Michael Fraenkel
c00c4ebaaa
Support SesionTTLMin configuration
...
- Allow setting SessionTTLMin
- Validate on the Server
2015-03-27 05:13:57 -07:00
Armon Dadgar
3e2bd0db2c
consul: Rename TombstoneGC to TombstoneTTL
2015-01-05 14:43:54 -08:00
Armon Dadgar
d5369098ba
consul: Adding TombstoneGC config
2015-01-05 14:43:54 -08:00
Atin Malaviya
2bd0e8c745
consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS
2014-11-18 17:56:48 -05:00
Atin Malaviya
b4424a1a50
Moved TLS Config stuff to tlsutil package
2014-11-18 11:03:36 -05:00
Armon Dadgar
3a1d686444
consul: Adding user event handler for callbacks
2014-08-26 19:04:07 -07:00
Armon Dadgar
ca6a8aef55
agent: Adding ACL master token
2014-08-18 15:46:20 -07:00
Armon Dadgar
ebae394863
consul: ACL setting passthrough
2014-08-18 15:46:20 -07:00
Armon Dadgar
020802f7a5
Merge pull request #233 from nelhage/tls-no-subjname
...
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage
627b2e455f
Add some basic smoke tests for wrapTLSclient.
...
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage
0a2476b20e
Restore the 0.2 TLS verification behavior.
...
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.
As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.
If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.
No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar
80b86c9ee9
Rename Expect to BootstrapExpect. Fixes #223 .
2014-06-19 17:08:55 -07:00
Robert Xu
31c392813c
Add expect bootstrap '-expect=n' mode.
...
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.
If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar
91373968a8
Adding server_name configuration for TLS
2014-06-13 11:10:27 -07:00
Armon Dadgar
b5bd20634a
consul: Gossip the build using Serf
2014-06-06 15:36:40 -07:00
Armon Dadgar
74452a5ae0
consul: Add new protocol version for yamux
2014-05-28 16:32:24 -07:00
Armon Dadgar
c98736b8ae
Merge pull request #174 from nelhage/multi-ca-cert
...
Allow multiple PEM-encoded certificates in the ca_file.
2014-05-27 10:47:41 -07:00
William Tisäter
405dfd99c1
Fix tests on Go 1.3 and greater
...
Go 1.3 and greater require ServerName or InsecureSkipVerify to be set.
https://codereview.appspot.com/67010043/
2014-05-27 00:47:47 +02:00
Nelson Elhage
7d4824ade7
Allow multiple PEM-encoded certificates in the ca_file.
...
fixes #167
2014-05-26 10:58:57 -07:00
Armon Dadgar
5fa10c912e
Support rejoin after leave. Fixes #110 .
2014-05-21 12:32:24 -07:00
Armon Dadgar
c77666669b
consul: Fix decoding of certificate
2014-04-07 15:07:00 -07:00
Armon Dadgar
80de0f8789
consul: Adding basic TLS configuraiton
2014-04-07 15:06:59 -07:00
Armon Dadgar
fad79e1f8e
consul: Increase default reap time to 3 days
2014-03-20 12:39:06 -07:00
Armon Dadgar
6fba03db8f
consul: Adding protocol version numbers
2014-03-09 15:18:36 -07:00
Armon Dadgar
7534346103
agent: Adding server up callback to make state sync faster
2014-02-07 12:11:34 -08:00
Armon Dadgar
e1692fb0a0
Adding a ReconcileInterval config
2014-01-09 15:44:25 -08:00
Armon Dadgar
ce79f27364
Adding support for advertise address
2013-12-31 16:45:13 -08:00
Armon Dadgar
7f2feeb7eb
Testing Raft advertise addr
2013-12-31 15:44:27 -08:00
Armon Dadgar
a88bef821a
Guard against a bad advertise address
2013-12-31 14:00:25 -08:00
Armon Dadgar
3c00ba3864
Update for the new Serf config
2013-12-27 12:51:15 -08:00
Armon Dadgar
69ed0ec184
Adding a bootstrap flag to allow single server raft
2013-12-24 16:48:07 -08:00
Armon Dadgar
0e4b5720d9
Filling in Agent basics
2013-12-20 15:33:13 -08:00
Armon Dadgar
5ab00f34ee
consul: Remove the RaftBindAddr
2013-12-09 14:22:23 -08:00
Armon Dadgar
af9176bca0
consul: Add+test JoinLAN/JoinWAN
2013-12-06 17:18:09 -08:00
Armon Dadgar
0bf9a8fb1c
consul: Basic RPC framework
2013-12-06 16:35:13 -08:00
Armon Dadgar
94ff23d2a4
consul: adding basic skeleton
2013-12-06 15:43:07 -08:00