Commit Graph

11057 Commits

Author SHA1 Message Date
Kim Ngo bef693df9c
agent/xds: Update mesh gateway to use service router timeout (#7444)
* website/connect/proxy/envoy: specify timeout precedence for services behind mesh gateway
2020-03-17 14:50:14 -05:00
Chris Piraino 5c7b3762e3
Update CHANGELOG.md 2020-03-17 09:56:20 -05:00
Chris Piraino d3dd49b79c
Log "vew version available" message at info level (#7462) 2020-03-17 09:53:15 -05:00
Pierre Souchay 4f3d2d843e
docs: fixed typo on MIME in Changelog (#7461) 2020-03-17 13:44:55 +01:00
Hans Hasselberg 418cf9658d
Update CHANGELOG.md to include 1.7.2 2020-03-16 22:08:40 +01:00
Hans Hasselberg 316d14f86e
docs: update website version (#7456) 2020-03-16 22:03:36 +01:00
Matt Keeler 646c9f5896
Don’t pass `-u` to get get inside Go build image dockerfile (#7455) 2020-03-16 15:26:07 -04:00
Matt Keeler 251c745d0a
Update CHANGELOG.md 2020-03-16 12:59:28 -04:00
Matt Keeler 80db61193c
Fix ACL mode advertisement and detection (#7451)
These changes are necessary to ensure advertisement happens correctly even when datacenters are connected via network areas in Consul enterprise.

This also changes how we check if ACLs can be upgraded within the local datacenter. Previously we would iterate through all LAN members. Now we just use the ServerLookup type to iterate through all known servers in the DC.
2020-03-16 12:54:45 -04:00
Matt Keeler 8c43f199fd
Update namespace docs for some new CLI commands (#7435)
Co-Authored-By: Hans Hasselberg <me@hans.io>
2020-03-16 09:42:39 -04:00
Charlie Jones 5d734a85d6
docs: fix typo in consul-template tutorial (#7454) 2020-03-16 14:04:28 +01:00
Daniel Nephin 6a29a2b48a
Merge pull request #7438 from hashicorp/dnephin/remove-restore-cache
ci: Remove consul-modcache-v1 from ci config
2020-03-13 12:07:39 -04:00
Freddy c9cb5b54b2
Update CHANGELOG.md 2020-03-12 12:41:41 -06:00
John Cowen 0a2ce86776
Update CHANGELOG.md 2020-03-12 18:31:51 +00:00
Alvin Huang 062823b09a
cherry pick 'docs-cherrypick' label rather than 'docs' to stable-website (#7443) 2020-03-12 13:22:51 -04:00
Daniel Nephin 3cfe1c1943 ci: Remove restore_cache
As of go1.13 it is faster to download dependencies from the module
proxy service, than to download a cached /go/pkg/mod
2020-03-11 15:50:42 -04:00
Freddy 709932f088
Update MSP token and filtering (#7431) 2020-03-11 12:08:49 -06:00
Alvin Huang 8fbd812be9
add Authorization header in GitHub API call (#7436) 2020-03-11 13:25:15 -04:00
Hans Hasselberg 7777891aa6
tls: remove old ciphers (#7282)
Following advice from:
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices, this PR removes old ciphers.
2020-03-10 21:44:26 +01:00
R.B. Boyer 0e6cc3d61b update changelog 2020-03-10 14:47:13 -05:00
R.B. Boyer 31943924f9
bump the expected go language version of the main module to 1.13 (#7429) 2020-03-10 14:46:09 -05:00
Alvin Huang 0dd8c44291
set pr_url outside if (#7424) 2020-03-10 12:31:58 -04:00
R.B. Boyer 3b4306fc42 update changelog 2020-03-10 11:20:30 -05:00
R.B. Boyer 85a08bf8ed
server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419)
Fixes #7414
2020-03-10 11:15:22 -05:00
R.B. Boyer dfe5ba134b
fix flaky TestCatalogListNodesCommand_verticalBar test (#7422) 2020-03-10 11:01:13 -05:00
Matt Keeler e62e862df9
Update intention precedence table in the docs (#7421)
* Update intention precedence table in the docs

