Commit Graph

304 Commits

Author SHA1 Message Date
Hans Hasselberg 22481039ca
website: sync guides list with guides sidebar. (#4831) 2018-10-25 12:07:26 -07:00
Matt Keeler c95927a9a8
Fix some uuids and make it clear that the SecretID is used for agent tokens (#4845) 2018-10-24 09:47:55 -04:00
Matt Keeler b816bee165 ACL documentation (#4824)
* Updating the ACL guide.

* Update the docs correctly

* Finish updating the ACL docs - for now.
2018-10-19 13:26:31 -07:00
Pierre Souchay a72f92cac6 dns: implements prefix lookups for DNS TTL (#4605)
This will fix https://github.com/hashicorp/consul/issues/4509 and allow forinstance lb-* to match services lb-001 or lb-service-007.
2018-10-19 08:41:04 -07:00
Kyle Havlovitz 96a35f8abc re-add Connect multi-dc config changes
This reverts commit 8bcfbaffb6588b024cd1a3cf0952e6bfa7d9e900.
2018-10-19 08:41:03 -07:00
Jack Pearkes 847a0a5266 Revert "Connect multi-dc config" (#4784) 2018-10-11 17:32:45 +01:00
danielehc 6c12a35834
Update creating-certificates.html.md (#4780)
In case `verify_server_hostname` is set in the configuration, Consul checks the certificate against  `server.<datacenter>.<domain>`.

The name suggested by the guide generates errors like the following:
```
2018/10/10 12:42:20 [ERR] consul: Failed to confirm peer status for consul-3: rpc error getting client: failed to get conn: x509: certificate is valid for server.node.consul.labs, localhost, not server.consul.labs. Retrying in 16s...
```

Removing the `node` part from the certificate permits them to work also when that option is set.
2018-10-11 14:23:51 +02:00
Aestek 260a9880ae [Security] Add finer control over script checks (#4715)
* Add -enable-local-script-checks options

These options allow for a finer control over when script checks are enabled by
giving the option to only allow them when they are declared from the local
file system.

* Add documentation for the new option

* Nitpick doc wording
2018-10-11 13:22:11 +01:00
Paul Banks 94332edf2e
[WIP] Initial draft of Sidecar Service and Managed Proxy deprecation docs (#4752)
* Initial draft of Sidecar Service and Managed Proxy deprecation docs

* Service definition deprecation notices and sidecar service

* gRPC and sidecar service config options; Deprecate managed proxy options

* Envoy Docs: Basic envoy command; envoy getting started/intro

* Remove change that snuck in

* Envoy custom config example

* Add agent/service API docs; deprecate proxy config endpoint

* Misc grep cleanup for managed proxies; capitalize Envoy

* Updates to getting started guide

* Add missing link

* Refactor Envoy guide into a separate guide and add bootstrap reference notes.

* Add limitations to Envoy docs; Highlight no fixes for known managed proxy issues on deprecation page; clarify snake cae stuff; Sidecar Service lifecycle
2018-10-11 10:44:42 +01:00
Pierre Souchay 42f250fa53 Added SOA configuration for DNS settings. (#4714)
This will allow to fine TUNE SOA settings sent by Consul in DNS responses,
for instance to be able to control negative ttl.

Will fix: https://github.com/hashicorp/consul/issues/4713

# Example

Override all settings:

* min_ttl: 0 => 60s
* retry: 600 (10m) => 300s (5 minutes),
* expire: 86400 (24h) => 43200 (12h)
* refresh: 3600 (1h) => 1800 (30 minutes)

```
consul agent -dev -hcl 'dns_config={soa={min_ttl=60,retry=300,expire=43200,refresh=1800}}'
```

