Armon Dadgar
9152fae109
consul: First pass at tombstone reaping
2015-01-05 14:43:55 -08:00
Armon Dadgar
0c9cbdb3d1
consul: TombstoneReapRequestType -> TombstoneRequestType
2015-01-05 14:43:55 -08:00
Armon Dadgar
8681d913ba
consul: Generate a raft operation to reap tombstones
2015-01-05 14:43:55 -08:00
Armon Dadgar
02e984e4c4
consul: Adding new request to reap tombstones
2015-01-05 14:43:55 -08:00
Armon Dadgar
9f30ffbf9a
consul: Leader should reset the tombstone GC clock
2015-01-05 14:43:55 -08:00
Armon Dadgar
fb8f7fd929
consul: Adding PendingExpiration
2015-01-05 14:43:55 -08:00
Armon Dadgar
71c2c1468d
consul: Thread Tombstone GC through
2015-01-05 14:43:55 -08:00
Armon Dadgar
ae69cbca7b
consul: Fixing accidental commit of transaction
2015-01-05 14:43:54 -08:00
Armon Dadgar
4da4e322a3
consul: Fixing tombstone creation and hinting of GC
2015-01-05 14:43:54 -08:00
Armon Dadgar
1a9431847b
consul: Adding GetTxnLimit to MDBTable
2015-01-05 14:43:54 -08:00
Armon Dadgar
2724061351
consul: Support reset of tombstone GC
2015-01-05 14:43:54 -08:00
Armon Dadgar
4430f4592d
consul: Adding TombstoneGC to track TTLs
2015-01-05 14:43:54 -08:00
Armon Dadgar
3e2bd0db2c
consul: Rename TombstoneGC to TombstoneTTL
2015-01-05 14:43:54 -08:00
Armon Dadgar
68caf9046c
consul: Create tombstones before key deletes
2015-01-05 14:43:54 -08:00
Armon Dadgar
d5369098ba
consul: Adding TombstoneGC config
2015-01-05 14:43:54 -08:00
Daniel Malon
e56b3861dc
advertise specific address for a service
...
Enable setting a specific address in a service definition for advertise. If no specific address is given it will fallback to the node address and reassemble the old behaviour.
2015-01-02 21:10:05 +00:00
Armon Dadgar
6b9ace19cf
consul: Collect useful session metrics
2015-01-02 22:46:51 +05:30
Armon Dadgar
d8c65aabee
consul: Minor cleanup
2014-12-12 22:17:41 -08:00
Armon Dadgar
c0d3798154
consul: Test Session.Apply updates session timers
2014-12-12 21:54:29 -08:00
Armon Dadgar
4d0903f781
consul: Adding more tests for session TTLs
2014-12-12 21:42:59 -08:00
Armon Dadgar
5b6ce2ca4a
consul: Setup ACLs and timers after initial barrier
2014-12-12 21:42:24 -08:00
Armon Dadgar
f25566931f
consul: Make sessionTimersLock a plain mutex
2014-12-12 19:17:35 -08:00
Armon Dadgar
9b897d1134
consul: Ignore zero ttl on session
2014-12-12 19:17:04 -08:00
Armon Dadgar
990ad02f83
consul: Minor cleanups
2014-12-12 15:43:34 -08:00
Armon Dadgar
8dbfe7c9a8
Merge pull request #524 from amalaviy/session_ttl
...
Consul Session TTLs
2014-12-12 14:42:25 -08:00
Atin Malaviya
073020f6be
Add invalidateSession test
2014-12-11 06:09:53 -05:00
Atin Malaviya
5a76929ba4
Fixed clearSessionTimer, created invalidateSession, added invalid TTL test
2014-12-11 05:34:31 -05:00
Atin Malaviya
7ece29c3e0
Took out usage of snapshot SessionListTTL
2014-12-10 21:37:06 -05:00
Atin Malaviya
2de09dc2e7
Took out StateSnapshot SessionListTTL also
2014-12-10 20:53:05 -05:00
Atin Malaviya
8369b77204
Clean up code based on feedback from armon
2014-12-10 20:49:06 -05:00
Atin Malaviya
a1afc07f54
Added more tests
2014-12-10 16:43:15 -05:00
Atin Malaviya
c992c18ef0
Added more tests. Also added return of 404 if the session id to renew is not found
2014-12-10 10:02:23 -05:00
Atin Malaviya
b623af776b
Consul Session TTLs
...
