Commit graph

197 commits

Author SHA1 Message Date
Matt Keeler 8d51e22d26
Update raft-boltdb to pull in new writeCapacity metric (#12646) 2022-03-30 11:38:44 -04:00
Mike Morris 8020fb2098
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
Luke Kysow 6553bf4a2a
Lkysow/docs updates 2 (#12604)
* Document intermediate_cert_ttl
2022-03-23 10:22:08 -07:00
Dan Upton 57f0f42733
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
mrspanishviking 1ae820ea0a
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 667976c94f fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 33d0ed5e96 fixed merge conflicts pt2 2022-03-15 14:01:24 -07:00
trujillo-adam 60a88bb40f merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Ashlee M Boyer 88accc6c94
Merge pull request #12484 from hashicorp/docs-amb-fix-prometheus-link
docs: Fixing Prometheus link in docs/agent/telemetry
2022-03-11 16:37:17 -05:00
Ashlee M Boyer a752ff1e39 Fixing Prometheus link in docs/agent/telemetry 2022-03-11 12:13:42 -08:00
Kyle Schochenmaier 6e6e705ae0
update docs (#12543) 2022-03-09 13:24:20 -06:00
Blake Covarrubias d14ddb7a23 docs: Clarify configuration options apply to agent
Recently there have been a handful of GitHub issues and Discuss posts
where users have expected the `consul` CLI to make use of config
options defined in the agent configuration files, and are confused
when it does not honor those config options.

This change clarifies that command-line and configuration file options
documented on the /agent/options page only apply to the Consul agent,
instead of the Consul CLI.
2022-03-03 11:30:20 -08:00
Daniel Nephin ff64c13c3e
Merge pull request #12166 from hashicorp/dnephin/acl-resolve-token-2
acl: remove ResolveTokenToIdentity
2022-01-31 19:19:21 -05:00
Daniel Nephin 57eac90cae acl: remove unused methods on fakes, and add changelog
Also document the metric that was removed in a previous commit.
2022-01-31 17:53:53 -05:00
Matt Keeler 4198c09c47
Update telemetry page with advice for monitoring boltdb performance (#12141)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-01-26 11:51:19 -05:00
Blake Covarrubias f46bbb7205 Fix spelling errors 2022-01-20 08:54:23 -08:00
Blake Covarrubias d81889bb41 docs: Avoid redirects by pointing links to new URLs
Avoid HTTP redirects for internal site links by updating old URLs to
point to the new location for the target content.
2022-01-20 08:52:51 -08:00
Blake Covarrubias 6e9ff354f2 docs: Add HCL examples to agent config options 2022-01-14 09:22:29 -08:00
Anthony b003fd93d7
Apply suggestions from code review 2022-01-13 17:04:19 -05:00
Anthony 3f01f2fe12
Apply suggestions from code review
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-13 16:55:07 -05:00
Anthony 5ffa877cdb Added hcl language to snippet. 2022-01-13 16:34:37 -05:00
Anthony e62c21e136 Removed extra comment. 2022-01-13 16:26:40 -05:00
Anthony cd9c843e07 Missed CodeBlockConfig tag. 2022-01-13 16:22:57 -05:00
Anthony 8b18b4394c Added CodeBlockConfig tags and $ to shell examples missing it. 2022-01-13 16:07:11 -05:00
Krastin Krastev c61afe74fa
Merge pull request #12039 from hashicorp/krastin/docs-telemetry-consulversion
docs: Clarify consul.version telemetry description
2022-01-13 12:47:33 +01:00
mrspanishviking 29e07eb48c
Merge pull request #12014 from hashicorp/neenap-patch-1
docs: updated the description of min_quorum
2022-01-12 07:55:41 -07:00
Krastin Krastev 5cadcae8e7
Clarify consul.version telemetry description
The description of consul.version telemetry is not very clear, fixing
2022-01-12 11:21:13 +01:00
Blake Covarrubias 97e7e118e0 docs: Fix spelling errors 2022-01-11 09:37:09 -08:00
Connor a4d2dc0ce2
Add go-sockaddr examples for multiple interfaces (#11998)
* Add overview example for multiple interfaces with go-sockaddr

