Commit Graph

135 Commits

Author SHA1 Message Date
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
* Support rate limiting and concurrency limiting CSR requests on servers; handle CA rotations gracefully with jitter and backoff-on-rate-limit in client

* Add CSR rate limiting docs

* Fix config naming and add tests for new CA configs
2019-01-22 17:19:36 +00:00
Matt Keeler 18b29c45c4
New ACLs (#4791)
This PR is almost a complete rewrite of the ACL system within Consul. It brings the features more in line with other HashiCorp products. Obviously there is quite a bit left to do here but most of it is related docs, testing and finishing the last few commands in the CLI. I will update the PR description and check off the todos as I finish them over the next few days/week.
Description

At a high level this PR is mainly to split ACL tokens from Policies and to split the concepts of Authorization from Identities. A lot of this PR is mostly just to support CRUD operations on ACLTokens and ACLPolicies. These in and of themselves are not particularly interesting. The bigger conceptual changes are in how tokens get resolved, how backwards compatibility is handled and the separation of policy from identity which could lead the way to allowing for alternative identity providers.

On the surface and with a new cluster the ACL system will look very similar to that of Nomads. Both have tokens and policies. Both have local tokens. The ACL management APIs for both are very similar. I even ripped off Nomad's ACL bootstrap resetting procedure. There are a few key differences though.

    Nomad requires token and policy replication where Consul only requires policy replication with token replication being opt-in. In Consul local tokens only work with token replication being enabled though.
    All policies in Nomad are globally applicable. In Consul all policies are stored and replicated globally but can be scoped to a subset of the datacenters. This allows for more granular access management.
    Unlike Nomad, Consul has legacy baggage in the form of the original ACL system. The ramifications of this are:
        A server running the new system must still support other clients using the legacy system.
        A client running the new system must be able to use the legacy RPCs when the servers in its datacenter are running the legacy system.
        The primary ACL DC's servers running in legacy mode needs to be a gate that keeps everything else in the entire multi-DC cluster running in legacy mode.

So not only does this PR implement the new ACL system but has a legacy mode built in for when the cluster isn't ready for new ACLs. Also detecting that new ACLs can be used is automatic and requires no configuration on the part of administrators. This process is detailed more in the "Transitioning from Legacy to New ACL Mode" section below.
2018-10-19 12:04:07 -04:00
Paul Banks c6ef6a61c9 Refactor to use embedded struct. 2018-06-25 12:25:39 -07:00
Paul Banks 32f362bad9 StartupTelemetry => InitTelemetry 2018-06-25 12:25:39 -07:00
Paul Banks a7038454fd WIP 2018-06-25 12:25:38 -07:00
Mitchell Hashimoto e9b8e5d265
lib/file: add tests for WriteAtomic 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto 1e7f253b53
agent/proxy: write pid file whenever the daemon process changes 2018-06-14 09:42:11 -07:00
Seth Vargo 0603cda5ee
Add a helper for generating Consul's user-agent string 2018-05-25 15:50:18 -04:00
Paul Banks ff37194fc0
Go fmt cleanup 2018-05-11 17:05:19 +01:00
Preetha Appan fff532cf84
Update serf to pick up clean leave fix 2018-05-04 15:51:55 -05:00
Veselkov Konstantin 7de57ba4de remove golint warnings 2018-01-28 22:40:13 +04:00
James Phillips d12e81860f
Moves Serf helper into lib to fix import cycle in consul-enterprise. 2017-12-07 16:57:58 -08:00
James Phillips fe36ed6412
Bumps freeport's block size.
We were seeing some rollover artifacts where something would be shut down so
a port could be re-used, but it was still being referenced by some running
thing. This gives more time before rolling over.
2017-11-29 18:33:14 -08:00
Alex Dadgar 358e6827cd
Update cluster.go 2017-10-30 16:51:28 -07:00
Alex Dadgar 6d0b9f4dac Integer division rounding to zero for rate scaling
This fixes an issue in which integer division was scaling down to zero.
2017-10-30 16:46:11 -07:00
Alex Dadgar 0fccef237d Initialize freeport lazily to avoid runtime issues
This PR makes freeport initialize lazily rather than using an init
method.
2017-10-25 15:14:39 -07:00
Alex Dadgar 17dcbb1912 Make freeport testing friendly
This PR allows the caller to decide if they would like to have the
calling test fail, have the caller panic on error, or handle the errors
themselves.
2017-10-23 16:28:02 -07:00
Frank Schroeder c94751ad43 test: replace porter tool with freeport lib
This patch removes the porter tool which hands out free ports from a
given range with a library which does the same thing. The challenge for
acquiring free ports in concurrent go test runs is that go packages are
tested concurrently and run in separate processes. There has to be some
inter-process synchronization in preventing processes allocating the
same ports.

freeport allocates blocks of ports from a range expected to be not in
heavy use and implements a system-wide mutex by binding to the first
port of that block for the lifetime of the application. Ports are then
provided sequentially from that block and are tested on localhost before
being returned as available.
2017-10-21 22:01:09 +02:00
James Phillips bb12368eac Makes RPC handling more robust when rolling servers. (#3561)
* Adds client-side retry for no leader errors.

