-detection behavior by forcing all config files or all files
within a config directory independent of their extension to be
interpreted as of this format.
Fixes #3620
2017-10-31 17:30:01 -05:00
Frank Schroeder
2e7ed2fd86
Merge pull request #3585 from hashicorp/document-runtime-config
...
Moving the previous `agent/config.go` documentation to
`agent/config/runtime.go`.
2017-10-23 10:51:22 +02:00
Frank Schroeder
5bfb2808f9
Merge pull request #3598 from hashicorp/issue-3397-error-with-extra-flags
...
The `consul agent` command was ignoring extra command line arguments
which can lead to confusion when the user has for example forgotten to
add a dash in front of an argument or is not using an `=` when setting
boolean flags to `true`. `-bootstrap true` is not the same as
`-bootstrap=true`, for example.
Since all command line flags are known and we don't expect unparsed
arguments we can return an error. However, this may make it slightly
more difficult in the future if we ever wanted to have these kinds of
arguments.
Fixes #3397
2017-10-23 10:47:04 +02:00
Frank Schroeder
b97ab367f4
config: return error on extra command line arguments ( #3397 )
...
The `consul agent` command was ignoring extra command line arguments
which can lead to confusion when the user has for example forgotten to
add a dash in front of an argument or is not using an `=` when setting
boolean flags to `true`. `-bootstrap true` is not the same as
`-bootstrap=true`, for example.
Since all command line flags are known and we don't expect unparsed
arguments we can return an error. However, this may make it slightly
more difficult in the future if we ever wanted to have these kinds of
arguments.
Fixes #3397
2017-10-23 08:07:48 +02:00
Frank Schroeder
1fef7f4b67
config: rename test struct field to args
2017-10-23 08:07:48 +02:00
Frank Schroeder
f6e9ad99ec
config: address review comments
2017-10-23 08:06:26 +02:00
Frank Schroeder
0ed4561f12
config: document remaining config options
2017-10-23 08:06:26 +02:00
Frank Schroeder
9864609201
config: document more config options
2017-10-23 08:06:26 +02:00
Frank Schroeder
bf81cdea6e
config: document more config options
2017-10-23 08:06:26 +02:00
Frank Schroeder
2682ce0b82
config: document more acl options
2017-10-23 08:06:26 +02:00
Frank Schroeder
a38c69d784
config: document config options
2017-10-23 08:06:26 +02:00
Frank Schroeder
7396bd31fd
config: document acl options
2017-10-23 08:06:26 +02:00
Frank Schroeder
7685ef409c
config: document autopilot options
2017-10-23 08:06:26 +02:00
Frank Schroeder
5e57e9273e
config: document dns options
2017-10-23 08:06:26 +02:00
Frank Schroeder
5f59857448
config: document http options
2017-10-23 08:06:26 +02:00
Frank Schroeder
7fede4472d
config: document telemetry options
2017-10-23 08:06:26 +02:00
Frank Schroeder
21a7d399bd
config: address review comments
2017-10-23 08:05:47 +02:00
Frank Schroeder
cf0a571a76
config: document remaining config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
149ab13a13
config: document more config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
a8f709a875
config: document more config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
6c64cf9b5d
config: document more acl options
2017-10-23 08:04:03 +02:00
Frank Schroeder
ffb0f6ec8b
config: document config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
70270d6d98
config: document acl options
2017-10-23 08:04:03 +02:00
Frank Schroeder
7f214b1e1c
config: document autopilot options
2017-10-23 08:04:03 +02:00