512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
90d2f7bca1
Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index
2018-03-22 13:07:11 +01:00
9cc9dce848
More test cases
2018-03-22 12:41:06 +01:00
7e8e4e014b
Added new test regarding checks index
2018-03-22 12:20:25 +01:00
a8b66fb7aa
Fixed minor typo in comments
...
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
244fc72b05
Add package name to log output
2018-03-21 15:56:14 +00:00
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
e2673c76d6
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
...
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
3eb287f57d
Fixed typo in comments
2018-03-19 17:12:08 +01:00
eb2a4eaea3
Refactoring to have clearer code without weird bool
2018-03-19 16:12:54 +01:00
a5f6ac0df4
[BUGFIX] When a node level check is removed, ensure all services of node are notified
...
Bugfix for https://github.com/hashicorp/consul/pull/3899
When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.
If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
84bd6dc5d1
cleanup unit test code a bit
2018-03-16 09:36:57 -05:00
164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests
...
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs
2018-03-15 10:30:38 -07:00
2001b9f35f
✅ Match expectation of TLSCipherSuites to values of tls_cipher_suites
2018-03-15 10:19:46 -07:00
881d20c606
🐛 Formatting changes only; add missing trailing commas
2018-03-15 10:19:46 -07:00
ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
d9b59d1b3e
Fixed minor typo (+ travis tests is unstable)
2018-03-09 18:42:13 +01:00
871b9907cb
Optimize size for SRV records, should improve performance a bit
...
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
...
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
b0b243bf1b
Fixed wrong format of debug msg in unit test
2018-03-08 00:36:17 +01:00
c3713dbbf1
Performance optimization for services having more than 2k records
2018-03-08 00:26:41 +01:00
1085d5a7b4
Avoid issue with compression of DNS messages causing overflow
2018-03-07 23:33:41 +01:00
241c7e5f5f
Cleaner Unit tests from suggestions from @preetapan
2018-03-07 18:24:41 +01:00
b672707552
64000 max limit to DNS messages since there is overhead
...
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
06afb4d02c
[BUGFIX] do not break when TCP DNS answer exceeds 64k
...
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).
Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
413cb3d3b5
Re-use defined endpoints for tests
2018-03-03 11:19:18 -08:00
628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
...
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
85b73f8163
Simplified error handling for maxIndexForService
...
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
f7ecbce39a
Fix test running in non-bash shells
2018-02-22 14:06:06 +00:00
0ee77a5e02
Merge pull request #3900 from hashicorp/fix-monitor-sigint-3891
...
Fixes #3891 : agent monitor no longer unresponsive before logs stream.
2018-02-21 21:28:33 +00:00
77d35f1829
Remove extra newline
2018-02-21 13:21:47 -06:00
573500dc51
Unit test that calls revokeLeadership twice to make sure its idempotent
2018-02-21 12:48:53 -06:00
bd270b02ba
Make sure revokeLeadership is called if establishLeadership errors
2018-02-21 12:33:22 -06:00
535842004c
Test autopilots start/stop idempotency
2018-02-21 10:19:30 -08:00
4d99696f02
Improve autopilot shutdown to be idempotent
2018-02-20 15:51:59 -08:00
e6d85cb36a
Fixed comments for function maxIndexForService
2018-02-20 23:57:28 +01:00
b26ea3c230
[Revert] Only update services if tags are different
...
This patch did give some better results, but break watches on
the services of a node.
It is possible to apply the same optimization for nodes than
to services (one index per instance), but it would complicate
further the patch.
Let's do it in another PR.
2018-02-20 23:34:42 +01:00
903e866835
Only update services if tags are different
2018-02-20 23:08:04 +01:00
56d5c0bf22
Enable Raft index optimization per service name on health endpoint
...
Had to fix unit test in order to check properly indexes.
2018-02-20 01:35:50 +01:00
69ebbf3e79
Fixes #3891 : agent monitor no longer unresponsive before logs stream.
...