* Include go-sockaddr examples in agent configuration

* Add changelog entry

* Make suggested changes

* Simplify hcl comment

* Update link and fix gRPC

* Switch index.mdx from Tabs to CodeTabs

* Reformat new links for screen readers

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Fix spacing in code block

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 20:10:25 -06:00
Natalie Smith 61980f0808 docs: simplify agent docs slugs 2022-01-10 17:37:18 -08:00
Natalie Smith 0f8c16ac43 docs: pr feedback 2022-01-10 17:26:47 -08:00
Natalie Smith be4b6e63f2 chore: rebase updates 2022-01-10 17:16:24 -08:00
Natalie Smith 2b71c59298 docs: fix external links to agent config pages 2022-01-10 17:11:50 -08:00
Natalie Smith ed47d7c738 docs: fix agent config links 2022-01-10 17:11:50 -08:00
Natalie Smith bd11b44781 docs: arrange agent configuration file parameters into logical groups 2022-01-10 17:11:50 -08:00
Natalie Smith a769f4fa94 docs: move configuration files content from agent/config/index to agent/config/agent-config-files 2022-01-10 17:11:47 -08:00
Natalie Smith 776760a09a docs: move cli content from agent/config/index to agent/config/agent-config-cli
And add sections for logical groupings of options
2022-01-10 17:10:56 -08:00
Natalie Smith 8e06e15183 docs: move agent/options.mdx into agent/config/index.mdx and add placeholder .mdx files for cli/files
Also update nav data
2022-01-10 17:06:26 -08:00
Neena Pemmaraju c20694d453
docs: updated the description of min_quorum 2022-01-10 15:37:36 -08:00
mrspanishviking 3e30d6decf
Merge pull request #11997 from hashicorp/20sr20-patch-1
Adding texts in verify_leader metric
2022-01-10 15:59:20 -07:00
Sujata Roy e62ec3783e
Update website/content/docs/agent/telemetry.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 14:57:14 -08:00
Amier Chery db29a926da
Create options.mdx
Adding a small little note to the top of the 'command line options' section of this page following community feedback in #10628
2022-01-10 17:15:33 -05:00
Sujata Roy 59e50ac42e
Adding texts in verify_leader metric
- Added description providing example case when the metric can go high
2022-01-10 12:01:27 -08:00
Kyle Havlovitz d2244a719f
Merge pull request #11838 from hashicorp/partitions-dns-docs
docs: Update dns sections for partition query format and virtual IPs
2021-12-14 16:22:35 -08:00
R.B. Boyer df6e8a4661
docs: document partition config flag (#11840) 2021-12-14 16:02:08 -06:00
Kyle Havlovitz 1d720abe58 docs: Update namespaced DNS services section for partitions format 2021-12-14 11:05:41 -08:00
Matt Keeler 431de5e3dd
Various Boltdb/Raft Documentation Updates (#11793)
* Documenting the new raft_boltdb configuration options
* Add documentation around new boltdb metrics.
* Correct documentation for the consul.raft.fsm.apply metric
2021-12-09 16:18:59 -05:00
Dan Upton e1829a8706
Rename master and agent_master ACL tokens in the config file format (#11665) 2021-12-01 21:08:14 +00:00
R.B. Boyer 70b143ddc5
auto-config: ensure the feature works properly with partitions (#11699) 2021-12-01 13:32:34 -06:00
John Cowen 6fa1a058a6
ui: Add Service.Partition as available variable for dashboard urls (#11654) 2021-12-01 11:05:57 +00:00
danielehc 6b93af86ca
Connect.enabled config option (#11533) 2021-11-17 12:06:11 +01:00
John Cowen ecd296eaf7 Revert "Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation"
This reverts commit cd55c0cda3310c06abe989b8d145d9946945ae8d, reversing
changes made to 14af8cb7a9e7fc0a65178e6ca7708b3f395f0d70.
2021-11-10 17:54:33 +00:00
trujillo-adam 8ea10fa959
Merge pull request #11487 from hashicorp/docs/admin-partitions-feedback-acl-policies-redux
changed 'segments' in this page to 'resource labels' to disambiguate from 'network segments
updated the code snippets to use CodeBlock component and to include JSON
2021-11-10 07:56:54 -08:00
trujillo-adam e6073653b5 applied feedback 2021-11-05 09:30:28 -07:00
FFMMM 9afecfa10c
plumb thru root cert tll to the aws ca provider (#11449)
* plumb thru root cert ttl to the aws ca provider

