Commit Graph

119 Commits

Author SHA1 Message Date
Armon Dadgar 9642384429 consul: support the new TLS wrapper 2015-05-11 15:15:36 -07:00
Armon Dadgar a1de4b17c2 consul: use tlsutil.Wrapper instead of tls.Config directly 2015-05-11 13:09:19 -07:00
Ryan Uber 41aa5aeb09 consul: swap over to raft-boltdb 2015-03-26 20:01:52 -07:00
Ryan Uber 275d99e1dc consul: allow returning custom error for merge delegate 2015-02-22 18:24:10 -08:00
Ryan Breen 53afd77e2d s/data center/datacenter/g 2015-02-19 17:45:47 -05:00
Armon Dadgar a695909a85 consul: Wait for RemovePeer in Leave as a follower 2015-01-20 16:19:54 -08:00
Armon Dadgar aec0dedd01 consul: remove ourself from raft peer set if we are the leader 2015-01-20 16:19:29 -08:00
Armon Dadgar 133cf457a3 consul: Use new LogCache to improve write throughput 2015-01-14 15:49:58 -08:00
Armon Dadgar a66a765ca9 consul: Adding merge delegate to prevent mixing clusters 2015-01-06 15:48:46 -08:00
Armon Dadgar 71c2c1468d consul: Thread Tombstone GC through 2015-01-05 14:43:55 -08:00
Armon Dadgar 6b9ace19cf consul: Collect useful session metrics 2015-01-02 22:46:51 +05:30
Armon Dadgar f25566931f consul: Make sessionTimersLock a plain mutex 2014-12-12 19:17:35 -08:00
Atin Malaviya b623af776b Consul Session TTLs
The design of the session TTLs is based on the Google Chubby approach
(http://research.google.com/archive/chubby-osdi06.pdf). The Session
struct has an additional TTL field now. This attaches an implicit
heartbeat based failure detector. Tracking of heartbeats is done by
the current leader and not persisted via the Raft log. The implication
of this is during a leader failover, we do not retain the last
heartbeat times.

Similar to Chubby, the TTL represents a lower-bound. Consul promises
not to terminate a session before the TTL has expired, but is allowed
to extend the expiration past it. This enables us to reset the TTL on
a leader failover. The TTL is also extended when the client does a
heartbeat. Like Chubby, this means a TTL is extended on creation,
heartbeat or failover.

Additionally, because we must account for time requests are in transit
and the relative rates of clocks on the clients and servers, Consul
will take the conservative approach of internally multiplying the TTL
by 2x. This helps to compensate for network latency and clock skew
without violating the contract.

Reference: https://docs.google.com/document/d/1Y5-pahLkUaA7Kz4SBU_mehKiyt9yaaUGcBTMZR7lToY/edit?usp=sharing
2014-12-07 12:38:22 -05:00
Ryan Uber 295f876923 command/agent: fix up gossip encryption indicator 2014-11-19 16:35:37 -08:00
Ryan Uber 96376212ff consul: use rpc layer only for key management functions, add rpc commands 2014-11-19 16:30:21 -08:00
Atin Malaviya 2bd0e8c745 consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS 2014-11-18 17:56:48 -05:00
Atin Malaviya b4424a1a50 Moved TLS Config stuff to tlsutil package 2014-11-18 11:03:36 -05:00
Armon Dadgar 0ea385579a consul: Ensure FSM stores data in the data dir 2014-10-15 14:57:59 -07:00
Armon Dadgar 88b53702f1 consul: Reduce mmap size on 32bit 2014-10-15 11:32:40 -07:00
Armon Dadgar b1cf52db01 consul: expose UserEvent from Serf 2014-08-26 18:50:03 -07:00
Armon Dadgar 8153537e86 consul: Support management tokens 2014-08-18 15:46:23 -07:00
Armon Dadgar 61b80e912c consul: Use Etag for policy caching 2014-08-18 15:46:22 -07:00
Armon Dadgar bd124a8da3 consul: Pulling in ACLs 2014-08-18 15:46:21 -07:00
Armon Dadgar ea31f37dd6 consul: Adding ACL endpoint 2014-08-18 15:46:21 -07:00
Armon Dadgar ebae394863 consul: ACL setting passthrough 2014-08-18 15:46:20 -07:00
Armon Dadgar bf26a9160f consul: Defer serf handler until initialized. Fixes #254. 2014-07-22 09:36:58 -04:00
Armon Dadgar 020802f7a5 Merge pull request #233 from nelhage/tls-no-subjname
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage 0a2476b20e Restore the 0.2 TLS verification behavior.
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.

As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.

If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.

No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar 80b86c9ee9 Rename Expect to BootstrapExpect. Fixes #223. 2014-06-19 17:08:55 -07:00
Robert Xu fff6546c75 Minor cleanup to logic and testsuite.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-18 18:47:05 -04:00
Robert Xu a2fea2ce55 Utilise new raft.SetPeers() method, move expect logic to leader.go.
This way, we don't use EnableSingleMode, nor cause chaos adding peers.

Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-18 12:03:30 -04:00
Robert Xu 31c392813c Add expect bootstrap '-expect=n' mode.
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.

If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.

Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar ea054b8847 consul: Start RPC before Raft, wait to accept connecitons 2014-06-11 10:17:58 -07:00
Armon Dadgar 1812eedad9 consul: start RPC after fully initialized. Fixes #160 2014-06-11 09:46:44 -07:00
Armon Dadgar 2e18774c02 consul: Avoid network for server RPC. Fixes #148. 2014-06-10 19:12:36 -07:00
Armon Dadgar b5bd20634a consul: Gossip the build using Serf 2014-06-06 15:36:40 -07:00
Armon Dadgar f9766541e1 Merge pull request #173 from hashicorp/f-agent-self
Add `/v1/agent/self` and return local agent config
2014-05-29 11:18:19 -07:00
Armon Dadgar 319ab05b8c consul: Provide logger to yamux 2014-05-28 16:32:25 -07:00
Armon Dadgar 74452a5ae0 consul: Add new protocol version for yamux 2014-05-28 16:32:24 -07:00
Armon Dadgar 313f79913e consul: Pass protocol version for leader forwarding 2014-05-28 16:32:24 -07:00
Armon Dadgar 345efd74e4 consul: remove explicit leave, use reconciliation 2014-05-28 16:32:24 -07:00
Armon Dadgar 589105eee4 consul: Store the protocol version for a server 2014-05-28 16:32:24 -07:00
Armon Dadgar a79c3d2103 consul: Pool client connections, support for yamux connections 2014-05-28 16:32:24 -07:00
William Tisäter a028c3ae93 Add `/v1/agent/self` and return local agent config 2014-05-27 01:15:33 +02:00
Armon Dadgar 5fa10c912e Support rejoin after leave. Fixes #110. 2014-05-21 12:32:24 -07:00
Armon Dadgar e58e9bceb0 consul: First pass at Session RPC endpoints 2014-05-20 16:25:29 -07:00
Armon Dadgar f8898dce6e consul: Disable conflict resolution. See #97. 2014-05-16 14:11:53 -07:00
Armon Dadgar 2d8b1f5b6f consul: Avoid name conflict on WAN ring. Fixes #158. 2014-05-16 14:07:53 -07:00
Armon Dadgar c54f53eaf7 consul: Remove RPC client tracking. Fixes #149. 2014-05-14 17:34:24 -07:00
Armon Dadgar 5c34e01d17 consul: Fixing for upstream API changes 2014-05-01 18:11:36 -07:00