This paves over the case where the client was connected to the leader
when it loses leadership.

* Adds a configurable server RPC drain time and a fail-fast path for RPCs.

When a server leaves it gets removed from the Raft configuration, so it will
never know who the new leader server ends up being. Without this we'd be
doomed to wait out the RPC hold timeout and then fail. This makes things fail
a little quicker while a sever is draining, and since we added a client retry
AND since the server doing this has already shut down and left the Serf LAN,
clients should retry against some other server.

* Makes the RPC hold timeout configurable.

* Reorders struct members.

* Sets the RPC hold timeout default for test servers.

* Bumps the leave drain time up to 5 seconds.

* Robustifies retries with a simpler client-side RPC hold.

* Reverts untended delete.
2017-10-10 15:19:50 -07:00
James Phillips b1a15e0c3d
Adds open source side of network segments (feature is Enterprise-only). 2017-08-30 11:58:29 -07:00
Frank Schroeder 3403cd4372 golint: Fix existing comments
This needs more work.
2017-04-25 09:26:13 -07:00
James Phillips 7c27ca1f77
Adds missing unit tests and cleans up some router bugs. 2017-03-16 16:42:19 -07:00
James Phillips 1091c7314e
Removes remoteConsuls in favor of the new router.
This has the next wave of RTT integration with the router and also
factors some common RTT-related helpers out to lib. While we were
in here we also got rid of the coordinate disable config so we don't
need to deal with the complexity in the router (there was never a
user-visible way to disable coordinates).
2017-03-16 16:42:19 -07:00
James Phillips bd605e330c
Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
Sean Chittenden d695bcaae6 Use a cryptographically secure seed
`SeededSecurely` is present if someone or something wants to query the way the library was seeded.

Obtained from: nomad
2016-05-02 23:52:37 -07:00
Sean Chittenden da298f527d Guard against divide by zero in lib.RandomStagger()
While I'm at it, add a DurationMinusBufferDomain() function to calculate the min/max for a given call to DurationMinusBuffer() in order to keep the implementation details self-contained.
2016-04-23 13:11:32 -07:00
Sean Chittenden 3a6be9cab0 Add a helper function DurationMinusBuffer() to calculate an interval
used to schedule a TTL check.  e.g.

d := lib.DurationMinusBuffer(60 * time.Duration, 10 * time.Second, 16)

will return a duration between 46.875s and 50s.
2016-04-23 09:06:54 -07:00
Sean Chittenden 4584e70636 Add lib.AbsInt() helper function 2016-03-30 11:47:37 -07:00
Sean Chittenden 88c42f4056 Move lib's tests to lib_test
This suite of tests is only testing the exported functions
2016-03-29 19:51:37 -07:00
Sean Chittenden 9fb64ab114 Allow adjusting the number of DNS records in a response...
Based on work done by @fusiondog in #1583, extend the concept to use an integer instead of a boolean.

Fixes: #1583 && #1481
2016-03-29 19:23:56 -07:00
Sean Chittenden 4fec6a9608 Guard against very small or negative rates
Pointed out by: slackpad
2016-03-25 13:31:55 -07:00
Sean Chittenden 81e1e1c05d Cull unused function and its unit test.
Pointed out by: @slackpad
2016-02-01 22:40:19 -08:00
Sean Chittenden 6c1bb78d06 Cull unused function and its unit test.
Pointed out by: @slackpad
2016-02-01 22:26:57 -08:00
Sean Chittenden 4382c1f7aa Always seed math/rand on consul startup
Required for jitter calcs.  This could be done in consul/agent, but this makes it clear it is done only once process-wide.
2016-01-29 17:00:08 -08:00
Sean Chittenden 7af6a94edb Factor out duplicate functions into a lib package
Consolidate code duplication and tests into a single lib package.  Most of these functions were from various **/util.go functions that couldn't be imported due to cyclic imports.  The consul/lib package is intended to be a terminal node in an import DAG and a place to stash various consul-only helper functions.  Pulled in hashicorp/go-uuid instead of consolidating UUID access.
2016-01-29 16:57:45 -08:00