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11449.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2021-11-04 12:19:08 -07:00
FFMMM 27227c0fd2
add root_cert_ttl option for consul connect, vault ca providers (#11428)
* add root_cert_ttl option for consul connect, vault ca providers

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

* add changelog, pr feedback

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* Update .changelog/11428.txt, more docs

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update website/content/docs/agent/options.mdx

Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
2021-11-02 11:02:10 -07:00
Jared Kirschner 6dfcbeceec
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
Daniel Nephin 6e9dd995eb tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
See github.com/hashicorp/consul/issues/11207

When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Konstantine d897a3e16e describe how alt-domain works in docs 2021-10-26 12:38:13 -04:00
Daniel Nephin f24bad2a52
Merge pull request #11232 from hashicorp/dnephin/acl-legacy-remove-docs
acl: add docs and changelog for the removal of the legacy ACL system
2021-10-25 18:38:00 -04:00
Chris S. Kim 1eaa53798c
Update docs for tls_cipher_suites (#11070) 2021-10-21 16:41:51 -04:00
Jared Kirschner fe09db6158
Merge pull request #11328 from radiantly/ui/feature/allow-${}-style-interpolation
ui: Allow ${ } interpolation for UI Dashboard template URLs
2021-10-20 08:59:02 -04:00
Anirudh H M bdbc89456f Single link 2021-10-20 00:25:28 +05:30
radiantly 3c476b8fbc
Remove note 2021-10-19 23:22:12 +05:30
radiantly 84b72fd182
Add changelog note and amend docs 2021-10-19 01:08:44 +05:30
radiantly 79ba05b2a6
ui: Allow ${} interpolation for template URLs 2021-10-15 15:37:51 +05:30
Anirudh H M 59e893332c Update docs: Mention grafana dashboard 2021-10-12 12:55:44 +05:30
Connor 2cd80e5f66
Merge pull request #11222 from hashicorp/clly/service-mesh-metrics
Start tracking connect service mesh usage metrics
2021-10-11 14:35:03 -05:00
Daniel Nephin 51e498717f docs: add notice that legacy ACLs have been removed.
Add changelog

Also remove a metric that is no longer emitted that was missed in a
previous step.
2021-10-05 18:30:22 -04:00
Connor Kelly f9ba7c39b5
Add changelog, website and metric docs
Add changelog to document what changed.
Add entry to telemetry section of the website to document what changed
Add docs to the usagemetric endpoint to help document the metrics in code
2021-10-05 13:34:24 -05:00
trujillo-adam da59ffd660 applied feedback, moved the Lifecycle info to the front 2021-09-30 11:41:37 -07:00
trujillo-adam aff20b68d5 providing additional information about the Consul agent 2021-09-29 16:51:03 -07:00
Daniel Nephin 33a5448604
Merge pull request #11136 from hashicorp/dnephin/acl-resolver-fix-default-authz
acl: fix default Authorizer for down_policy extend-cache/async-cache
2021-09-29 13:45:12 -04:00
Daniel Nephin afb1dd5827
Merge pull request #11110 from hashicorp/dnephin/acl-legacy-remove-initialize
acl: remove initializeLegacyACL and the rest of the legacy FSM commands
2021-09-29 13:44:30 -04:00
Daniel Nephin a9ac148c92
Merge pull request #10999 from hashicorp/dnephin/revert-config-xds-port
Revert config xds_port
2021-09-29 13:39:15 -04:00
Daniel Nephin 2995ac61f2 acl: remove the last of the legacy FSM
Replace it with an implementation that returns an error, and rename some symbols
to use a Deprecated suffix to make it clear.

