Commit graph

59 commits

Author SHA1 Message Date
James Phillips ff6d42389c Merge pull request #2222 from hashicorp/f-raft-v2
Integrates Consul with "stage one" of HashiCorp Raft library v2.
2016-08-09 16:04:48 -07:00
James Phillips 44c468995f
Touches up Raft integration after latest changes. 2016-08-08 19:19:18 -07:00
James Phillips 6c8e8271e2
Integrates Consul with new version of Raft library. 2016-08-08 19:19:17 -07:00
James Phillips 9cece515c0
Adds basic ACL replication plumbing. 2016-08-03 21:24:04 -07:00
Armon Dadgar 191876f87e consul: Add RPCHoldTimeout as tunable hold period 2016-07-10 13:23:43 -04:00
Ryan Uber ce4cf8a542 consul: dev mode works 2015-12-26 20:19:36 -05:00
James Phillips 132e1d813b Fixes configs now that Serf always caches coordinates. 2015-10-23 15:23:01 -07:00
James Phillips aea2194ce3 Makes the default protocol 2 and lets 3 interoperate with 2. 2015-10-23 15:23:01 -07:00
James Phillips 033e8e6625 Adds sort of DCs in catalog queries based on RTT. Cleans up.
* Makes the catalog endpoint respect disabling coordinates for all
  RTT-sorting query types.
2015-10-23 15:23:01 -07:00
James Phillips b63909cf67 Adds coordinate sorting support to catalog queries for nodes and service nodes. 2015-10-23 15:23:01 -07:00
James Phillips 9ba9a708f6 Scales coordinate sends to hit a fixed aggregate rate across the cluster. 2015-10-23 15:23:01 -07:00
James Phillips d8b8a3719f Simplifies the batching function and adds some comments. 2015-10-23 15:23:01 -07:00
James Phillips f71c79c53f Does some small cleanups based on PR feedback.
* Holds coordinate updates in map and gets rid of the update channel.
* Cleans up config variables a bit.
2015-10-23 15:23:01 -07:00
James Phillips acb0dce829 Moves batching down into the state store and changes it to fail-fast.
* A batch of updates is done all in a single transaction.
* We no longer need to get an update to kick things, there's a periodic flush.
* If incoming updates overwhelm the configured flush rate they will be dumped with an error.
2015-10-23 15:23:01 -07:00
James Phillips b6c31bdf2f Flips the sense of the coordinate enable option. 2015-10-23 15:23:01 -07:00
James Phillips edb9a119e2 Does a clean up pass on the Consul side. 2015-10-23 15:23:01 -07:00
James Phillips ac4185b888 Merges config changes after rebase. 2015-10-23 15:23:01 -07:00
Derek Chiang 213f5a15e6 Fix tests 2015-10-23 15:23:01 -07:00
Derek Chiang eb599a1745 Address comments 2015-10-23 15:23:01 -07:00
Dale Wijnand c5168e1263 Fix a bunch of typos. 2015-09-15 13:22:08 +01:00
James Phillips c0127e9932 Bumps protocol version back down as we've made memberlist smarter. 2015-08-31 11:16:34 -07:00
James Phillips 7b8aae37cb Bumps protocol version to 3 to get serf version 5. 2015-06-02 17:50:35 -07:00
Armon Dadgar 9642384429 consul: support the new TLS wrapper 2015-05-11 15:15:36 -07:00
Michael Fraenkel c00c4ebaaa Support SesionTTLMin configuration
- Allow setting SessionTTLMin
- Validate on the Server
2015-03-27 05:13:57 -07:00
Armon Dadgar 3e2bd0db2c consul: Rename TombstoneGC to TombstoneTTL 2015-01-05 14:43:54 -08:00
Armon Dadgar d5369098ba consul: Adding TombstoneGC config 2015-01-05 14:43:54 -08:00
Atin Malaviya 2bd0e8c745 consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS 2014-11-18 17:56:48 -05:00
Atin Malaviya b4424a1a50 Moved TLS Config stuff to tlsutil package 2014-11-18 11:03:36 -05:00
Armon Dadgar 3a1d686444 consul: Adding user event handler for callbacks 2014-08-26 19:04:07 -07:00
Armon Dadgar ca6a8aef55 agent: Adding ACL master token 2014-08-18 15:46:20 -07:00
Armon Dadgar ebae394863 consul: ACL setting passthrough 2014-08-18 15:46:20 -07:00
Armon Dadgar 020802f7a5 Merge pull request #233 from nelhage/tls-no-subjname
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage 627b2e455f Add some basic smoke tests for wrapTLSclient.
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage 0a2476b20e Restore the 0.2 TLS verification behavior.
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.

As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.

If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.

No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar 80b86c9ee9 Rename Expect to BootstrapExpect. Fixes #223. 2014-06-19 17:08:55 -07:00
Robert Xu 31c392813c Add expect bootstrap '-expect=n' mode.
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.

If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.

Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar 91373968a8 Adding server_name configuration for TLS 2014-06-13 11:10:27 -07:00
Armon Dadgar b5bd20634a consul: Gossip the build using Serf 2014-06-06 15:36:40 -07:00
Armon Dadgar 74452a5ae0 consul: Add new protocol version for yamux 2014-05-28 16:32:24 -07:00
Armon Dadgar c98736b8ae Merge pull request #174 from nelhage/multi-ca-cert
Allow multiple PEM-encoded certificates in the ca_file.
2014-05-27 10:47:41 -07:00
William Tisäter 405dfd99c1 Fix tests on Go 1.3 and greater
Go 1.3 and greater require ServerName or InsecureSkipVerify to be set.

https://codereview.appspot.com/67010043/
2014-05-27 00:47:47 +02:00
Nelson Elhage 7d4824ade7 Allow multiple PEM-encoded certificates in the ca_file.
fixes #167
2014-05-26 10:58:57 -07:00
Armon Dadgar 5fa10c912e Support rejoin after leave. Fixes #110. 2014-05-21 12:32:24 -07:00
Armon Dadgar c77666669b consul: Fix decoding of certificate 2014-04-07 15:07:00 -07:00
Armon Dadgar 80de0f8789 consul: Adding basic TLS configuraiton 2014-04-07 15:06:59 -07:00
Armon Dadgar fad79e1f8e consul: Increase default reap time to 3 days 2014-03-20 12:39:06 -07:00
Armon Dadgar 6fba03db8f consul: Adding protocol version numbers 2014-03-09 15:18:36 -07:00
Armon Dadgar 7534346103 agent: Adding server up callback to make state sync faster 2014-02-07 12:11:34 -08:00
Armon Dadgar e1692fb0a0 Adding a ReconcileInterval config 2014-01-09 15:44:25 -08:00
Armon Dadgar ce79f27364 Adding support for advertise address 2013-12-31 16:45:13 -08:00