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-03-10 11:49:08 -04:00
Alvin Huang cb6291a868
add slack notifications for cherry-pick (#7423) 2020-03-10 11:47:23 -04:00
Hans Hasselberg 6a49a42e98
connect: support for envoy 1.13.1 and 1.12.3 (#7380)
* setup new envoy versions for CI
* bump version on the website too.
2020-03-10 11:04:46 +01:00
Kyle Havlovitz 955ee64b95
Merge pull request #7373 from hashicorp/acl-segments-fix
Add stub methods for ACL/segment bug fix from enterprise
2020-03-09 14:25:49 -07:00
R.B. Boyer fbb0bf2195 update changelog 2020-03-09 16:00:59 -05:00
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
This is like a Möbius strip of code due to the fact that low-level components (serf/memberlist) are connected to high-level components (the catalog and mesh-gateways) in a twisty maze of references which make it hard to dive into. With that in mind here's a high level summary of what you'll find in the patch:

There are several distinct chunks of code that are affected:

* new flags and config options for the server

* retry join WAN is slightly different

* retry join code is shared to discover primary mesh gateways from secondary datacenters

* because retry join logic runs in the *agent* and the results of that
  operation for primary mesh gateways are needed in the *server* there are
  some methods like `RefreshPrimaryGatewayFallbackAddresses` that must occur
  at multiple layers of abstraction just to pass the data down to the right
  layer.

* new cache type `FederationStateListMeshGatewaysName` for use in `proxycfg/xds` layers

* the function signature for RPC dialing picked up a new required field (the
  node name of the destination)

* several new RPCs for manipulating a FederationState object:
  `FederationState:{Apply,Get,List,ListMeshGateways}`

* 3 read-only internal APIs for debugging use to invoke those RPCs from curl

* raft and fsm changes to persist these FederationStates

* replication for FederationStates as they are canonically stored in the
  Primary and replicated to the Secondaries.

* a special derivative of anti-entropy that runs in secondaries to snapshot
  their local mesh gateway `CheckServiceNodes` and sync them into their upstream
  FederationState in the primary (this works in conjunction with the
  replication to distribute addresses for all mesh gateways in all DCs to all
  other DCs)

* a "gateway locator" convenience object to make use of this data to choose
  the addresses of gateways to use for any given RPC or gossip operation to a
  remote DC. This gets data from the "retry join" logic in the agent and also
  directly calls into the FSM.

* RPC (`:8300`) on the server sniffs the first byte of a new connection to
  determine if it's actually doing native TLS. If so it checks the ALPN header
  for protocol determination (just like how the existing system uses the
  type-byte marker).

* 2 new kinds of protocols are exclusively decoded via this native TLS
  mechanism: one for ferrying "packet" operations (udp-like) from the gossip
  layer and one for "stream" operations (tcp-like). The packet operations
  re-use sockets (using length-prefixing) to cut down on TLS re-negotiation
  overhead.

* the server instances specially wrap the `memberlist.NetTransport` when running
  with gateway federation enabled (in a `wanfed.Transport`). The general gist is
  that if it tries to dial a node in the SAME datacenter (deduced by looking
  at the suffix of the node name) there is no change. If dialing a DIFFERENT
  datacenter it is wrapped up in a TLS+ALPN blob and sent through some mesh
  gateways to eventually end up in a server's :8300 port.

* a new flag when launching a mesh gateway via `consul connect envoy` to
  indicate that the servers are to be exposed. This sets a special service
  meta when registering the gateway into the catalog.

* `proxycfg/xds` notice this metadata blob to activate additional watches for
  the FederationState objects as well as the location of all of the consul
  servers in that datacenter.

* `xds:` if the extra metadata is in place additional clusters are defined in a
  DC to bulk sink all traffic to another DC's gateways. For the current
  datacenter we listen on a wildcard name (`server.<dc>.consul`) that load
  balances all servers as well as one mini-cluster per node
  (`<node>.server.<dc>.consul`)

* the `consul tls cert create` command got a new flag (`-node`) to help create
  an additional SAN in certs that can be used with this flavor of federation.
2020-03-09 15:59:02 -05:00
Freddy 602aa742d8
Update namespace docs for config entries (#7420) 2020-03-09 14:51:21 -06:00
Dane Harrigan 382d33bb7e
Update envoy.html.md.erb (#7394)
Minor typo
2020-03-09 13:58:29 -04:00
Matt Keeler e3891db55b
Gather instance counts of aggregated services (#7415) 2020-03-09 11:56:19 -04:00
Noel Quiles ba9849bdf8
website:update middleman-hashicorp to 0.3.44 (#7382) 2020-03-09 14:41:58 +01:00
Pierre Souchay 864f7efffa
agent: configuration reload preserves check's statuses for services (#7345)
This fixes issue #7318

Between versions 1.5.2 and 1.5.3, a regression has been introduced regarding health
of services. A patch #6144 had been issued for HealthChecks of nodes, but not for healthchecks
of services.

