Commit graph

7746 commits

Author SHA1 Message Date
Pierre Souchay 7e8e4e014b Added new test regarding checks index 2018-03-22 12:20:25 +01:00
Pierre Souchay a8b66fb7aa Fixed minor typo in comments
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
Guido Iaquinti 244fc72b05 Add package name to log output 2018-03-21 15:56:14 +00:00
Jack Pearkes bf2b3f8d88
Merge pull request #3929 from sryabkov/patch-1
Highlighting the dead link in documentation
2018-03-19 16:00:32 -07:00
Paul Banks d659e034fe
Note TLS cipher suite support changes 2018-03-19 21:51:14 +00:00
Josh Soref 1dd8c378b9 Spelling (#3958)
* spelling: another

* spelling: autopilot

* spelling: beginning

* spelling: circonus

* spelling: default

* spelling: definition

* spelling: distance

* spelling: encountered

* spelling: enterprise

* spelling: expands

* spelling: exits

* spelling: formatting

* spelling: health

* spelling: hierarchy

* spelling: imposed

* spelling: independence

* spelling: inspect

* spelling: last

* spelling: latest

* spelling: client

* spelling: message

* spelling: minimum

* spelling: notify

* spelling: nonexistent

* spelling: operator

* spelling: payload

* spelling: preceded

* spelling: prepared

* spelling: programmatically

* spelling: required

* spelling: reconcile

* spelling: responses

* spelling: request

* spelling: response

* spelling: results

* spelling: retrieve

* spelling: service

* spelling: significantly

* spelling: specifies

* spelling: supported

* spelling: synchronization

* spelling: synchronous

* spelling: themselves

* spelling: unexpected

* spelling: validations

* spelling: value
2018-03-19 16:56:00 +00:00
Paul Banks 4a684ce6fb
Merge pull request #3961 from canterberry/docs/tls-cipher-suites
📝 Clarify the list of supported TLS cipher suites
2018-03-19 16:51:14 +00:00
Paul Banks b86de4c2e3
Use master 2018-03-19 16:50:52 +00:00
Paul Banks e2673c76d6
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
Paul Banks 4b01c1a147
Merge pull request #3966 from hashicorp/docs-ui-acls
website: add UI section to ACL guide
2018-03-19 16:40:50 +00:00
Pierre Souchay 3eb287f57d Fixed typo in comments 2018-03-19 17:12:08 +01:00
Pierre Souchay eb2a4eaea3 Refactoring to have clearer code without weird bool 2018-03-19 16:12:54 +01:00
Pierre Souchay a5f6ac0df4 [BUGFIX] When a node level check is removed, ensure all services of node are notified
Bugfix for https://github.com/hashicorp/consul/pull/3899

When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.

If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Preetha Appan 5b5850aac0
Update CHANGELOG 2018-03-16 09:39:00 -05:00
Preetha Appan 84bd6dc5d1
cleanup unit test code a bit 2018-03-16 09:36:57 -05:00
Preetha 164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry 8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry bd11f567c4
📝 Prefer brevity at the cost of some ambiguity 2018-03-15 10:25:27 -07:00
Devin Canterberry 2001b9f35f
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry 881d20c606
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry ece32fce53
🔒 Update supported TLS cipher suites
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
2018-03-15 10:19:46 -07:00
Devin Canterberry 23dfc483a0
⤵️ Merge from master; no conflicts 2018-03-15 09:13:01 -07:00
Jack Pearkes da7f8ab59d website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes 9a911bba0c website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
2018-03-14 16:46:04 -07:00
Paul Banks e9218d031e
Call out the service-watch upgrade notice 2018-03-14 11:03:21 +00:00
Jack Pearkes e04a003d7a
Merge pull request #3884 from rberlind/master
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes 7390fdcad1
Merge pull request #3952 from slopeinsb/patch-1
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes defd90b3da
Update CHANGELOG.md 2018-03-13 15:32:37 -07:00
Devin Canterberry 089ceff264
📝 Clarify the list of supported TLS cipher suites
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha 8b41890cee
Merge pull request #3946 from hashicorp/je.fixes
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson 24588fc479
Update index.html.md
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay d9b59d1b3e Fixed minor typo (+ travis tests is unstable) 2018-03-09 18:42:13 +01:00
Pierre Souchay 871b9907cb Optimize size for SRV records, should improve performance a bit
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan 75549ec960
Update CHANGELOG.md 2018-03-09 07:37:57 -06:00
Preetha 401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha 80bc8e1ff6
Some tweaks to the documentation for a_record_limit 2018-03-08 11:23:07 -06:00
Pierre Souchay 8545b998ff Updated documentation as requested by @preetapan 2018-03-08 18:02:40 +01:00
Pierre Souchay b0b243bf1b Fixed wrong format of debug msg in unit test 2018-03-08 00:36:17 +01:00
Pierre Souchay c3713dbbf1 Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay 1085d5a7b4 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay 241c7e5f5f Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Pierre Souchay b672707552 64000 max limit to DNS messages since there is overhead
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay 06afb4d02c [BUGFIX] do not break when TCP DNS answer exceeds 64k
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante 41d6a3762c update to latest middleman-hashicorp
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante b4dce65d45 First instance of 'Consul' on homepage -> 'HashiCorp Consul' 2018-03-06 16:37:47 -05:00
Mitchell Hashimoto 734f50b7a7
Merge pull request #3944 from hashicorp/f-testify
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto fbac58280e
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 09970479b5 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel 413cb3d3b5
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Sergei Ryabkov 4e0d229191
Highlighting the dead link
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00