Commit graph

9584 commits

Author SHA1 Message Date
Hans Hasselberg d511e86491
agent: enable reloading of tls config (#5419)
This PR introduces reloading tls configuration. Consul will now be able to reload the TLS configuration which previously required a restart. It is not yet possible to turn TLS ON or OFF with these changes. Only when TLS is already turned on, the configuration can be reloaded. Most importantly the certificates and CAs.
2019-03-13 10:29:06 +01:00
Reid Beels 257d079fac Remove misleading encrypt param documentation (#5452)
According to https://www.consul.io/docs/agent/options.html#_encrypt, the `encrypt` param specifies the 16-byte key to use, not the path to a config file containing the key.
2019-03-12 10:26:40 -05:00
R.B. Boyer e9614ee92f
acl: correctly extend the cache for acl identities during resolution (#5475) 2019-03-12 10:23:43 -05:00
Alvin Huang 4956d632b9
Merge pull request #5451 from hashicorp/update_go_discover_for_azure
Update go-discover vendor
2019-03-11 16:39:39 -04:00
Lowe Schmidt 7638a1ca1a Typo fix (segement > segment) (#5469) 2019-03-11 16:25:19 +01:00
Paul Banks abf387ddf3
Update CHANGELOG.md 2019-03-11 14:49:49 +00:00
Aestek 071fcb28ba [catalog] Update the node's services indexes on update (#5458)
Node updates were not updating the service indexes, which are used for
service related queries. This caused the X-Consul-Index to stay the same
after a node update as seen from a service query even though the node
data is returned in heath queries. If that happened in between queries
the client would miss this change.
We now update the indexes of the services on the node when it is
updated.

Fixes: #5450
2019-03-11 14:48:19 +00:00
Masato Yamazaki 774b39dd94 website: delete duplication of "are" (#5464) 2019-03-11 10:42:15 +01:00
petems e9b7569759 Update go-discover vendor
* Adds note about use of ENV variables for auto-join on Azure
2019-03-08 22:57:48 +00:00
Alvin Huang 190d6c20e9
Merge pull request #5453 from hashicorp/circleci2.0-config
refactor circleci config to 2.0
2019-03-08 16:10:57 -05:00
Alvin Huang aa6724acbe refactor circleci config to 2.0 2019-03-08 16:03:40 -05:00
Rebecca Zanzig 180110f3b3
Merge pull request #5445 from hashicorp/docs/helm-annotations
Add docs for new Helm `annotations` options
2019-03-08 12:11:30 -08:00
kaitlincarter-hc 7d5c252599
[Docs] ACL Bootstrap Guide (#5399)
* Adding updates for consul reload of token config.

* Update website/source/docs/guides/acl.html.md
2019-03-08 13:12:16 -06:00
kaitlincarter-hc 3a5db38e09
[doc] New Ports Documentation (#5442)
* Adding a ports table.

* Updating layout based on feedback.
2019-03-08 13:10:35 -06:00
Rebecca Zanzig 13133c0fff Add docs for new Helm annotations options 2019-03-08 10:10:25 -08:00
Rebecca Zanzig 2c800864f7
Merge pull request #5444 from hashicorp/docs/helm-priorityClassName
Add docs about new Helm `priorityClassName` options
2019-03-08 10:07:49 -08:00
Rebecca Zanzig 2f8bcd2b66 Add docs about new Helm priorityClassName options 2019-03-08 09:42:53 -08:00
Rebecca Zanzig b9f7e41399
Merge pull request #5443 from hashicorp/docs/acl-to-sync
Move aclSyncToken docs under `syncCatalog`
2019-03-08 09:06:43 -08:00
Rebecca Zanzig c5b3f98b14 Move aclSyncToken docs under syncCatalog
Additionally updates the anchors to follow the established convention.
2019-03-07 16:54:11 -08:00
Judith Malnick 73b4ce2758
[docs] fix link to prepared query rules (#5435)
* [docs] fix link to prepared query rules

* Update website/source/api/query.html.md

Co-Authored-By: judithpatudith <judith@hashicorp.com>
2019-03-07 12:10:40 -08:00
Rebecca Zanzig 5ab580990b
Merge pull request #5431 from hashicorp/docs/helm-extraConfig
[docs] Add examples for the `extraConfig` options in the Helm chart
2019-03-06 14:25:25 -08:00
Rebecca Zanzig 5b322d84e4 Add examples for the extraConfig options in the Helm chart 2019-03-06 13:01:17 -08:00
Alvin Huang 494fd53ecb
Merge pull request #5436 from hashicorp/fix-typo
fix typos
2019-03-06 15:00:17 -05:00
Alvin Huang ece3b5907d fix typos 2019-03-06 14:47:33 -05:00
R.B. Boyer 91e78e00c7
fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
kaitlincarter-hc ca463fb1d5
[Docs] Production Guide for ACLs (#5385)
* New guide for ACLs

* Fixing some formatting issues.

