Commit Graph

10355 Commits

Author SHA1 Message Date
Sarah Adams 9f4b329b6d
txn: don't try to decode request bodies > raft.SuggestedMaxDataSize (#6422)
txn: don't try to decode request bodies > raft.SuggestedMaxDataSize
2019-08-30 10:41:25 -07:00
Matt Keeler 20b9f0c68d
Update CHANGELOG.md 2019-08-30 11:41:00 -04:00
Matt Keeler 42d608587f
Store primaries root in secondary after intermediate signature (#6333)
* Store primaries root in secondary after intermediate signature

This ensures that the intermediate exists within the CA root stored in raft and not just in the CA provider state. This has the very nice benefit of actually outputting the intermediate cert within the ca roots HTTP/RPC endpoints.

This change means that if signing the intermediate fails it will not set the root within raft. So far I have not come up with a reason why that is bad. The secondary CA roots watch will pull the root again and go through all the motions. So as soon as getting an intermediate CA works the root will get set.

* Make TestAgentAntiEntropy_Check_DeferSync less flaky

I am not sure this is the full fix but it seems to help for me.
2019-08-30 11:38:46 -04:00
R.B. Boyer 7deaba63e1
test: ensure the node name is a valid dns name (#6424)
The space in the node name was making every test emit a useless warning.
2019-08-29 16:52:13 -05:00
R.B. Boyer 3be88df207
test: explicitly run the pprof tests for 1s instead of the 30s default (#6421) 2019-08-29 12:06:50 -05:00
R.B. Boyer d979d8c239
test: add additional http status code assertions in coordinate HTTP API tests (#6410)
When this test flakes sometimes this happens:

    --- FAIL: TestCoordinate_Node (1.69s)
    panic: interface conversion: interface {} is nil, not structs.Coordinates [recovered]
    FAIL    github.com/hashicorp/consul/agent       19.999s
    Exit code: 1
    panic: interface conversion: interface {} is nil, not structs.Coordinates [recovered]
            panic: interface conversion: interface {} is nil, not structs.Coordinates

There is definitely a bug lurking, but the code seems to imply this can
only return nil on 404. The tests previously were not checking the
status code.

The underlying cause of the flake is unknown, but this should turn the
failure into a more normal test failure.
2019-08-29 09:55:05 -05:00
Matt Keeler 00aa108490
TxnCheckOp has a `Check` field not a `Service` field (#6418) 2019-08-28 15:57:41 -04:00
Pierre Souchay 58f04815d5 Display IPs of machines when node names conflict to ease troubleshooting
When there is an node name conflicts, such messages are displayed within Consul:

`consul.fsm: EnsureRegistration failed: failed inserting node: Error while renaming Node ID: "e1d456bc-f72d-98e5-ebb3-26ae80d785cf": Node name node001 is reserved by node 05f10209-1b9c-b90c-e3e2-059e64556d4a with name node001`

While it is easy to find the node that has reserved the name, it is hard to find
the node trying to aquire the name since it is not registered, because it
is not part of `consul members` output

This PR will display the IP of the offender and solve far more easily those issues.
2019-08-28 15:57:05 -04:00
Pierre Souchay 2f37d68d9b [BUGFIX][BUILD] When test fail in circle-ci in main, have a proper error message (#6416)
Since FUNCNAME is not defined when running outside a function,
trap does not work and display wrong error message.

Example from https://circleci.com/gh/hashicorp/consul/69506 :

```
  ⨯ FAIL
  /home/circleci/project/test/integration/connect/envoy/run-tests.sh: line 1: FUNCNAME[0]: unbound variable
  make: *** [GNUmakefile:363: test-envoy-integ] Error 1
```

This fix will avoid this error message and display the real cause.
2019-08-28 10:26:05 -04:00
Alvin Huang c516fabfac
revert commits on master (#6413) 2019-08-27 17:45:58 -04:00
tradel 5a22b77340 update tests to match new method signatures 2019-08-27 14:16:39 -07:00
tradel 1ff46f3f0a confi\gure providers with DC and domain 2019-08-27 14:16:25 -07:00
tradel 5ba28a6a7b create a common name for autoTLS agent certs 2019-08-27 14:15:53 -07:00
tradel 9b1ac4e7ef add subject names to issued certs 2019-08-27 14:15:10 -07:00
tradel 7f36a5b676 construct a common name for each CSR 2019-08-27 14:12:56 -07:00
tradel 672e181399 add serviceID to leaf cert request 2019-08-27 14:12:22 -07:00
tradel a4312d2e6e add domain and nodeName to agent cert request 2019-08-27 14:11:40 -07:00
tradel 82ae7caf3e Added DC and domain args to Configure method 2019-08-27 14:09:01 -07:00
R.B. Boyer b962fe38cd
test: send testagent logs through testing.Logf (#6411) 2019-08-27 12:21:30 -05:00
R.B. Boyer 91da908d2f
test: fix TestAgent.Start() to not segfault if the DNSServer cannot ListenAndServe (#6409)
The embedded `Server` field on a `DNSServer` is only set inside of the
`ListenAndServe` method. If that method fails for reasons like the
address being in use and is not bindable, then the `Server` field will
not be set and the overall `Agent.Start()` will fail.

