consul/agent
Matt Keeler 35e67b1d1a
Fix CA Replication when ACLs are enabled (#6201)
Secondary CA initialization steps are:

• Wait until the primary will be capable of signing intermediate certs. We use serf metadata to check the versions of servers in the primary which avoids needing a token like the previous implementation that used RPCs. We require at least one alive server in the primary and the all alive servers meet the version requirement.
• Initialize the secondary CA by getting the primary to sign an intermediate

When a primary dc is configured, if no existing CA is initialized and for whatever reason we cannot initialize a secondary CA the secondary DC will remain without a CA. As soon as it can it will initialize the secondary CA by pulling the primaries roots and getting the primary to sign an intermediate.

This also fixes a segfault that can happen during leadership revocation. There was a spot in the secondaryCARootsWatch that was getting the CA Provider and executing methods on it without nil checking. Under normal circumstances it wont be nil but during leadership revocation it gets nil'ed out. Therefore there is a period of time between closing the stop chan and when the go routine is actually stopped where it could read a nil provider and cause a segfault.
2019-07-26 15:57:57 -04:00
..
ae
cache Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
cache-types add test for discovery chain agent cache-type (#6130) 2019-07-15 10:09:52 -05:00
checks Merge Consul OSS branch 'master' at commit ef257b084d 2019-07-20 02:00:29 +00:00
config Merge Consul OSS branch master at commit b3541c4f34 2019-07-26 10:34:24 -05:00
connect Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
consul Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
debug
exec
local Flaky test overhaul (#6100) 2019-07-12 09:52:26 -06:00
metadata
mock
pool tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
proxycfg connect: rework how the service resolver subset OnlyPassing flag works (#6173) 2019-07-23 20:20:24 -05:00
proxyprocess
router Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
structs Merge Consul OSS branch master at commit b3541c4f34 2019-07-26 10:34:24 -05:00
systemd
token
xds connect: allow L7 routers to match on http methods (#6164) 2019-07-23 20:56:39 -05:00
acl.go
acl_endpoint.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go
acl_endpoint_test.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
agent.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_endpoint_test.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_test.go Allow raft TrailingLogs to be configured. (#6186) 2019-07-23 15:19:57 +01:00
bindata_assetfs.go update bindata_assetfs.go 2019-07-25 23:41:16 +00:00
blacklist.go
blacklist_test.go
catalog_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
catalog_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
check.go
config.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
config_endpoint.go Centralized Config CLI (#5731) 2019-04-30 16:27:16 -07:00
config_endpoint_test.go handle structs.ConfigEntry decoding similarly to api.ConfigEntry decoding (#6106) 2019-07-12 12:20:30 -05:00
connect_auth.go
connect_ca_endpoint.go
connect_ca_endpoint_test.go
coordinate_endpoint.go
coordinate_endpoint_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
dns.go Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
dns_test.go Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go
event_endpoint_test.go
health_endpoint.go
health_endpoint_test.go Merge branch 'master' into release/1-6 2019-07-12 14:51:25 -07:00
http.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
http_oss.go Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122) 2019-07-12 12:21:25 -05:00
http_oss_test.go
http_test.go
intentions_endpoint.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intentions_endpoint_test.go
internal_endpoint.go Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122) 2019-07-12 12:21:25 -05:00
keyring.go
keyring_test.go
kvs_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
kvs_endpoint_test.go
notify.go
notify_test.go
operator_endpoint.go
operator_endpoint_test.go
prepared_query_endpoint.go
prepared_query_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
remote_exec.go
remote_exec_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
retry_join.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
retry_join_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
service_manager.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
service_manager_test.go Add integration test for central config; fix central config WIP (#5752) 2019-05-01 16:39:31 -07:00
session_endpoint.go
session_endpoint_test.go
sidecar_service.go Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
sidecar_service_test.go
signal_unix.go
signal_windows.go
snapshot_endpoint.go
snapshot_endpoint_test.go
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
testagent.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
testagent_test.go
translate_addr.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
txn_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
txn_endpoint_test.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
ui_endpoint.go Implement Kind based ServiceDump and caching of the ServiceDump RPC 2019-07-01 16:28:30 -04:00
ui_endpoint_test.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
user_event.go
user_event_test.go
util.go
util_test.go
watch_handler.go
watch_handler_test.go