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Resolving PR comments.

* Closing the rest of the PR comments

* Updates for persistence.

* Updating commands.

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-03-06 10:46:07 -06:00
Chip Vaughn 157ca0df24
Merge pull request #5420 from hashicorp/f-catalog-changes
Catalog API Doc Changes
2019-03-06 11:00:37 -05:00
Chip Vaughn bdea21f14a Update to registering services via Catalog API 2019-03-06 09:41:12 -05:00
Chip Vaughn a700fc5530 Update to registering services via Catalog API 2019-03-06 09:23:37 -05:00
Hans Hasselberg af1de3c81c
tlsutil: don't use server_name config for RPC connections (#5394)
* server name only for outgoing https for checks
2019-03-05 21:35:43 +01:00
R.B. Boyer c24e3584be improve flaky LANReap tests by expliciting configuring the tombstone timeout
In TestServer_LANReap autopilot is running, so the alternate flow
through the serf reaping function is possible. In that situation the
ReconnectTimeout is not relevant so for parity also override the
TombstoneTimeout value as well.

For additional parity update the TestServer_WANReap and
TestClient_LANReap versions of this test in the same way even though
autopilot is irrelevant here .
2019-03-05 14:34:03 -06:00
R.B. Boyer bc984dcb38 tests: avoid leaking child processes from agent/proxyprocess package 2019-03-05 14:29:25 -06:00
R.B. Boyer 66af091de9 website: fix broken links 2019-03-05 14:24:33 -06:00
Hans Hasselberg dda59a3d2f
website: fix gemfile.lock (#5429) 2019-03-05 20:55:04 +01:00
Matt Keeler 8aa5c7f6ee Putting source back into Dev Mode 2019-03-05 19:26:42 +00:00
Matt Keeler 153ae77488 Merge branch 'master' of https://github.com/hashicorp/consul 2019-03-05 19:05:53 +00:00
novotnyr 9f8fc7e2b7 [docs] Add IntelliJ Consul to the list of community tools (#5379) 2019-03-05 13:58:03 +01:00
Matt Keeler 610641224b
Release v1.4.3 2019-03-04 19:21:20 +00:00
Matt Keeler b59e10694f Update Changelog 2019-03-04 19:18:25 +00:00
Matt Keeler 87f9365eee Fixes for CVE-2019-8336
Fix error in detecting raft replication errors.

Detect redacted token secrets and prevent attempting to insert.

Add a Redacted field to the TokenBatchRead and TokenRead RPC endpoints

This will indicate whether token secrets have been redacted.

Ensure any token with a redacted secret in secondary datacenters is removed.

Test that redacted tokens cannot be replicated.
2019-03-04 19:13:24 +00:00
Chip Vaughn 140b85c4a7 Update to registering services via Catalog API 2019-03-04 09:46:37 -05:00
Chip Vaughn b1cde0d61f Update to registering services via Catalog API 2019-03-04 09:45:24 -05:00
Matt Keeler 66188948b2
Update CHANGELOG.md 2019-03-04 09:43:51 -05:00
Hans Hasselberg 330b8aec69 default to tls 1.2 as promised. (#5340) 2019-03-04 09:42:04 -05:00
Matt Keeler 25a8ced090
Update CHANGELOG.md 2019-03-04 09:35:13 -05:00
Aestek 2ce7240abc Register and deregisters services and their checks atomically in the local state (#5012)
Prevent race between register and deregister requests by saving them
together in the local state on registration.
Also adds more cleaning in case of failure when registering services
/ checks.
2019-03-04 09:34:05 -05:00
Matt Keeler 88e25980a3
Update CHANGELOG.md 2019-03-04 09:29:54 -05:00
Matt Keeler 612aba7ced
Dont modify memdb owned token data for get/list requests of tokens (#5412)
Previously we were fixing up the token links directly on the *ACLToken returned by memdb. This invalidated some assumptions that a snapshot is immutable as well as potentially being able to cause a crash.

The fix here is to give the policy link fixing function copy on write semantics. When no fixes are necessary we can return the memdb object directly, otherwise we copy it and create a new list of links.

Eventually we might find a better way to keep those policy links in sync but for now this fixes the issue.
2019-03-04 09:28:46 -05:00
Aestek ce447e0e16 Fix race condition in DNS when using cache (#5398)
* Fix race condition in DNS when using cache

The healty node filtering was modifying the result from the cache, which
caused a crash when multiple queries were made to the same service
simultaneously.
We now copy the node slice before filtering to ensure we do not modify
the data stored in the cache.

* Fix wording in dns cache config doc

s/dns_max_age/cache_max_age/
2019-03-04 09:22:01 -05:00
Matt Keeler 9a7d57d995
Update CHANGELOG.md 2019-03-04 09:20:58 -05:00