Commit Graph

10389 Commits

Author SHA1 Message Date
Matt Keeler b6688a6b5b
Add tagged addresses for services (#5965)
This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
2019-06-17 10:51:50 -04:00
Matt Keeler 15775c8493
Update CHANGELOG.md 2019-06-17 10:42:49 -04:00
Matt Keeler 4c03f99a85
Fix CAS operations on Services (#5971)
* Fix CAS operations on services

* Update agent/consul/state/catalog_test.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>
2019-06-17 10:41:04 -04:00
Alvin Huang 9b04c3910a
update website build to exclude guides (#5951) 2019-06-14 16:55:18 -04:00
Judith Malnick 086b95ead1
[docs] Correct typos in API agnet docs (#5966) 2019-06-14 09:30:41 -07:00
Paul Banks 5ddf2622f8
Update CHANGELOG.md 2019-06-14 10:47:50 +01:00
Hans Hasselberg 404d856b89
Update CHANGELOG.md 2019-06-14 10:44:46 +02:00
Judith Malnick 877202818f
[docs] Reorganize connect documentation for clarity (#5864)
* clarify possibilities for centralized proxy configuration

* add line breaks to config entries file

* add info about centralized config to built in proxy doc

* mondify connect landing page to help with navigation

* move internals details to its own page

* link fixes and shortening text on main page

* put built-in proxy options on its own page

* add configuration details for connect

* clarify security title and add observability page

* reorganize menu

* remove observability from configuration section

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* rename connect section to include service mesh

* reorganize sections per suggestions from paul

* add configuration edits from paul

* add internals edits from paul

* add observability edits from paul

* reorganize pages and menu

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* menu corrections and edits

* incorporate some of pauls comments

* incorporate more of pauls comments

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* incorporate kaitlin and pavanni feedback

* add redirect

* fix conflicts in index file

* Resolve conflicts in index file

* correct links for new organization

* Update website/source/docs/connect/proxies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* add title to service registration page
2019-06-13 22:52:50 -07:00
Hans Hasselberg 7e6356a53a
Remove the misleading default separator for listing keys. (#5288)
The default separator for key listing is an empty string - the docs incorrectly made it seem as if this was `/`.
2019-06-14 00:06:18 +02:00
Justin Weissig b36c1fa0d5 docs: fixed typos (#5854)
Fixed typos: alterative/alternative & communciation/communication
2019-06-14 00:05:32 +02:00
Hans Hasselberg fc283334e1
docs: wording (#5889)
Fixed wording: "will be resolve to the" -> "will be resolved to the".
2019-06-13 23:59:05 +02:00
Justin Weissig 5453409938 docs: fixed typo polices/policies (#5894)
Fixed typo: polices/policies.
2019-06-13 23:58:34 +02:00
Yoan Blanc f8ae6d7987 docs: fix markdown consul operator (#5901)
broken markdown
2019-06-13 23:57:38 +02:00
Pavel Drankov 3ac3011e6b api: update link to agent caching in comments (#5935) 2019-06-13 23:56:19 +02:00
Joel Kuzmarski aa7f106fc6 Update production-acls.html.md (#5959) 2019-06-13 10:03:22 -04:00
Paul Banks e90fab0aec
Add rate limiting to RPCs sent within a server instance too (#5927) 2019-06-13 04:26:27 -05:00
Luke Kysow c28ace2db1
Merge pull request #5948 from hashicorp/lkysow-patch-1
Update kubernetes-reference.html.md
2019-06-13 10:07:15 +01:00
Nicholas Jackson fa65a14729 Update questions issue template directing q's to the forum (#5957)
* Update questions issue template directing q's to the forum

* Update contributing guide to add link to forum
2019-06-12 09:07:44 -05:00
Judith Malnick a066288fb9
Add a redirect for the K8s reference arch guide (#5949) 2019-06-11 10:28:52 -07:00
Luke Kysow 17024a6db4
Update kubernetes-reference.html.md 2019-06-11 15:58:46 +01:00
John Cowen c3c938a4fc
Update CHANGELOG.md 2019-06-11 10:22:00 +01:00
John Cowen 65cf56ad12
ui: Ensure Service Instance pages account for nodes (#5933)
Include node name in the URL for service instances
Integrate the node name slug into tests for service instance pages
2019-06-11 10:18:50 +01:00
Matt Keeler 1f646cddb0
Remove vendoring of github.com/hashicorp/consul (#5943) 2019-06-10 09:19:37 -04:00
Paul Banks 737be347eb
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872)
* Upgrade xDS (go-control-plane) API to support Envoy 1.10.