The design of the session TTLs is based on the Google Chubby approach
(http://research.google.com/archive/chubby-osdi06.pdf ). The Session
struct has an additional TTL field now. This attaches an implicit
heartbeat based failure detector. Tracking of heartbeats is done by
the current leader and not persisted via the Raft log. The implication
of this is during a leader failover, we do not retain the last
heartbeat times.
Similar to Chubby, the TTL represents a lower-bound. Consul promises
not to terminate a session before the TTL has expired, but is allowed
to extend the expiration past it. This enables us to reset the TTL on
a leader failover. The TTL is also extended when the client does a
heartbeat. Like Chubby, this means a TTL is extended on creation,
heartbeat or failover.
Additionally, because we must account for time requests are in transit
and the relative rates of clocks on the clients and servers, Consul
will take the conservative approach of internally multiplying the TTL
by 2x. This helps to compensate for network latency and clock skew
without violating the contract.
Reference: https://docs.google.com/document/d/1Y5-pahLkUaA7Kz4SBU_mehKiyt9yaaUGcBTMZR7lToY/edit?usp=sharing
2014-12-07 12:38:22 -05:00
Ali Abbas
a542df954f
cleanup and simplify
2014-12-06 13:08:35 +01:00
Ali Abbas
40979b1159
* use defer to avoid tracking lock
...
* simplify control flow
2014-12-06 12:32:18 +01:00
Chavez
5f4281f98f
consul: Server leave test fix
2014-12-05 11:22:54 -08:00
Chavez
c6b3cae106
consul: Fix failing globalRPC test
2014-12-05 10:36:37 -08:00
Veres Lajos
850d5bdc32
typofixes - https://github.com/vlajos/misspell_fixer
2014-12-04 23:25:06 +00:00
Armon Dadgar
402d580863
consul: Check that ACL also allows registration
2014-11-30 21:10:42 -07:00
Armon Dadgar
d74f79b3fa
consul: Enforce service registration ACLs
2014-11-30 21:05:15 -07:00
Ali Abbas
818fc22c9f
* Fix race condition on read/write of shutdown bool variable of server and connection pool.
...
* In connection pool, there is no guarantee that .reap() cannot execute the same time as .Shutdown() is called. It also did not benefit to eval shutdown when a select is run on the shutdown channel.
* In server, same principle applies to handleConsulConn. Since we also have a shutdown channel, it makes more to use this than to loop on a bool variable.
2014-11-26 10:39:25 +01:00
Ali Abbas
73504a01e9
cleanup unreachable code
2014-11-25 19:54:30 +01:00
Atin Malaviya
d7e09d57ba
Set empty Behavior setting into SessionKeysRelease and flag error for unrecognized values
2014-11-20 19:16:07 -05:00
Atin Malaviya
3aabda02b3
Clean up tests, use switch to default session.Behavior value if unspecified, unrecognized
2014-11-20 14:29:18 -05:00
Atin Malaviya
aa0cecd04e
Ephemeral Nodes for via Session behavior settings.
...
Added a "delete" behavior for session invalidation, in addition to
the default "release" behavior. On session invalidation, the sessions
Behavior field is checked and if it is set to "delete", all nodes owned
by the session are deleted. If it is "release", then just the locks
are released as default.