The root cause is actually that the agent's streaming HTTP API didn't flush until the first log line was found which commonly was pretty soon since the default level is INFO. In cases where there were no logs immediately due to level for instance, the client gets stuck in the HTTP code waiting on a response packet from the server before we enter the loop that checks the shutdown channel from the signal handler.
This fix flushes the initial status immediately on the streaming endpoint which lets the client code get into it's expected state where it's listening for shutdown or log lines.
2018-02-19 21:53:10 +00:00
ec1b278595
Get only first service to test whether we have to cleanup index of a service
2018-02-19 22:44:49 +01:00
523feb0be4
Fixed comment about raftIndex + use test.Helper()
2018-02-19 19:30:25 +01:00
4c188c1d08
Services Indexes modified per service instead of using a global Index
...
This patch improves the watches for services on large cluster:
each service has now its own index, such watches on a specific service
are not modified by changes in the global catalog.
It should improve a lot the performance of tools such as consul-template
or libraries performing watches on very large clusters with many
services/watches.
2018-02-19 18:29:22 +01:00
35c2083422
Clarify comments
2018-02-17 17:46:11 -08:00
61be181f6f
Test every endpoint for OPTIONS/MethodNotFound
2018-02-17 17:34:13 -08:00
6c33163959
Allow endpoints to handle OPTIONS/MethodNotFound themselves
2018-02-17 17:34:03 -08:00
4dc9d2ebd7
Initialise `allowedMethods` in init()
2018-02-17 17:31:24 -08:00
ea452c6032
Fix the coordinate update endpoint not passing the ACL token
2018-02-15 11:58:02 -08:00
40eefc9f7d
Support OPTIONS requests
...
- register endpoints with supported methods
- support OPTIONS requests, indicating supported methods
- extract method validation (error 405) from individual endpoints
- on 405 where multiple methods are allowed, create a single Allow
header with comma-separated values, not multiple Allow headers.
2018-02-12 10:15:31 -08:00
dbb010c865
adding human readability for dns requests debug log ( #3751 )
2018-02-11 09:02:28 -06:00
824b72cf90
Merge remote-tracking branch 'origin/master' into service_metadata
2018-02-11 13:20:49 +01:00
e99bf584c9
Fixed TestSanitize unit test
2018-02-11 12:11:11 +01:00
37cf6583db
Fixes a panic on TCP-based DNS lookups.
...
This came in via the monkey patch in #3861 .
Fixes #3877
2018-02-08 17:57:41 -08:00
f2df4005fe
Added unit tests for structs and fixed PartialClone()
2018-02-09 01:37:45 +01:00
4f3b4d0e55
Addresses additional state mutations.
...
Did a sweep of 84d6ac2d51
2018-02-07 07:02:10 -08:00
ca461f8890
Fixes all the racy output-side updates to tags.
2018-02-06 20:35:55 -08:00
e7dd7b2d13
Adds a more robust unit test for index churn.
2018-02-06 20:35:38 -08:00
3acc5b58d4
Added support for Service Metadata
2018-02-07 01:54:42 +01:00
41e3fcf205
Makes server manager shift away from failed servers from Serf events.
...
Because this code was doing pointer equality checks, it would work for
the case of a failed attempted RPC because the objects are from the
manager itself:
https://github.com/hashicorp/consul/blob/v1.0.3/agent/consul/rpc.go#L283-L302
But the pointer check would always fail for events coming in from the
Serf path because the server object is newly-created:
https://github.com/hashicorp/consul/blob/v1.0.3/agent/router/serf_adapter.go#L14-L40
This means that we didn't proactively shift RPC traffic away from a
failed server, we'd have to wait for an RPC to fail, which exposes
the error to the calling client.
By switching over to a name check vs. a pointer check we get the correct
behavior. We added a DEBUG log as well to help observe this behavior during
integrated testing.
Related to #3863 since the fix here needed the same logic duplicated, owing
to the complicated atomic stuff.
/cc @dadgar for a heads up in case this also affects Nomad.
2018-02-05 17:56:00 -08:00
c718459e49
Adds a before/after test for #3845 .