This will trigger the inner loop of `TestAgent.Start()` to invoke
`ShutdownEndpoints` which will attempt to pretty print the DNS servers
using fields on that inner `Server` field. Because it was never set,
this causes a nil pointer dereference and crashes the test.
2019-08-27 10:45:05 -05:00
Alvin Huang 0be1531d80
add nil pointer check for pointer to ACLToken struct (#6407) 2019-08-27 11:23:28 -04:00
Hans Hasselberg fce9fc2207
Update CHANGELOG.md 2019-08-27 17:12:47 +02:00
Nick Fagerlund ce8a27aedc website: Update middleman-hashicorp container and Gemfile.lock (#6374)
* website: Update middleman-hashicorp container and Gemfile.lock

Time marches on, and so do security vulnerabilities in Nokogiri. So it's time
for a new container.

As with last time, here's a reminder for the next person who needs to update
this:

- You shouldn't just update the dependency in Gemfile.lock, because your build
  times will go to heck as you compile Nokogiri from source on every run. So you
  need an updated container with all the dependencies.
- To update the container, you need to push a new tag to the middleman-hashicorp
  repo. Teamcity does the rest, and will ship a new container to Docker Hub
  (unless its credentials are out of date, in which case go ask team-eng-serv.)
- Once that's pushed:
    - Update Makefile
    - Update the Gemfile
    - Delete Gemfile.lock
    - `make website` until it comes up, then ctrl-C
    - Commit the changes

* website: Specify a different json version in Gemfile.lock

The Consul website uses different containers for preview and deploy, and this
oddball JSON version was causing issues. This commit sacrifices a little bit
of preview startup speed for (hopefully) working deploys.
2019-08-27 11:05:18 -04:00
Hans Hasselberg 3f333bada1
changelog: add known issues section for 1.6.
Update CHANGELOG.md
2019-08-27 14:40:26 +02:00
Hans Hasselberg d051342902
make sure auto_encrypt has private key type and bits (#6392) 2019-08-27 14:37:56 +02:00
Hans Hasselberg faa54ab989
auto_encrypt: verify_incoming_rpc is good enough for auto_encrypt.allow_tls (#6376)
Previously `verify_incoming` was required when turning on `auto_encrypt.allow_tls`, but that doesn't work together with HTTPS UI in some scenarios. Adding `verify_incoming_rpc` to the allowed configurations.
2019-08-27 14:36:36 +02:00
Mike Morris e7a5d80169
bump eventmachine to 1.2.7 in Gemfile.lock (#6389) 2019-08-27 02:00:43 -04:00
R.B. Boyer 9df6e77afb
test: actually run envoy 1.11.1 integration tests on PRs (#6397) 2019-08-26 16:30:17 -05:00
R.B. Boyer 7bc941575c
test: don't leak agent goroutines in TestAgent_sidecarServiceFromNodeService (#6396)
A goroutine dump using runtime.Stack() before/after shows a drop from 121 => 4.
2019-08-26 15:19:59 -05:00
Aaron Bennett 430dab8c37 update dependencies for enterprise change (#6395) 2019-08-26 15:22:28 -04:00
Freddy 4caf1d111a
Rephrase bind docs (#6394) 2019-08-26 11:31:55 -06:00
R.B. Boyer 000ca15db7 Putting source back into Dev Mode 2019-08-26 12:22:20 -05:00
Hans Hasselberg 103e0df670
Update CHANGELOG.md
Co-Authored-By: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
2019-08-26 16:51:36 +02:00
Hans Hasselberg a2cf7c7a5a
Update CHANGELOG.md
Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-08-26 16:38:32 +02:00
Hans Hasselberg 2125a0a493
Update CHANGELOG.md 2019-08-26 16:29:57 +02:00
Hans Hasselberg f3def8c0d0 make sure auto_encrypt has private key type and bits 2019-08-26 13:09:50 +02:00
hashicorp-ci 944cc71026
Release v1.6.0 2019-08-23 22:10:51 +00:00
hashicorp-ci 3757cb6a96
update bindata_assetfs.go 2019-08-23 22:10:50 +00:00
R.B. Boyer bec24ed199 mod: bump main module to api v1.2.0 and sdk v0.2.0 2019-08-23 16:45:30 -05:00
R.B. Boyer ea6231ce35 api: bump to sdk v0.2.0 2019-08-23 16:41:19 -05:00
R.B. Boyer e9b2163b1e
flatten 1.6 series changelog (#6390) 2019-08-23 16:36:31 -05:00
Matt Keeler 917a73e124
Update CHANGELOG.md 2019-08-23 16:04:10 -04:00
Hans Hasselberg c16c583b98
Update CHANGELOG.md 2019-08-23 21:56:27 +02:00
R.B. Boyer cc9a6f7993
Merge pull request #6388 from hashicorp/release/1-6
merging release/1-6 into master
2019-08-23 13:44:46 -05:00
Matt Keeler cbd1857186
Secondary CA `establishLeadership` fix (#6383)
This prevents ACL issues (or other issues) during intermediate CA cert signing from failing leader establishment.
2019-08-23 11:32:37 -04:00
Anudeep Reddy f9c2a95e0e Update observability.html.md (#6379) 2019-08-23 17:07:48 +02:00
danielehc 2e64b19fc2
Update agent.html.markdown.erb (#6380)
Adding a note on how to make Consul trust S3-compatible storage that expose a self-signed certificate.
2019-08-23 16:09:41 +02:00
Hans Hasselberg 3e46352ccb
auto_encrypt: use server-port (#6287)
AutoEncrypt needs the server-port because it wants to talk via RPC. Information from gossip might not be available at that point and thats why the server-port is being used.
2019-08-23 10:18:46 +02:00
R.B. Boyer 90d122055b update changelog 2019-08-22 15:13:06 -05:00
R.B. Boyer dfcdc41ef8
connect: allow 'envoy_cluster_json' escape hatch to continue to function (#6378) 2019-08-22 15:11:56 -05:00