Commit Graph

197 Commits

Author SHA1 Message Date
Matt Keeler 15ddbbc686
Update raft-boltdb to pull in new writeCapacity metric (#12646) 2022-03-30 11:38:44 -04:00
Mike Morris f8a2ae2606
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
Luke Kysow f1745c25c5
Lkysow/docs updates 2 (#12604)
* Document intermediate_cert_ttl
2022-03-23 10:22:08 -07:00
Dan Upton b36d4e16b6
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
mrspanishviking 7180c99960
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 4151dc097a fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 9cc9122be8 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 76d55ac2b4 merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Ashlee M Boyer b9a5e10aea
Merge pull request #12484 from hashicorp/docs-amb-fix-prometheus-link
docs: Fixing Prometheus link in docs/agent/telemetry
2022-03-11 16:37:17 -05:00
Ashlee M Boyer 70ab6215f5 Fixing Prometheus link in docs/agent/telemetry 2022-03-11 12:13:42 -08:00
Kyle Schochenmaier d6792f14a3
update docs (#12543) 2022-03-09 13:24:20 -06:00
Blake Covarrubias 96b47aee79 docs: Clarify configuration options apply to agent
Recently there have been a handful of GitHub issues and Discuss posts
where users have expected the `consul` CLI to make use of config
options defined in the agent configuration files, and are confused
when it does not honor those config options.

This change clarifies that command-line and configuration file options
documented on the /agent/options page only apply to the Consul agent,
instead of the Consul CLI.
2022-03-03 11:30:20 -08:00
Daniel Nephin 997bf1e5a4
Merge pull request #12166 from hashicorp/dnephin/acl-resolve-token-2
acl: remove ResolveTokenToIdentity
2022-01-31 19:19:21 -05:00
Daniel Nephin d363cc0f07 acl: remove unused methods on fakes, and add changelog
Also document the metric that was removed in a previous commit.
2022-01-31 17:53:53 -05:00
Matt Keeler 19a67d8768
Update telemetry page with advice for monitoring boltdb performance (#12141)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-01-26 11:51:19 -05:00
Blake Covarrubias f09aea524f Fix spelling errors 2022-01-20 08:54:23 -08:00
Blake Covarrubias 59394e4aa2 docs: Avoid redirects by pointing links to new URLs
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias a3c0f748f5 docs: Add HCL examples to agent config options 2022-01-14 09:22:29 -08:00
Anthony b58b672d77
Apply suggestions from code review 2022-01-13 17:04:19 -05:00
Anthony d6458f3a9a
Apply suggestions from code review
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-13 16:55:07 -05:00
Anthony 2b5107656a Added hcl language to snippet. 2022-01-13 16:34:37 -05:00
Anthony 18efc981df Removed extra comment. 2022-01-13 16:26:40 -05:00
Anthony 15c1ee06eb Missed CodeBlockConfig tag. 2022-01-13 16:22:57 -05:00
Anthony 71cac5d50d Added CodeBlockConfig tags and $ to shell examples missing it. 2022-01-13 16:07:11 -05:00
Krastin Krastev fabe54cbf1
Merge pull request #12039 from hashicorp/krastin/docs-telemetry-consulversion
docs: Clarify consul.version telemetry description
2022-01-13 12:47:33 +01:00
mrspanishviking 209d03c267
Merge pull request #12014 from hashicorp/neenap-patch-1
docs: updated the description of min_quorum
2022-01-12 07:55:41 -07:00
Krastin Krastev 0462f0538a
Clarify consul.version telemetry description
The description of consul.version telemetry is not very clear, fixing
2022-01-12 11:21:13 +01:00
Blake Covarrubias e3f36ad45c docs: Fix spelling errors 2022-01-11 09:37:09 -08:00
Connor 7c3e8bd1c3
Add go-sockaddr examples for multiple interfaces (#11998)
* Add overview example for multiple interfaces with go-sockaddr