2018-02-05 16:18:29 -08:00
5b245c0201
Merge pull request #3845 from 42wim/tagfix
...
Fix service tags not added to health check. Part two
2018-02-05 16:18:00 -08:00
46745eb89b
Add enterprise default config section
2018-02-05 13:33:59 -08:00
0aa05cc5f0
Merge pull request #3855 from hashicorp/pr-3782-slackpad
...
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00
1a08e8c0f1
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00
5cc76cce09
Fix service tags not added to health check. Part two
2018-01-29 20:32:44 +01:00
c2395d9bd0
fix refactoring
2018-01-28 22:53:30 +04:00
c4ad54e057
fix refactoring
2018-01-28 22:48:21 +04:00
05666113a4
remove golint warnings
2018-01-28 22:40:13 +04:00
443250c76c
Improves user lookup error message.
...
Closes #3188
Closes #3184
2018-01-26 07:56:44 -08:00
32dbb51c3b
Remove nonvoter from metadata.Server
2018-01-25 17:08:03 -08:00
38f5b2e7ce
Gets rid of named return parameters.
...
This wasn't wrong before but we don't generally use this style in
Consul.
2018-01-25 14:29:50 -08:00
1acaaecbdd
Moves non-stdlib includes into their own section.
2018-01-25 14:26:15 -08:00
0e76d62846
Reset clusterHealth when autopilot starts
2018-01-23 12:52:28 -08:00
6d1dbe6cc4
Move autopilot health loop into leader operations
2018-01-23 11:17:41 -08:00
a4c3a3433c
Updates web assets to latest.
2018-01-22 14:46:07 -08:00
c4528a6110
Merge pull request #3821 from hashicorp/persist-file-handling
...
Add graceful handling of malformed persisted service/check files.
2018-01-22 12:31:33 -08:00
bb068b4c93
Merge pull request #3820 from hashicorp/serfwan-port-fix
...
Enforce a valid port for the Serf WAN since it can't be disabled.
2018-01-19 15:40:56 -08:00
77ab587ae1
Moves the coordinate fetch after the ACL check.
2018-01-19 15:25:22 -08:00
b651253cb2
Don't remove the files, just log an error
2018-01-19 14:25:51 -08:00
f191eb2df3
Enforce a valid port for the Serf WAN since it can't be disabled.
...
Fixes #3817
2018-01-19 14:22:23 -08:00
17ec4a9394
Add graceful handling of malformed persisted service/check files.
...
Previously a change was made to make the file writing atomic,
but that wasn't enough to cover something like an OS crash so we
needed something here to handle the situation more gracefully.
Fixes #1221 .
2018-01-19 14:07:36 -08:00
81d0ffc959
Resolve symlinks in config directory
...
Docker/Openshift/Kubernetes mount the config file as a symbolic link and
IsDir returns true if the file is a symlink. Before calling IsDir, the
symlink should be resolved to determine if it points at a file or
directory.
Fixes #3753
2018-01-12 15:43:38 -05:00
ca43623734
Adds the NodeID field back to the /v1/agent/self Config block.
...
Fixes #3778
2018-01-10 15:17:54 -08:00
ff2aae98f4
Adds more info about how to fix the private IP error.
...
Closes #3790
2018-01-10 09:53:41 -08:00
e282e9285c
Fixes crash where body was optional for PQ endpoint (it is not).
...
Fixes #3791
2018-01-10 09:33:49 -08:00
a45f6ad740
Add gRPC health-check #3073
2018-01-04 16:42:30 -05:00
f597d66392
Using labels
2017-12-21 20:30:29 -08:00
ac50568a1a
Added telemetry around Catalog APIs
2017-12-21 16:35:12 -08:00
1cd94dec8a
Updates the checked in web assets.
2017-12-20 19:51:04 -08:00
bfce81d721
Updates the built-in web assets.
2017-12-20 17:48:51 -08:00
8fd94a2e7c
Wraps HTTP mux to ban all non-printable characters from paths.