2014-11-20 11:34:45 -05:00
Ryan Uber
4cd89a9113
Rebase against upstream
2014-11-19 16:45:49 -08:00
Ryan Uber
3b2ab70c4d
consul: clean up comments, fix globalRPC tests
2014-11-19 16:37:40 -08:00
Ryan Uber
4a8249db00
consul: fix obscure bug when launching goroutines from for loop
2014-11-19 16:37:40 -08:00
Ryan Uber
2661bbfa27
consul: more tests, remove unused KeyManager() method
2014-11-19 16:37:40 -08:00
Ryan Uber
fcacee723b
consul: simplify keyring operations
2014-11-19 16:36:19 -08:00
Ryan Uber
66ad81ef13
consul: add test for internal keyring rpc endpoint
2014-11-19 16:36:19 -08:00
Ryan Uber
344b63b9db
consul: simplify keyring operations
2014-11-19 16:36:19 -08:00
Ryan Uber
b3f251de9c
command/keyring: clean up tests
2014-11-19 16:36:18 -08:00
Ryan Uber
d02afd42fb
agent: -encrypt appends to keyring if one exists
2014-11-19 16:36:01 -08:00
Ryan Uber
295f876923
command/agent: fix up gossip encryption indicator
2014-11-19 16:35:37 -08:00
Ryan Uber
7f85c708dc
agent: squash some more common keyring semantics
2014-11-19 16:34:18 -08:00
Ryan Uber
4e8f53fa5d
consul: detach executeKeyringOp() from *Internal
2014-11-19 16:34:18 -08:00
Ryan Uber
db0084ccd0
consul: use keyring operation type to cut out duplicated logic
2014-11-19 16:34:18 -08:00
Ryan Uber
057c22db10
consul: generalize multi-DC RPC call broadcasts
2014-11-19 16:34:18 -08:00
Ryan Uber
001a579d47
command/keyring: cleanup
2014-11-19 16:34:18 -08:00
Ryan Uber
cb795199d1
consul: test rpc errors returned from remote datacenters
2014-11-19 16:34:18 -08:00
Ryan Uber
a1943afddc
consul: make forwarding to multiple datacenters parallel
2014-11-19 16:34:18 -08:00
Ryan Uber
d7edc1c51c
consul: break rpc forwarding and response ingestion out of internal endpoints
2014-11-19 16:34:18 -08:00
Ryan Uber
1ec111bbfc
consul: kill unused struct fields
2014-11-19 16:34:17 -08:00
Ryan Uber
f6b5fc8c08
consul: cross-dc key rotation works
2014-11-19 16:34:17 -08:00
Ryan Uber
f9b5b15a6b
consul: use a function for ingesting responses
2014-11-19 16:34:17 -08:00
Ryan Uber
71e9715c54
consul: restructuring
2014-11-19 16:34:17 -08:00
Ryan Uber
a551a6e4a0
consul: refactor keyring, repeat RPC calls to all DC's
2014-11-19 16:34:17 -08:00
Ryan Uber
2e92e19760
agent: refactor keyring loader
2014-11-19 16:31:06 -08:00
Ryan Uber
43a60f1424
command: basic rpc works for keys command
2014-11-19 16:30:21 -08:00
Ryan Uber
96376212ff
consul: use rpc layer only for key management functions, add rpc commands
2014-11-19 16:30:21 -08:00
Ryan Uber
8a4ed84711
consul: first pass at keyring integration
2014-11-19 16:30:20 -08:00
Armon Dadgar
dd41c69389
Merge pull request #478 from amalaviy/https
...
Added HTTPS support via a new HTTPS Port configuration option
2014-11-19 11:17:10 -08:00
Armon Dadgar
bd1e03428c
consul: Increase maximum number of parallel readers
2014-11-18 18:46:43 -08:00
Atin Malaviya
2bd0e8c745
consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS
2014-11-18 17:56:48 -05:00
Atin Malaviya
b4424a1a50
Moved TLS Config stuff to tlsutil package
2014-11-18 11:03:36 -05:00
Armon Dadgar
0540605110
consul: Fixing key list index calculation
2014-11-12 17:55:45 -08:00
Emil Hessman
0222ed9eb9
Fix missing arguments
2014-11-01 22:56:48 +01:00
Armon Dadgar
af90aa8026
Gofmt
2014-10-20 10:21:31 -07:00
Armon Dadgar
3f36515544
Switching to the pinned version of msgpack
2014-10-17 18:26:19 -07:00
Armon Dadgar
34713fe970
Encode/Decode test
2014-10-17 18:23:13 -07:00
Armon Dadgar
b04dc46c72
consul: Improving test reliability
2014-10-17 17:40:14 -07:00
Armon Dadgar
a1d2f9a3da
Merge pull request #401 from hashicorp/f-healthcheck
...
