luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
7,482 Commits 1 Branch 1 Tag 358 MiB
Commit Graph

7482 Commits

Author SHA1 Message Date
Pierre Souchay 3d0a960470 When renaming a node, ensure the name is not taken by another node. 
Since DNS is case insensitive and DB as issues when similar names with different
cases are added, check for unicity based on case insensitivity.

Following another big incident we had in our cluster, we also validate
that adding/renaming a not does not conflicts with case insensitive
matches.

We had the following error once:

 - one node called: mymachine.MYDC.mydomain was shut off
 - another node (different ID) was added with name: mymachine.mydc.mydomain before
   72 hours

When restarting the consul server of domain, the consul server restarted failed
to start since it detected an issue in RAFT database because
mymachine.MYDC.mydomain and mymachine.mydc.mydomain had the same names.

Checking at registration time with case insensitivity should definitly fix
those issues and avoid Consul DB corruption.
 2018-07-11 14:42:54 +02:00
Pierre Souchay 1b55e3559b Allow renaming nodes when ID is unchanged 2018-04-18 15:39:38 +02:00
Pierre Souchay eccb56ade0 Added support for renaming nodes when their IP does not change 2018-03-26 16:44:13 +02:00
Jack Pearkes 9a91b4eaef
Merge pull request #3927 from hashicorp/docs-encrypt-key-note 
Docs: Clarify encrypt key for WAN joined DCs
 2018-03-22 14:16:02 -07:00
Jack Pearkes bf2b3f8d88
Merge pull request #3929 from sryabkov/patch-1 
Highlighting the dead link in documentation
 2018-03-19 16:00:32 -07:00
Paul Banks d659e034fe
Note TLS cipher suite support changes 2018-03-19 21:51:14 +00:00
Josh Soref 1dd8c378b9 Spelling (#3958) 
* spelling: another