2017-12-20 15:47:53 -08:00
6f09cf48db
Updates the built-in web UI assets.
2017-12-20 13:43:52 -08:00
62e97a6602
Fixes a `go fmt` cleanup.
2017-12-20 13:43:38 -08:00
74b0c58831
Fix vet error
2017-12-18 18:04:42 -08:00
dfc165a47b
Move autopilot initializing to oss file
2017-12-18 18:02:44 -08:00
044c38aa7b
Move autopilot setup to a separate file
2017-12-18 16:55:51 -08:00
9e1ba6fb4e
Make some final tweaks to autopilot package
2017-12-18 12:26:47 -08:00
6b58df5898
Merge pull request #3737 from hashicorp/autopilot-refactor
...
Move autopilot to a standalone package
2017-12-15 14:09:40 -08:00
262cbbd9ca
Merge pull request #3728 from weiwei04/fix_globalRPC_goroutine_leak
...
fix globalRPC goroutine leak
2017-12-14 17:54:19 -08:00
518ab954bc
Merge pull request #3642 from yfouquet/master
...
[Fix] Service tags not added to health checks
2017-12-14 13:59:39 -08:00
47cd775b3d
Works around mapstructure behavior to enable sessions with no checks.
...
Fixes #3732
2017-12-14 09:07:56 -08:00
798aca92c5
Expose IsPotentialVoter for advanced autopilot logic
2017-12-13 17:53:51 -08:00
68c94a5047
Changes maps to merge vs. overwrite when processing configs.
...
Fixes #3716
2017-12-13 16:06:01 -08:00
a4ac148077
Merge branch 'master' into autopilot-refactor
2017-12-13 11:54:32 -08:00
6c985132de
A few last autopilot adjustments
2017-12-13 11:19:17 -08:00
77d92bf15c
More autopilot reorganizing
2017-12-13 10:57:37 -08:00
984de6e2e0
Adds TODOs referencing #3744 .
2017-12-13 10:52:06 -08:00
63011dd393
Copies the autopilot settings from the runtime config.
...
Fixes #3730
2017-12-13 10:32:05 -08:00
f347c8a531
More refactoring to make autopilot consul-agnostic
2017-12-12 17:46:28 -08:00
f4f7db0059
[Fix] Service tags not added to health checks
...
Since commit 9685bdcd0ba4b4b3adb04f9c1dd67d637ca7894e, service tags are added to the health checks.
Otherwise, when adding a service, tags are not added to its check.
In updateSyncState, we compare the checks of the local agent with the checks of the catalog.
It appears that the service tags are different (missing in one case), and so the check is synchronized.
That increase the ModifyIndex periodically when nothing changes.
Fixed it by adding serviceTags to the check.
Note that the issue appeared in version 0.8.2.
Looks related to #3259 .
2017-12-12 13:39:37 +01:00
8546a1d3c6
Move autopilot to a standalone package
2017-12-11 16:45:33 -08:00
32b64575d1
Moves Serf helper into lib to fix import cycle in consul-enterprise.
2017-12-07 16:57:58 -08:00
c16cce80bb
Turns of intent queue warnings and enables dynamic queue sizing.
2017-12-07 16:27:06 -08:00
04531ff0fb
fix globalRPC goroutine leak
...
Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-12-05 11:53:30 +08:00
c4bc89a187
Creates a registration mechanism for snapshot and restore.
2017-11-29 18:36:53 -08:00
8571555703
Begins split out of snapshots from the main FSM class.
2017-11-29 18:36:53 -08:00
4eaee8e0ba
Creates a registration mechanism for FSM commands.
2017-11-29 18:36:53 -08:00
3e7ea1931c
Moves the FSM into its own package.
...
This will help make it clearer what happens when we add some registration
plumbing for the different operations and snapshots.
2017-11-29 18:36:53 -08:00
7f3783f4be
Resolves an FSM snapshot TODO.
...
This adds checks for sink write calls before we continue the refactor, which
will resolve the other TODO comment we deleted as part of this change.