* Include go-sockaddr examples in agent configuration

* Add changelog entry

* Make suggested changes

* Simplify hcl comment

* Update link and fix gRPC

* Switch index.mdx from Tabs to CodeTabs

* Reformat new links for screen readers

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Fix spacing in code block

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 20:10:25 -06:00
Natalie Smith 24c67f2dfa docs: simplify agent docs slugs 2022-01-10 17:37:18 -08:00
Natalie Smith 448f50c459 docs: pr feedback 2022-01-10 17:26:47 -08:00
Natalie Smith 7e4c43f45d chore: rebase updates 2022-01-10 17:16:24 -08:00
Natalie Smith 00c2444cfc docs: fix external links to agent config pages 2022-01-10 17:11:50 -08:00
Natalie Smith b0c6d5b02a docs: fix agent config links 2022-01-10 17:11:50 -08:00
Natalie Smith 1ec8b58f7b docs: arrange agent configuration file parameters into logical groups 2022-01-10 17:11:50 -08:00
Natalie Smith d07b7a5292 docs: move configuration files content from agent/config/index to agent/config/agent-config-files 2022-01-10 17:11:47 -08:00
Natalie Smith b0818abad4 docs: move cli content from agent/config/index to agent/config/agent-config-cli
And add sections for logical groupings of options
2022-01-10 17:10:56 -08:00
Natalie Smith 57eecbbc14 docs: move agent/options.mdx into agent/config/index.mdx and add placeholder .mdx files for cli/files
Also update nav data
2022-01-10 17:06:26 -08:00
Neena Pemmaraju cea9f8e1fd
docs: updated the description of min_quorum 2022-01-10 15:37:36 -08:00
mrspanishviking 3f4cf0e64a
Merge pull request #11997 from hashicorp/20sr20-patch-1
Adding texts in verify_leader metric
2022-01-10 15:59:20 -07:00
Sujata Roy c1db7de581
Update website/content/docs/agent/telemetry.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 14:57:14 -08:00
Amier Chery 47fc7e5ad9
Create options.mdx
Adding a small little note to the top of the 'command line options' section of this page following community feedback in #10628
2022-01-10 17:15:33 -05:00
Sujata Roy 1064333eb6
Adding texts in verify_leader metric
- Added description providing example case when the metric can go high
2022-01-10 12:01:27 -08:00
Kyle Havlovitz 9576e0f9dd
Merge pull request #11838 from hashicorp/partitions-dns-docs
docs: Update dns sections for partition query format and virtual IPs
2021-12-14 16:22:35 -08:00
R.B. Boyer ef3a32b4ad
docs: document partition config flag (#11840) 2021-12-14 16:02:08 -06:00
Kyle Havlovitz d11c55e4c7 docs: Update namespaced DNS services section for partitions format 2021-12-14 11:05:41 -08:00
Matt Keeler bcce800f55
Various Boltdb/Raft Documentation Updates (#11793)
* Documenting the new raft_boltdb configuration options
* Add documentation around new boltdb metrics.
* Correct documentation for the consul.raft.fsm.apply metric
2021-12-09 16:18:59 -05:00
Dan Upton d8afd2f6c8
Rename `master` and `agent_master` ACL tokens in the config file format (#11665) 2021-12-01 21:08:14 +00:00
R.B. Boyer db91cbf484
auto-config: ensure the feature works properly with partitions (#11699) 2021-12-01 13:32:34 -06:00
John Cowen b5c8af4580
ui: Add `Service.Partition` as available variable for dashboard urls (#11654) 2021-12-01 11:05:57 +00:00
danielehc eddd648095
Connect.enabled config option (#11533) 2021-11-17 12:06:11 +01:00
John Cowen 537c4f32f7 Revert "Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation"
This reverts commit cd55c0cda3, reversing
changes made to 14af8cb7a9.
2021-11-10 17:54:33 +00:00
trujillo-adam 17ccead352
Merge pull request #11487 from hashicorp/docs/admin-partitions-feedback-acl-policies-redux
changed 'segments' in this page to 'resource labels' to disambiguate from 'network segments
updated the code snippets to use CodeBlock component and to include JSON
2021-11-10 07:56:54 -08:00
trujillo-adam b4abd242e8 applied feedback 2021-11-05 09:30:28 -07:00
FFMMM 61bd417a82
plumb thru root cert tll to the aws ca provider (#11449)
* plumb thru root cert ttl to the aws ca provider