What happened when a reload was:

1. save all healthcheck statuses
2. cleanup everything
3. add new services with healthchecks

In step 3, the state of healthchecks was taken into account locally,
so at step 3, but since we cleaned up at step 2, state was lost.

This PR introduces the snap parameter, so step 3 can use information from step 1
2020-03-09 12:59:41 +01:00
Alex Dzyoba 4137d06f9f
command: change delim in columnize to funny node names (#6652)
When node name contains vertical bar symbol some commands output is
garbled because `|` is used as a delimiter in `columnize.SimpleFormat`.

This commit changes format string to use `\x1f` - ASCII unit
separator[1] as a delimiter and also adds test to cover this case.

Affected commands:

* `consul catalog nodes`
* `consul members`
* `consul operator raft list-peers`
* `consul intention get`

Fixes #3951.

[1]: https://en.wikipedia.org/wiki/Delimiter#Solutions
2020-03-09 11:24:56 +01:00
Hans Hasselberg c46e2ae59b
docs: add docs for kv_max_value_size (#7405)
Apart from the added docs, the error messages are similar now and are
pointing to the corresponding options.
Fixes #6708.
2020-03-09 11:13:40 +01:00
Johannes Scheuermann f8ded993af
agent: log error when agent crashes in an early stage (#7411) 2020-03-09 10:45:21 +01:00
John Cowen 5f625666b4
ui: Enable recovery from an unreachable datacenter (500 error) (#7404)
For URL maintenance reasons we store the last visited DC in
localStorage incase you come back to a page (for example settings) that
doesn't have a dc in the URL.

A problem arises here if the last DC you tried to visit is unreachable.

The first fix here clears out the last visited DC from localStorage if
the API has errored out.

Secondly, our `href-mut` helper which mutates the current current and
replaces 'parts' in the URL rather than the whole thing functioned by
detecting the current route/URL you are on an 'mutating' that. A problem
arose here as even though you might be on the `/ui/dc-1/services` URL the
actual route is the 'error' route which does not have a URL that can be
changed properly.

The second fix here uses route.currentRoute.name over route.currentRouteName.

The latter is equal to error when an error occurs whereas the former gives you the name of the route before the error happened, which is actually what we want/the intent here.

ie. when `router.currentRouteName === 'error'` then
`router.currentRoute.name === Name Of Route Before It Errored` it seems
2020-03-09 09:10:47 +00:00
Alvin Huang 45bbb6e035
add auto cherry-picking (#7406)
* add auto cherry-picking

* exit on git cherry-pick failure

* release branches are #.#.x
2020-03-06 17:59:14 -05:00
Kim Ngo c5fe112e59
Update CHANGELOG.md 2020-03-05 15:49:26 -06:00
Kim Ngo a8f4123d37
agent/txn_endpoint: configure max txn request length (#7388)
configure max transaction size separately from kv limit
2020-03-05 15:42:37 -06:00
Matt Keeler 0041102e29
Change where the envoy snapshots get put when a test fails (#7298)
This will allow us to capture them in CI
2020-03-05 16:01:10 -05:00
Matt Keeler ebb0ecf5a8
Update CHANGELOG.md 2020-03-05 15:40:01 -05:00
Matt Keeler 7584dfe8c8 Fix session backwards incompatibility with 1.6.x and earlier. 2020-03-05 15:34:55 -05:00
Freddy ee24f4dcc1
1.7 upgrade note (#7397)
The Session API in Consul 1.7.0 and 1.7.1 is incompatible with prior versions of Consul.

This PR adds a note to our version-specific upgrade guide to guard against users upgrading before the fix in 1.7.2 is released.
2020-03-05 13:04:04 -07:00
John Cowen 4befec8f0c
docs: Add that `response_headers` also affects the UI (#7376) 2020-03-05 12:06:35 +00:00
Alvin Huang a24e431c0e
update envoy doc notes (#7389) 2020-03-04 14:59:30 -05:00
John Cowen 6074a1b4c8
ui: Coordinates don't require a nspace, so don't expect one in the repo (#7378)
* ui: Coordinates don't require a nspace, so don't expect one in the repo

* Add a test to prove the correct number of arguments are being passed
2020-03-04 18:12:47 +00:00