2017-11-29 18:36:53 -08:00
5a24d37ac0
Creates a registration mechanism for schemas.
...
This also splits out the registration into the table-specific source
files.
2017-11-29 18:36:52 -08:00
36bb30e67a
Creates a registration mechanism for RPC endpoints.
2017-11-29 18:36:52 -08:00
8f802411c4
Creates HTTP endpoint registry.
2017-11-29 18:36:52 -08:00
8da7f0ff7e
Moves coordinate disabled logic down into endpoints.
...
Similar rationale to the previous change for ACLs.
2017-11-29 18:36:52 -08:00
cf30d409c9
Moves ACL disabled response logic down into endpoints.
...
This lets us make the registration of endpoints less fancy, on the
road to adding a registration mechanism.
2017-11-29 18:36:52 -08:00
6234f0bd46
Renames "segments" to "segment" to be consistent with other files.
2017-11-29 18:36:52 -08:00
ba56669ea8
Renames stubs to be more consistent.
2017-11-29 18:36:52 -08:00
56552095c9
Sheds monotonic time info so tombstone GC bins work properly.
2017-11-29 10:34:24 -08:00
8656b7a3e9
Gives back the lock before writing to the expire channel.
...
The lock isn't needed after we clean up the expire bin, and as seen
in #3700 we can get into a deadlock waiting to place the expire index
into the channel while holding this lock.
Fixes #3700
2017-11-19 16:24:16 -08:00
ae85cc4070
Skips files with unknown extensions when not forcing a format.
...
Fixes #3685
2017-11-10 18:06:07 -08:00
d5bf4e9c6e
Adds a snapshot agent stub to the config structure.
...
Fixes #3678
2017-11-10 13:50:45 -08:00
50cdff36e5
Cleans up check logging.
...
There were places where we still didn't have the script vs. args sorted
correctly so changed all the logging to be just based on check IDs and
also made everything uniform.
Also removed some annoying debug logging, and moved some of the large output
logging to TRACE level.
Closes #3602
2017-11-10 12:48:44 -08:00
8210523b1b
Moves the LAN event handler after the router is created.
...
Fixes #3680
2017-11-10 12:26:48 -08:00
bfbbfb62ca
Revert "Adds a small sleep to make sure we are in the next GC bucket."
2017-11-08 22:18:37 -08:00
d6328a5bf8
Adds a sleep to make sure we are in the next GC bucket, ups time.
...
Fixes #3670
2017-11-08 22:02:40 -08:00
91824375be
Skips the tombstone GC test in Travis for now.
...
Related to #3670
2017-11-08 20:14:20 -08:00
c060df20de
Adds missing os import.
2017-11-08 20:02:22 -08:00
b94ba8aeb4
Removes bogus getPort() in favor of freeport.
2017-11-08 19:55:50 -08:00
04a7907a7e
Skips IPv6 test in Travis.
2017-11-08 18:28:45 -08:00
c52824bab7
Adds a longer retry period for the AE deferred output test.
...
There's some justification in the comments about this and a TODO to
improve this later.
Fixes #3668
2017-11-08 18:10:13 -08:00
444a345a3a
Tightens timing up and reorders GC test to be less flaky.
2017-11-08 15:09:29 -08:00
e00624425b
Doubles the GC timing.
2017-11-08 15:01:11 -08:00
8eb91777d9
Opens up test timing a little more.
2017-11-08 14:01:19 -08:00
d45c2a01f1
Shifts off a gran boundary to help make test less flaky.
2017-11-08 13:57:17 -08:00
757e353334
Opens up the tombstone GC test timing.
2017-11-08 13:43:39 -08:00
532cafe0af
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
9de2d8921f
Saves the cycled server list after a failed ping when rebalancing. ( #3662 )
...
Fixes #3463
2017-11-07 18:13:23 -08:00
d938493671
Double-books the HTTP metrics w/ and w/o the "consul" prefix.
...
Fixes #3654
2017-11-07 16:32:45 -08:00
Preetha Appan