This includes backwards compatibility shim to work around the ext_authz package rename in 1.10.

It also adds integration test support in CI for 1.10.0.

* Fix go vet complaints

* go mod vendor

* Update Envoy version info in docs

* Update website/source/docs/connect/proxies/envoy.md
2019-06-07 07:10:43 -05:00
Hans Hasselberg 37e48cc935
connect: provide -admin-access-log-path for envoy (#5858) 2019-06-07 11:26:43 +02:00
John Cowen 5408d4bb53
ui: Upgrade js-yaml (#5926) 2019-06-06 22:21:25 +01:00
Chris Marchesi 2c0d46282e website: fix Sentinel time-of-day policy (#5930)
The policy in the time-of-day Sentinel example incorrectly references
the top-level time.hour constant. This is actually the same as the
time.Hour Go value, so in other words, 3600000000000 (the int64 value
representing the time in nanoseconds).

This is corrected by just using time.now.hour instead.
2019-06-06 14:31:54 -06:00
Nitish Alluri da5ded8ec4 docs: update default grpc-addr value in connect envoy command (#5886)
* Update envoy.html.md.erb
2019-06-06 10:37:29 +02:00
John Cowen 92bff1bbb3
ui: Adds ability to search by policy, role or service ident names (#5811) 2019-06-05 09:25:32 +01:00
Jack Pearkes af8de66be4
website: add azure storage options for enterprise (#5920)
This documents the additional backup target for
the snapshot agent.

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-06-04 20:40:22 -05:00
John Cowen e48167d931
UI: Test readonly ServiceIdentity rules (#5865) 2019-06-04 17:55:10 +01:00
kaitlincarter-hc 0a1c276b57
[docs] Enterprise Landing Page (#5804)
* Updating enterprise landing page to be more clear about the licensing process.

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Updating based on Matt's feedback
2019-06-04 11:01:46 -05:00
John Cowen 334e16a6cf
ui: Ensures nested policy forms are reset properly (#5838)
1. All {{ivy-codemirror}} components need 'refreshing' when they become
visible via our own `didAppear` method on the `{{code-editor}}`
component

(also see:)
- https://github.com/hashicorp/consul/pull/4190#discussion_r193270223
- 73db111db8 (r225264296)

2. On initial investigation, it looks like the component we are using
for the code editor doesn't distinguish between setting its `value`
programatically and a `keyup` event, i.e. an interaction from the user.
We currently pretend that whenever its `value` changes, it is a `keyup`
event. This means that when we reset the `value` to `""`
programmatically for form resetting purposes, a 'pretend keyup' event
would also be fired, which would in turn kick off the validation, which
would fail and show an error message for empty values in other fields of
the form - something that is perfectly valid if you haven't typed
anything yet. We solved this by checking for `isPristine` on fields that
are allowed to be empty before you have typed anything.
2019-06-04 15:57:35 +01:00
John Cowen 9999ccf503
ui: Replaces destroyRecord with unloadRecord for KV 404's (#5837)
Just because Consul gives us a 404 this doesn't guarantee the KV doesn't
exist, it doesn't even mean we don't have access to it. Furthermore we
should never destroyRecord's without user interaction (therefore only via the
repo.delete method).

This switches destroyRecord to unloadRecord which performs the
additional legwork to keep ember-data in sync with the actual truth.

unloadRecord unloads the record from ember-data rather than sending an API
delete request, which would have been the intent here.
2019-06-04 15:56:20 +01:00
John Cowen 52b71aaf96
ui: ACL Policies. Catch all server errors (#5836)
Always show any server errors under Rules, not just invalid HCL
2019-06-04 15:53:10 +01:00
Matt Keeler 03f3a3b1a8
Update CHANGELOG.md 2019-06-04 10:03:50 -04:00
Pierre Souchay 1da1825056 Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
Matt Keeler 923448f00e
Update links to envoy docs on xDS protocol (#5871) 2019-06-03 11:03:05 -05:00
Matt Keeler a7c55ffed2
Fix acl.enable_key_list to be acl.enable_key_list_policy in docs (#5907) 2019-06-03 09:31:02 -05:00
John Cowen 5fc4053d3d
ui: Upgrade fstream (#5912)
Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12.
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](npm/fstream@v1.0.11...v1.0.12)
2019-06-03 11:08:40 +01:00
R.B. Boyer bd44723b86 update changelog 2019-05-24 13:38:00 -05:00
R.B. Boyer 9b41199585
agent: fix several data races and bugs related to node-local alias checks (#5876)
The observed bug was that a full restart of a consul datacenter (servers
and clients) in conjunction with a restart of a connect-flavored
application with bring-your-own-service-registration logic would very
frequently cause the envoy sidecar service check to never reflect the
aliased service.