* spelling: autopilot

* spelling: beginning

* spelling: circonus

* spelling: default

* spelling: definition

* spelling: distance

* spelling: encountered

* spelling: enterprise

* spelling: expands

* spelling: exits

* spelling: formatting

* spelling: health

* spelling: hierarchy

* spelling: imposed

* spelling: independence

* spelling: inspect

* spelling: last

* spelling: latest

* spelling: client

* spelling: message

* spelling: minimum

* spelling: notify

* spelling: nonexistent

* spelling: operator

* spelling: payload

* spelling: preceded

* spelling: prepared

* spelling: programmatically

* spelling: required

* spelling: reconcile

* spelling: responses

* spelling: request

* spelling: response

* spelling: results

* spelling: retrieve

* spelling: service

* spelling: significantly

* spelling: specifies

* spelling: supported

* spelling: synchronization

* spelling: synchronous

* spelling: themselves

* spelling: unexpected

* spelling: validations

* spelling: value
 2018-03-19 16:56:00 +00:00
Paul Banks 4a684ce6fb
Merge pull request #3961 from canterberry/docs/tls-cipher-suites 
📝 Clarify the list of supported TLS cipher suites
 2018-03-19 16:51:14 +00:00
Paul Banks b86de4c2e3
Use master 2018-03-19 16:50:52 +00:00
Paul Banks e2673c76d6
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites 
🔒 Update supported TLS cipher suites
 2018-03-19 16:44:33 +00:00
Paul Banks 4b01c1a147
Merge pull request #3966 from hashicorp/docs-ui-acls 
website: add UI section to ACL guide
 2018-03-19 16:40:50 +00:00
Preetha Appan 5b5850aac0
Update CHANGELOG 2018-03-16 09:39:00 -05:00
Preetha Appan 84bd6dc5d1
cleanup unit test code a bit 2018-03-16 09:36:57 -05:00
Preetha 164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests 
Support OPTIONS requests
 2018-03-16 09:20:16 -05:00
Devin Canterberry 8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry bd11f567c4
📝 Prefer brevity at the cost of some ambiguity 2018-03-15 10:25:27 -07:00
Devin Canterberry 2001b9f35f
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry 881d20c606
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry ece32fce53
🔒 Update supported TLS cipher suites 
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
 2018-03-15 10:19:46 -07:00
Devin Canterberry 23dfc483a0
⤵️ Merge from `master`; no conflicts 2018-03-15 09:13:01 -07:00
Jack Pearkes da7f8ab59d website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes 9a911bba0c website: add section on securing the UI with ACLs 
Figured it would be worth documenting due to #3931.
 2018-03-14 16:46:04 -07:00
Paul Banks e9218d031e
Call out the service-watch upgrade notice 2018-03-14 11:03:21 +00:00
Jack Pearkes e04a003d7a
Merge pull request #3884 from rberlind/master 
Updated Stale Reads section of DNS Caching Guide
 2018-03-13 16:56:58 -07:00
Jack Pearkes 7390fdcad1
Merge pull request #3952 from slopeinsb/patch-1 
Update index.html.md
 2018-03-13 16:07:10 -07:00
Jack Pearkes defd90b3da
Update CHANGELOG.md 2018-03-13 15:32:37 -07:00
Devin Canterberry 089ceff264
📝 Clarify the list of supported TLS cipher suites 
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
 2018-03-13 09:25:03 -07:00
Preetha 8b41890cee
Merge pull request #3946 from hashicorp/je.fixes 
Small Adjustments
 2018-03-13 11:15:50 -05:00
randall thomson 24588fc479
Update index.html.md 
update cli commands for consul 1.x
 2018-03-09 09:46:37 -08:00
Preetha Appan 75549ec960
Update CHANGELOG.md 2018-03-09 07:37:57 -06:00
Preetha 401215230c
Merge pull request #3940 from pierresouchay/dns_max_size 
Allow to control the number of A/AAAA Record returned by DNS
 2018-03-09 07:35:32 -06:00
Preetha 80bc8e1ff6
Some tweaks to the documentation for a_record_limit 2018-03-08 11:23:07 -06:00
Pierre Souchay 8545b998ff Updated documentation as requested by @preetapan 2018-03-08 18:02:40 +01:00
Pierre Souchay 241c7e5f5f Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Jeff Escalante 41d6a3762c update to latest middleman-hashicorp 
this includes minor text fixes for the universal nav
 2018-03-06 16:37:58 -05:00
Jeff Escalante b4dce65d45 First instance of 'Consul' on homepage -> 'HashiCorp Consul' 2018-03-06 16:37:47 -05:00
Mitchell Hashimoto 734f50b7a7
Merge pull request #3944 from hashicorp/f-testify 
agent/consul/fsm: begin using testify/assert
 2018-03-06 09:55:31 -08:00
Mitchell Hashimoto fbac58280e
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 09970479b5 Allow to control the number of A/AAAA Record returned by DNS 
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
 2018-03-06 02:07:42 +01:00
Edd Steel 413cb3d3b5
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Sergei Ryabkov 4e0d229191
Highlighting the dead link 
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
 2018-03-02 18:22:19 -05:00
Paul Banks 5a9a794531
Merge pull request #3928 from hashicorp/service-token-docs 
Notes on ACL token storage and permissions
 2018-03-02 16:28:56 +00:00
Paul Banks d4bce06637
Update CHANGELOG.md 2018-03-02 16:27:48 +00:00
Paul Banks 628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index 
Services Indexes modified per service instead of using a global Index
 2018-03-02 16:24:43 +00:00
Paul Banks 34fe6f17e2
Notes on ACL token storage and permissions 2018-03-02 16:22:12 +00:00
Paul Banks 37e7e6e7a1
Notes on ACL token storage and permissions 2018-03-02 16:20:11 +00:00
Brian Shumate de25aa17ee Clarify encrypt key for WAN joined DCs 2018-03-02 10:41:09 -05:00
Pierre Souchay df285ec384 Better information and advices for upgrade to 1.0.7+ 2018-03-02 09:08:00 +01:00
Pierre Souchay 85b73f8163 Simplified error handling for maxIndexForService 
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
 2018-03-01 14:09:36 +01:00
Paul Banks be4fa97fda
Update CHANGELOG.md 2018-02-28 13:26:08 +00:00