Also remove the ACLRequest struct, which is no longer referenced.
2021-09-29 12:42:23 -04:00
Daniel Nephin 402d3792b6 Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc"
This reverts commit 74fb650b6b966588f8faeec26935a858af2b8bb5, reversing
changes made to 58bd8173364effb98b9fd9f9b98d31dd887a9bac.
2021-09-29 12:28:41 -04:00
Daniel Nephin d4c48a3f23
Merge pull request #11101 from hashicorp/dnephin/acl-legacy-remove-rpc-2
acl: remove legacy ACL.Apply RPC
2021-09-29 12:23:55 -04:00
Daniel Nephin 4410f8eee5 Revert "Merge pull request #10618 from hashicorp/dnephin/docs-add-deprecation-version-grpc-port"
This reverts commit 81bb5f33ebb33d1084fcc50aab62950eb7ddebc8, reversing
changes made to 20feb42d3a663e72cb46cda6c08c0588f5bbf3b4.
2021-09-29 12:14:32 -04:00
Daniel Nephin a0e08086f7
Merge pull request #10988 from hashicorp/dnephin/acl-legacy-remove-config
acl: isolate deprecated config and warn when they are used
2021-09-29 11:40:14 -04:00
Jared Kirschner 5d593e930b
Merge pull request #10702 from jkirschner-hashicorp/network-segments-docs-enhancements
Network segments docs enhancements
2021-09-28 10:24:05 -04:00
Daniel Nephin 52ecd0d107 docs: clarify acl down policy 2021-09-23 18:13:39 -04:00
Daniel Nephin 408eb0e08e config: Deprecate EnableACLReplication
replaced by ACL.TokenReplication
2021-09-23 15:14:59 -04:00
Daniel Nephin 3e6dc2a843 acl: remove ACL.Apply
As part of removing the legacy ACL system.
2021-09-22 18:28:08 -04:00
Connor Kelly 5e6828a117
Add new telemetry to website
This will add information about the new kv_usage metric to the website
2021-09-20 12:43:40 -05:00
Jared Kirschner e0527a503e docs: improve network segments agent options docs 2021-09-15 10:00:41 -07:00
Karl Cardenas 245ab6dbf4
docs: fixed identation of warning components 2021-08-30 07:12:30 -07:00
mrspanishviking 4558d51ba3
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-27 07:41:11 -07:00
Karl Cardenas 8eab6b65b7
docs: added information about a conflict when using auto_config and auto_encrypt 2021-08-25 21:25:18 -07:00
Blake Covarrubias ef11e8bc92
docs: Add common CA config options to provider doc pages (#10842)
Add the list of common Connect CA configuration options to the
provider-specific CA docs.

Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Olatunde Alex-Oni 9ea02121b7 Update documentation for enable_key_list_policy
The current suggests the option expects a string of either "enabled" or "disabled" but this results in an error `'acl.enable_key_list_policy' expected type 'bool', got unconvertible type 'string', value: 'enabled'`. Setting to a boolean value resolves this, also had a quick look at the code (d2b58cd0d6/agent/config/runtime.go (L109)) and it suggests this too
2021-08-16 13:10:54 -07:00
Blake Covarrubias db59597cac docs: Update code blocks across website
* Use CodeTabs for examples in multiple formats.
* Ensure correct language on code fences.
* Use CodeBlockConfig for examples with filenames, or which need
highlighted content.
2021-08-11 13:20:03 -07:00
Daniel Nephin 1673b3a68c telemetry: add a metric for agent TLS cert expiry 2021-08-04 13:51:44 -04:00
joshwolfer d53db57558 Update options.mdx
add service config link to description of enable_central_service_config.
2021-08-03 15:36:51 -04:00
Blake Covarrubias f97e843c61 Add OSS changes for specifying audit log permission mode 2021-07-30 09:58:11 -07:00
Daniel Nephin efad0234f4
Update website/content/docs/agent/options.mdx
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-07-29 12:38:30 -04:00
Daniel Nephin 7cf86dc2ab docs: give better guidance about how to configure the agent TLS CA 2021-07-28 18:22:35 -04:00
Blake Covarrubias 441a6c9969
Add DNS recursor strategy option (#10611)
This change adds a new `dns_config.recursor_strategy` option which
controls how Consul queries DNS resolvers listed in the `recursors`
config option. The supported options are `sequential` (default), and
`random`.

Closes #8807

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Priyanka Sengupta <psengupta@flatiron.com>
2021-07-19 15:22:51 -07:00
Blake Covarrubias 4d2bc76d62 docs: Fix spelling errors across website 2021-07-19 14:29:54 -07:00
Daniel Nephin 4c78825f0c
Merge pull request #10617 from hashicorp/dnephin/config-add-missing-docs
docs: add config options that were missing
2021-07-15 11:23:32 -04:00