Commit Graph

7579 Commits

Author SHA1 Message Date
Devin Canterberry 961aea97fe
📝 Prefer brevity at the cost of some ambiguity 2018-03-15 10:25:27 -07:00
Devin Canterberry 7236c95e11
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry a61abcd931
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry c901307a47
🔒 Update supported TLS cipher suites
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
2018-03-15 10:19:46 -07:00
Devin Canterberry 1db58de366
⤵️ Merge from `master`; no conflicts 2018-03-15 09:13:01 -07:00
Jack Pearkes 6fb94ff40a website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes c66628a06f website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
2018-03-14 16:46:04 -07:00
Paul Banks 844a5fe8c0
Call out the service-watch upgrade notice 2018-03-14 11:03:21 +00:00
Jack Pearkes 652e821511
Merge pull request #3884 from rberlind/master
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes 101e1d030e
Merge pull request #3952 from slopeinsb/patch-1
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes 4bddecb195
Update CHANGELOG.md 2018-03-13 15:32:37 -07:00
Devin Canterberry 84d650cc4a
📝 Clarify the list of supported TLS cipher suites
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha 3ed071b4a6
Merge pull request #3946 from hashicorp/je.fixes
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson 3b1a2af8f1
Update index.html.md
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay aebfcb6767 Fixed minor typo (+ travis tests is unstable) 2018-03-09 18:42:13 +01:00
Pierre Souchay 93fa1f6f49 Optimize size for SRV records, should improve performance a bit
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan 0e3c41738d
Update CHANGELOG.md 2018-03-09 07:37:57 -06:00
Preetha 210cfe5ef9
Merge pull request #3940 from pierresouchay/dns_max_size
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha 251cdb9c24
Some tweaks to the documentation for a_record_limit 2018-03-08 11:23:07 -06:00
Pierre Souchay 57310a6446 Updated documentation as requested by @preetapan 2018-03-08 18:02:40 +01:00
Pierre Souchay d0e45f22df Fixed wrong format of debug msg in unit test 2018-03-08 00:36:17 +01:00
Pierre Souchay ce3f47a75d Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay 7d59249d96 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay 419bf29041 Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Pierre Souchay b77fd5ce9d 64000 max limit to DNS messages since there is overhead
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay be39fb20cc [BUGFIX] do not break when TCP DNS answer exceeds 64k
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante 760b4ff72f update to latest middleman-hashicorp
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante f9a41e290d First instance of 'Consul' on homepage -> 'HashiCorp Consul' 2018-03-06 16:37:47 -05:00
Mitchell Hashimoto fb9b018128
Merge pull request #3944 from hashicorp/f-testify
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto 8217564c48
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 0b7f620dc6 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel 41b1d45cc7
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Sergei Ryabkov 82d195b695
Highlighting the dead link
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
Paul Banks 257ad520f2
Merge pull request #3928 from hashicorp/service-token-docs
Notes on ACL token storage and permissions
2018-03-02 16:28:56 +00:00
Paul Banks 4bf001bf1c
Update CHANGELOG.md 2018-03-02 16:27:48 +00:00
Paul Banks 9a47449c6d
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Paul Banks c57451a414
Notes on ACL token storage and permissions 2018-03-02 16:22:12 +00:00
Paul Banks e833b535a6
Notes on ACL token storage and permissions 2018-03-02 16:20:11 +00:00
Brian Shumate 6d92c28c5c Clarify encrypt key for WAN joined DCs 2018-03-02 10:41:09 -05:00
Pierre Souchay 7b81e2c3ad Better information and advices for upgrade to 1.0.7+ 2018-03-02 09:08:00 +01:00
Pierre Souchay 360dc1dd8d Simplified error handling for maxIndexForService
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
Paul Banks 4605d4ed0b
Update CHANGELOG.md 2018-02-28 13:26:08 +00:00
Jack Pearkes 732e0c3bb4
Merge pull request #3922 from hashicorp/docs-fix-two-dc-links
website: override automatic linking of list items for softlayer dc
2018-02-27 12:09:34 -08:00
Jack Pearkes 10f3eb623a website: override automatic linking of list items for softlayer dc
This avoids a conflict with #datacenter later on the page. We're mixing
histroic manually specified anchors with generated anchors (via
redcarpet / middleman-hashicorp) so we have to manually override the
automatic generation here.

I was tempted to rewrite the old manual anchors to use the automatic
generation, but there is no way to maintain backwards compatibility,
so will leave that for a time when it is appropriate for us to break
links (or redirect them, etc).

Fixes #3916
2018-02-27 10:53:12 -08:00
Preetha acfc60523f
Merge pull request #3914 from alvin-huang/fix_vendor
remove old pkgs and put deps of missing packages in vendor.json
2018-02-24 10:01:12 -06:00
Alvin Huang 85c9cfea05 remove old pkgs and put deps of missing packages in vendor.json 2018-02-23 17:08:24 -05:00
Paul Banks 9b97bebc95
Merge pull request #3903 from hashicorp/build-fixes
[WIP] Attempt to find some low-hanging fruit for CI failures
2018-02-23 13:12:45 +00:00
Paul Banks 64fa1ebb59
Merge pull request #3910 from hashicorp/fix-shell
Fix test running in non-bash shells
2018-02-23 13:12:18 +00:00
Kyle Havlovitz 5956e778db
Add a link to the leader election guide in the lock API docs 2018-02-22 15:57:46 -08:00
Kyle Havlovitz 1e11082709
Use GOTAGS in the vet make goal 2018-02-22 15:57:09 -08:00