Over the course of investigation several bugs and unfortunate
interactions were corrected:

(1)

local.CheckState objects were only shallow copied, but the key piece of
data that gets read and updated is one of the things not copied (the
underlying Check with a Status field). When the stock code was run with
the race detector enabled this highly-relevant-to-the-test-scenario field
was found to be racy.

Changes:

 a) update the existing Clone method to include the Check field
 b) copy-on-write when those fields need to change rather than
    incrementally updating them in place.

This made the observed behavior occur slightly less often.

(2)

If anything about how the runLocal method for node-local alias check
logic was ever flawed, there was no fallback option. Those checks are
purely edge-triggered and failure to properly notice a single edge
transition would leave the alias check incorrect until the next flap of
the aliased check.

The change was to introduce a fallback timer to act as a control loop to
double check the alias check matches the aliased check every minute
(borrowing the duration from the non-local alias check logic body).

This made the observed behavior eventually go away when it did occur.

(3)

Originally I thought there were two main actions involved in the data race:

A. The act of adding the original check (from disk recovery) and its
   first health evaluation.

B. The act of the HTTP API requests coming in and resetting the local
   state when re-registering the same services and checks.

It took awhile for me to realize that there's a third action at work:

C. The goroutines associated with the original check and the later
   checks.

The actual sequence of actions that was causing the bad behavior was
that the API actions result in the original check to be removed and
re-added _without waiting for the original goroutine to terminate_. This
means for brief windows of time during check definition edits there are
two goroutines that can be sending updates for the alias check status.

In extremely unlikely scenarios the original goroutine sees the aliased
check start up in `critical` before being removed but does not get the
notification about the nearly immediate update of that check to
`passing`.

This is interlaced wit the new goroutine coming up, initializing its
base case to `passing` from the current state and then listening for new
notifications of edge triggers.

If the original goroutine "finishes" its update, it then commits one
more write into the local state of `critical` and exits leaving the
alias check no longer reflecting the underlying check.

The correction here is to enforce that the old goroutines must terminate
before spawning the new one for alias checks.
2019-05-24 13:36:56 -05:00
Freddy 8f5fe058ea
Increase reliability of TestResetSessionTimerLocked_Renew 2019-05-24 13:54:51 -04:00
Hans Hasselberg 8c65ad5408
Update CHANGELOG.md 2019-05-24 16:51:44 +02:00
Pierre Souchay 27207fdaed agent: Improve startup message to avoid confusing users when no error occurs (#5896)
* Improve startup message to avoid confusing users when no error occurs

Several times, some users not very familiar with Consul get confused
by error message at startup:

  `[INFO] agent: (LAN) joined: 1 Err: <nil>`

Having `Err: <nil>` seems weird to many users, I propose to have the
following instead:

* Success: `[INFO] agent: (LAN) joined: 1`
* Error:   `[WARN] agent: (LAN) couldn't join: %d Err: ERROR`
2019-05-24 16:50:18 +02:00
Freddy f7f0207f78
Run TestServer_Expect on its own (#5890) 2019-05-23 19:52:33 -04:00
Freddy e9bdb3a4f9
Flaky test: ACLReplication_Tokens (#5891)
* Exclude non-go workflows while testing

* Wait for s2 global-management policy

* Revert "Exclude non-go workflows while testing"

This reverts commit 47a83cbe9f19d0e1e475eabaa223d61fb4c56019.
2019-05-23 19:52:02 -04:00
Freddy c9e6640337
Add retries to StatsFetcherTest (#5892) 2019-05-23 19:51:31 -04:00
Jack Pearkes bb28ebda7b Putting source back into Dev Mode 2019-05-23 12:03:07 -07:00
Justin Weissig 2ffe0ab097
docs: wording
Fixed wording: "will be resolve to the" -> "will be resolved to the".
2019-05-22 17:22:11 -07:00