Commit Graph

7690 Commits

Author SHA1 Message Date
Paul Banks 8871ad130d
Merge pull request #3961 from canterberry/docs/tls-cipher-suites
📝 Clarify the list of supported TLS cipher suites
2018-03-19 16:51:14 +00:00
Paul Banks 37c07b3cac
Use master 2018-03-19 16:50:52 +00:00
Paul Banks a8f7681c70
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
Paul Banks 9e4b10ab6f
Merge pull request #3966 from hashicorp/docs-ui-acls
website: add UI section to ACL guide
2018-03-19 16:40:50 +00:00
Pierre Souchay b6914617d9 Fixed typo in comments 2018-03-19 17:12:08 +01:00
Pierre Souchay 5e974843f1 Refactoring to have clearer code without weird bool 2018-03-19 16:12:54 +01:00
Pierre Souchay a44b9e84b1 [BUGFIX] When a node level check is removed, ensure all services of node are notified
Bugfix for https://github.com/hashicorp/consul/pull/3899

When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.

If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Preetha Appan da2d5304cb
Update CHANGELOG 2018-03-16 09:39:00 -05:00
Preetha Appan 2eed7766a8
cleanup unit test code a bit 2018-03-16 09:36:57 -05:00
Preetha c87699abf2
Merge pull request #3885 from eddsteel/support-options-requests
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry 2187ab1e1c
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry 961aea97fe
📝 Prefer brevity at the cost of some ambiguity 2018-03-15 10:25:27 -07:00
Devin Canterberry 7236c95e11
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry a61abcd931
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry c901307a47
🔒 Update supported TLS cipher suites
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
2018-03-15 10:19:46 -07:00
Devin Canterberry 1db58de366
⤵️ Merge from `master`; no conflicts 2018-03-15 09:13:01 -07:00
Jack Pearkes 6fb94ff40a website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes c66628a06f website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
2018-03-14 16:46:04 -07:00
Paul Banks 844a5fe8c0
Call out the service-watch upgrade notice 2018-03-14 11:03:21 +00:00
Jack Pearkes 652e821511
Merge pull request #3884 from rberlind/master
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes 101e1d030e
Merge pull request #3952 from slopeinsb/patch-1
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes 4bddecb195
Update CHANGELOG.md 2018-03-13 15:32:37 -07:00
Devin Canterberry 84d650cc4a
📝 Clarify the list of supported TLS cipher suites
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha 3ed071b4a6
Merge pull request #3946 from hashicorp/je.fixes
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson 3b1a2af8f1
Update index.html.md
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay aebfcb6767 Fixed minor typo (+ travis tests is unstable) 2018-03-09 18:42:13 +01:00
Pierre Souchay 93fa1f6f49 Optimize size for SRV records, should improve performance a bit
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan 0e3c41738d
Update CHANGELOG.md 2018-03-09 07:37:57 -06:00
Preetha 210cfe5ef9
Merge pull request #3940 from pierresouchay/dns_max_size
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha 251cdb9c24
Some tweaks to the documentation for a_record_limit 2018-03-08 11:23:07 -06:00
Pierre Souchay 57310a6446 Updated documentation as requested by @preetapan 2018-03-08 18:02:40 +01:00
Pierre Souchay d0e45f22df Fixed wrong format of debug msg in unit test 2018-03-08 00:36:17 +01:00
Pierre Souchay ce3f47a75d Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay 7d59249d96 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay 419bf29041 Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Pierre Souchay b77fd5ce9d 64000 max limit to DNS messages since there is overhead
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay be39fb20cc [BUGFIX] do not break when TCP DNS answer exceeds 64k
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante 760b4ff72f update to latest middleman-hashicorp
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante f9a41e290d First instance of 'Consul' on homepage -> 'HashiCorp Consul' 2018-03-06 16:37:47 -05:00
Mitchell Hashimoto fb9b018128
Merge pull request #3944 from hashicorp/f-testify
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto 8217564c48
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 0b7f620dc6 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel 41b1d45cc7
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Sergei Ryabkov 82d195b695
Highlighting the dead link
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
Paul Banks 257ad520f2
Merge pull request #3928 from hashicorp/service-token-docs
Notes on ACL token storage and permissions
2018-03-02 16:28:56 +00:00
Paul Banks 4bf001bf1c
Update CHANGELOG.md 2018-03-02 16:27:48 +00:00
Paul Banks 9a47449c6d
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Paul Banks c57451a414
Notes on ACL token storage and permissions 2018-03-02 16:22:12 +00:00
Paul Banks e833b535a6
Notes on ACL token storage and permissions 2018-03-02 16:20:11 +00:00
Brian Shumate 6d92c28c5c Clarify encrypt key for WAN joined DCs 2018-03-02 10:41:09 -05:00