Default services to "critical" state instead of "unknown"
2014-10-15 16:50:38 -07:00
Armon Dadgar
e571d532b2
consul: Fixing FSM path tests
2014-10-15 15:03:58 -07:00
Armon Dadgar
0ea385579a
consul: Ensure FSM stores data in the data dir
2014-10-15 14:57:59 -07:00
Armon Dadgar
5571da4661
consul: FSM stores state in a given path only
2014-10-15 14:56:12 -07:00
Armon Dadgar
0d1559764d
consul: Allow providing a path for the state store
2014-10-15 14:55:04 -07:00
Ryan Uber
cc0f80a4aa
consul/structs: keep HealthUnknown around for backward compatibility
2014-10-15 11:35:22 -07:00
Armon Dadgar
88b53702f1
consul: Reduce mmap size on 32bit
2014-10-15 11:32:40 -07:00
Ryan Uber
ec63686416
consul: kill remaining use of HealthUnknown
2014-10-15 10:14:46 -07:00
Armon Dadgar
a8a5905d21
consul: less aggressive deadlock timer. Fixes #389
2014-10-14 12:00:25 -07:00
Armon Dadgar
5c46544e7e
consul: Improve variable name
2014-10-14 11:04:43 -07:00
Armon Dadgar
e33b6683aa
consul: Reap left members ignoring state. Fixes #371
2014-10-14 11:02:26 -07:00
Armon Dadgar
8afbab60cb
consul: Log why invalidation happened. Fixes #390
2014-10-14 10:54:57 -07:00
Armon Dadgar
b6c5d77cf8
consul: Fixing graceful leave of current leader. Fixes #360 .
2014-10-13 22:14:43 -07:00
Armon Dadgar
e51f9da84b
consul: Deprecate ACLForceSet
2014-10-09 12:28:07 -07:00
Armon Dadgar
1177a9bf11
consul: Fix non-deterministic ACL IDs
2014-10-09 12:23:32 -07:00
Armon Dadgar
a80478594a
consul: Fix non-deterministic session IDs
2014-10-09 11:54:47 -07:00
Armon Dadgar
daa32dd6f8
consul: don't close a nil connection
2014-10-02 10:26:25 -07:00
Armon Dadgar
99d39db982
agent: First pass at multi-DC support
2014-08-28 15:00:49 -07:00
Armon Dadgar
9eddff083a
consul: Testing user events
2014-08-26 19:26:55 -07:00
Armon Dadgar
1227e77f6d
consul: Adding user event name tests
2014-08-26 19:20:02 -07:00
Armon Dadgar
3a1d686444
consul: Adding user event handler for callbacks
2014-08-26 19:04:07 -07:00
Armon Dadgar
b1cf52db01
consul: expose UserEvent from Serf
2014-08-26 18:50:03 -07:00
Armon Dadgar
ce98b0abbd
consul: Deny delete anonymous or update of root policies
2014-08-22 14:55:09 -07:00
Armon Dadgar
597cd12e97
consul: Ensure node/service/check registration is in a single txn
2014-08-22 12:38:33 -07:00
Armon Dadgar
54ed1ec834
consul: fixing a unit test
2014-08-22 12:34:31 -07:00
Armon Dadgar
a078e4d6f4
consul: Refactor txn handling in state store
2014-08-22 12:27:12 -07:00
Armon Dadgar
1f845c995a
consul: Ensure authoritative cache is purged after update
2014-08-18 15:46:59 -07:00
Armon Dadgar
6492f06a3e
consul: Provide ETag to avoid expensive policy fetch
2014-08-18 15:46:59 -07:00
Armon Dadgar
7473bd2fc9
consul: ACL enforcement for KV updates
2014-08-18 15:46:24 -07:00
Armon Dadgar
ea015710e9
consul: ACL enforcement for key reads
2014-08-18 15:46:24 -07:00
Armon Dadgar
7299ef1a82
consul: Filter keys, refactor to interface
2014-08-18 15:46:24 -07:00
Armon Dadgar
d38fd8eb1d
consul: Helpers to filter on ACL rules
2014-08-18 15:46:24 -07:00
Armon Dadgar
17ee7f5057
consul: Starting token enforcement
2014-08-18 15:46:23 -07:00
Armon Dadgar
5561148c8e
consul: Prevent resolution of root policy
2014-08-18 15:46:23 -07:00