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11449.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2021-11-04 12:19:08 -07:00
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
* add root_cert_ttl option for consul connect, vault ca providers

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* add changelog, pr feedback

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11428.txt, more docs

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/agent/options.mdx

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
2021-11-02 11:02:10 -07:00
Jared Kirschner 0854e1d684
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
Daniel Nephin 4afc24268d tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
See github.com/hashicorp/consul/issues/11207

When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Konstantine a8643339bc describe how alt-domain works in docs 2021-10-26 12:38:13 -04:00
Daniel Nephin 4ae2c8de9d
Merge pull request #11232 from hashicorp/dnephin/acl-legacy-remove-docs
acl: add docs and changelog for the removal of the legacy ACL system
2021-10-25 18:38:00 -04:00
Chris S. Kim c0991f479f
Update docs for tls_cipher_suites (#11070) 2021-10-21 16:41:51 -04:00
Jared Kirschner cd55c0cda3
Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation
ui: Allow ${ } interpolation for UI Dashboard template URLs
2021-10-20 08:59:02 -04:00
Anirudh H M ffa27a7b09 Single link 2021-10-20 00:25:28 +05:30
radiantly 66c9ef1876
Remove note 2021-10-19 23:22:12 +05:30
radiantly 0e9a7d0cad
Add changelog note and amend docs 2021-10-19 01:08:44 +05:30
radiantly fd51b3e76e
ui: Allow ${} interpolation for template URLs 2021-10-15 15:37:51 +05:30
Anirudh H M dc073b688f Update docs: Mention grafana dashboard 2021-10-12 12:55:44 +05:30
Connor 257d00c908
Merge pull request #11222 from hashicorp/clly/service-mesh-metrics
Start tracking connect service mesh usage metrics
2021-10-11 14:35:03 -05:00
Daniel Nephin b4e3367e63 docs: add notice that legacy ACLs have been removed.
Add changelog

Also remove a metric that is no longer emitted that was missed in a
previous step.
2021-10-05 18:30:22 -04:00
Connor Kelly 024715eb11
Add changelog, website and metric docs
Add changelog to document what changed.
Add entry to telemetry section of the website to document what changed
Add docs to the usagemetric endpoint to help document the metrics in code
2021-10-05 13:34:24 -05:00
trujillo-adam f5108e4683 applied feedback, moved the Lifecycle info to the front 2021-09-30 11:41:37 -07:00
trujillo-adam 0567e2d549 providing additional information about the Consul agent 2021-09-29 16:51:03 -07:00
Daniel Nephin 19040586ce
Merge pull request #11136 from hashicorp/dnephin/acl-resolver-fix-default-authz
acl: fix default Authorizer for down_policy extend-cache/async-cache
2021-09-29 13:45:12 -04:00
Daniel Nephin a53fdd68c8
Merge pull request #11110 from hashicorp/dnephin/acl-legacy-remove-initialize
acl: remove initializeLegacyACL and the rest of the legacy FSM commands
2021-09-29 13:44:30 -04:00
Daniel Nephin 8f754aba14
Merge pull request #10999 from hashicorp/dnephin/revert-config-xds-port
Revert config xds_port
2021-09-29 13:39:15 -04:00
Daniel Nephin 6e1ebd3df7 acl: remove the last of the legacy FSM
Replace it with an implementation that returns an error, and rename some symbols
to use a Deprecated suffix to make it clear.

Also remove the ACLRequest struct, which is no longer referenced.
2021-09-29 12:42:23 -04:00
Daniel Nephin 1502547e38 Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc"
This reverts commit 74fb650b6b, reversing
changes made to 58bd817336.
2021-09-29 12:28:41 -04:00
Daniel Nephin 0330966315
Merge pull request #11101 from hashicorp/dnephin/acl-legacy-remove-rpc-2
acl: remove legacy ACL.Apply RPC
2021-09-29 12:23:55 -04:00
Daniel Nephin c321879d1e Revert "Merge pull request #10618 from hashicorp/dnephin/docs-add-deprecation-version-grpc-port"
This reverts commit 81bb5f33eb, reversing
changes made to 20feb42d3a.
2021-09-29 12:14:32 -04:00
Daniel Nephin 8d1378cc1d
Merge pull request #10988 from hashicorp/dnephin/acl-legacy-remove-config
acl: isolate deprecated config and warn when they are used
2021-09-29 11:40:14 -04:00
Jared Kirschner 9ef6490533
Merge pull request #10702 from jkirschner-hashicorp/network-segments-docs-enhancements
Network segments docs enhancements
2021-09-28 10:24:05 -04:00
Daniel Nephin 6e4ecfd05b docs: clarify acl down policy 2021-09-23 18:13:39 -04:00
Daniel Nephin 5eafcea4d4 config: Deprecate EnableACLReplication
replaced by ACL.TokenReplication
2021-09-23 15:14:59 -04:00
Daniel Nephin c84867feda acl: remove ACL.Apply
As part of removing the legacy ACL system.
2021-09-22 18:28:08 -04:00
Connor Kelly 59f9f67cc2
Add new telemetry to website
This will add information about the new kv_usage metric to the website
2021-09-20 12:43:40 -05:00
Jared Kirschner 3231709b03 docs: improve network segments agent options docs 2021-09-15 10:00:41 -07:00
Karl Cardenas 2c861a4f4e
docs: fixed identation of warning components 2021-08-30 07:12:30 -07:00
mrspanishviking 763e720ffe
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-27 07:41:11 -07:00
Karl Cardenas b4f47383fa
docs: added information about a conflict when using auto_config and auto_encrypt 2021-08-25 21:25:18 -07:00
Blake Covarrubias e62b1d05d8
docs: Add common CA config options to provider doc pages (#10842)
Add the list of common Connect CA configuration options to the
provider-specific CA docs.

Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Olatunde Alex-Oni ad07ed705c Update documentation for enable_key_list_policy
The current suggests the option expects a string of either "enabled" or "disabled" but this results in an error `'acl.enable_key_list_policy' expected type 'bool', got unconvertible type 'string', value: 'enabled'`. Setting to a boolean value resolves this, also had a quick look at the code (d2b58cd0d6/agent/config/runtime.go (L109)) and it suggests this too
2021-08-16 13:10:54 -07:00
Blake Covarrubias 99b1d8ed8c docs: Update code blocks across website
* Use CodeTabs for examples in multiple formats.
* Ensure correct language on code fences.
* Use CodeBlockConfig for examples with filenames, or which need
highlighted content.
2021-08-11 13:20:03 -07:00
Daniel Nephin 8c575445da telemetry: add a metric for agent TLS cert expiry 2021-08-04 13:51:44 -04:00
joshwolfer 63a650028e Update options.mdx
add service config link to description of enable_central_service_config.
2021-08-03 15:36:51 -04:00
Blake Covarrubias 11f1f3fe34 Add OSS changes for specifying audit log permission mode 2021-07-30 09:58:11 -07:00
Daniel Nephin 20537d8952
Update website/content/docs/agent/options.mdx
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-07-29 12:38:30 -04:00
Daniel Nephin 9f02119314 docs: give better guidance about how to configure the agent TLS CA 2021-07-28 18:22:35 -04:00
Blake Covarrubias a0cd3dd88e
Add DNS recursor strategy option (#10611)
This change adds a new `dns_config.recursor_strategy` option which
controls how Consul queries DNS resolvers listed in the `recursors`
config option. The supported options are `sequential` (default), and
`random`.

Closes #8807

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Priyanka Sengupta <psengupta@flatiron.com>
2021-07-19 15:22:51 -07:00
Blake Covarrubias 832896ed11 docs: Fix spelling errors across website 2021-07-19 14:29:54 -07:00
Daniel Nephin 0ba5d74fcc
Merge pull request #10617 from hashicorp/dnephin/config-add-missing-docs
docs: add config options that were missing
2021-07-15 11:23:32 -04:00