Armon Dadgar
8c5bb94c74
consul: Resolve parent ACLs
2014-08-18 15:46:23 -07:00
Armon Dadgar
8153537e86
consul: Support management tokens
2014-08-18 15:46:23 -07:00
Armon Dadgar
9e16caa497
consul: Adding some metrics for ACL usage
2014-08-18 15:46:23 -07:00
Armon Dadgar
5da5df716d
consul: Create anonymous and master tokens
2014-08-18 15:46:22 -07:00
Armon Dadgar
bbde4beefd
consul: Testing down policies and multi-DC
2014-08-18 15:46:22 -07:00
Armon Dadgar
846cc66e6d
consul: Testing ACL resolution
2014-08-18 15:46:22 -07:00
Armon Dadgar
61b80e912c
consul: Use Etag for policy caching
2014-08-18 15:46:22 -07:00
Armon Dadgar
db8f896c58
consul: Support conditional policy fetch
2014-08-18 15:46:22 -07:00
Armon Dadgar
edcd69019c
consul: Verify compilation of rules
2014-08-18 15:46:22 -07:00
Armon Dadgar
9a4778b7d3
consul: Enable ACL lookup
2014-08-18 15:46:22 -07:00
Armon Dadgar
bd124a8da3
consul: Pulling in ACLs
2014-08-18 15:46:21 -07:00
Armon Dadgar
6f7bf36ee9
agent: ACL endpoint tests
2014-08-18 15:46:21 -07:00
Armon Dadgar
bdf9516f96
consul: ACL Endpoint tests
2014-08-18 15:46:21 -07:00
Armon Dadgar
ea31f37dd6
consul: Adding ACL endpoint
2014-08-18 15:46:21 -07:00
Armon Dadgar
b41e36868e
consul: register the ACL queries
2014-08-18 15:46:21 -07:00
Armon Dadgar
8a3a0faacf
consul: FSM support for ACLsg
2014-08-18 15:46:21 -07:00
Armon Dadgar
101d7da90a
consul: Adding ACLs to the state store
2014-08-18 15:46:21 -07:00
Armon Dadgar
da52fda65f
consul: ACL structs
2014-08-18 15:46:21 -07:00
Armon Dadgar
ca6a8aef55
agent: Adding ACL master token
2014-08-18 15:46:20 -07:00
Armon Dadgar
ebae394863
consul: ACL setting passthrough
2014-08-18 15:46:20 -07:00
William Tisäter
90816cca98
Run go fmt
2014-07-24 01:09:55 +02:00
William Tisäter
78a69b61a3
Don't override ServiceTags
2014-07-23 23:42:22 +02:00
William Tisäter
31037338a3
Change order of fixtures
2014-07-23 23:42:22 +02:00
William Tisäter
9dc67edf7f
Make service tag filter case-insensitive
2014-07-23 23:42:22 +02:00
William Tisäter
2727c158a6
Make service index case-insensitive
2014-07-23 23:42:22 +02:00
William Tisäter
ff93acda28
Lowercase index key and lookup value if flag is set
2014-07-23 23:42:22 +02:00
William Tisäter
f7263e8e7a
Add case-insensitive flag to MDBIndex
2014-07-23 23:42:21 +02:00
William Tisäter
75e631ee94
Add helper for lowercase list of strings
2014-07-23 23:42:21 +02:00
Armon Dadgar
bf26a9160f
consul: Defer serf handler until initialized. Fixes #254 .
2014-07-22 09:36:58 -04:00
Armon Dadgar
020802f7a5
Merge pull request #233 from nelhage/tls-no-subjname
...
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage
627b2e455f
Add some basic smoke tests for wrapTLSclient.
...
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage
0a2476b20e
Restore the 0.2 TLS verification behavior.
...
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.
As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.
If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.
No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar
80b86c9ee9
Rename Expect to BootstrapExpect. Fixes #223 .
2014-06-19 17:08:55 -07:00
Armon Dadgar
406d19f483
consul: Minor cleanups
2014-06-18 16:15:28 -07:00