Result:
```
dig +multiline @localhost -p 8600 service.consul

; <<>> DiG 9.12.1 <<>> +multiline @localhost -p 8600 service.consul
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36557
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;service.consul.		IN A

;; AUTHORITY SECTION:
consul.			0 IN SOA ns.consul. hostmaster.consul. (
				1537959133 ; serial
				1800       ; refresh (30 minutes)
				300        ; retry (5 minutes)
				43200      ; expire (12 hours)
				60         ; minimum (1 minute)
				)

;; Query time: 4 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Wed Sep 26 12:52:13 CEST 2018
;; MSG SIZE  rcvd: 93
```
2018-10-10 15:50:56 -04:00
Kyle Havlovitz 5b98a602af agent: add primary_datacenter and connect replication config options 2018-10-10 12:17:59 -07:00
Kyle Havlovitz 475afd0300 docs: deprecate acl_datacenter and replace it with primary_datacenter 2018-10-10 12:16:47 -07:00
Dan Brown a10f1ce2df Fix retry_join config documentation (#4757)
'retry_join': source data must be an array or slice, got string
2018-10-05 14:16:02 -04:00
Freddy 851bf8c2eb Update semaphore guide (#4661)
* Fill in gaps in semaphore guide
* Update to match that values come back b64 encoded
* Add that the value needs to be decoded
* Remove outdated reference to session1
* Fix some typos
* Clarify what is mean by a session having an active key
* Clarify requirements for lock holders in semaphore guide
2018-10-04 12:06:53 -10:00
Dan Brown 2fac2d1439 Add Deployment Guide and update links (#4487)
* Adds Deployment Guide and update links
* Fixes releases link
* Re-organisation of content
* Cuts down "deployment" doc (which should focus on Reference Architecture) by moving raft and performance tuning to the Server Performance page which already covers some of this.
* Moves backups from "deployment" doc (which should focus on Reference Architecture) to "deployment-guide"
* Cleans up some notes and add single DC diagram
* Removes old link to deployment guide from nav
* Corrects minor styling, formatting, and grammar
2018-10-03 11:37:36 -10:00
Matt Keeler 61a5c965c9
Ensure that errors setting up the DNS servers get propagated back to the shell (#4598)
Fixes: #4578 

Prior to this fix if there was an error binding to ports for the DNS servers the error would be swallowed by the gated log writer and never output. This fix propagates the DNS server errors back to the shell with a multierror.
2018-09-07 10:48:29 -04:00
Geoffrey Grosenbach 36fa155675
Adds XL machine spec and notes on large deployments (#4622)
* Adds XL machine spec and notes on large deployments
* Clarifies machine sizes
* Fixes internal links within the document
* Moves datacenter size guidelines to "Single Datacenter" section
2018-08-31 10:41:48 -05:00
Jack Pearkes a1bd33da11
website: use 127.0.0.1 instead of consul.rocks (#4523)
By default, the Consul agent listens on the local interface
at port 8500 for API requests. This change makes the API examples
using `curl` copy-pasteable for this default configuration.
2018-08-28 09:07:15 -07:00
Rémi Jouannet 3d5d7ba6df
Update monitoring-telegraf.html.md 2018-08-24 16:48:02 +02:00
Miroslav Bagljas 8f7e87439a Fixes #4483: Add support for Authorization: Bearer token Header (#4502)
Added Authorization Bearer token support as per RFC6750

* appended Authorization header token parsing after X-Consul-Token
* added test cases
* updated website documentation to mention Authorization header

* improve tests, improve Bearer parsing
2018-08-17 16:18:42 -04:00
sandstrom 0e987522d9 Clarify port usage for agents (#4510) 2018-08-14 16:10:01 -07:00
Geoffrey Grosenbach d3573d7c27
Consul Production Deployment Guide
Renames guide to "Production Deployment"
Adds link in sidebar menu.
Implements edits suggested by Consul engineering team.
2018-08-10 11:51:05 -07:00
Geoffrey Grosenbach c2c6765fc0 Remove all mention of Atlas, even in deprecated changelogs 2018-08-03 10:51:18 -07:00
Jeff Escalante 2dea506400 a couple more corrections 2018-07-27 19:39:44 -04:00
Jeff Escalante 60e1450606 fix a couple html errors (#4456) 2018-07-26 16:30:24 -07:00
Peter Souter 056db5d697 Adds Monitoring with Telegraf guide (#4227)
* Installing Telegraf
* Configuring Telegraf 
* Configuring Consul to send metrics to Telegraf
* Important metrics and aggregates
2018-07-23 16:46:43 -07:00
Matt Keeler 22c5951ec4
Merge pull request #4303 from pierresouchay/non_blocking_acl
Only send one single ACL cache refresh across network when TTL is over
2018-07-10 08:57:33 -04:00
Pierre Souchay 6dfbbf1350 Updated documentation and adding more test case for async-cache 2018-07-01 23:50:30 +02:00
Pierre Souchay 8ea69290ac Updated ACL guide 2018-07-01 23:50:30 +02:00
Siva 6f22474661 Changes made :
1. Website
Changed some of the wordings and reorganized the content of the website.
2. Code:
Removed sleep and exit lines from the code.
2018-06-28 21:18:14 -04:00
Siva dc72945380 Added guide for Windows Service 2018-06-26 18:23:55 -04:00
mkeeler 1da3c42867 Merge remote-tracking branch 'connect/f-connect' 2018-06-25 19:42:51 +00:00
Paul Banks e491abb134 Fix some doc typos. 2018-06-25 12:26:21 -07:00
Paul Banks 48ef08c6a6 Add proxy config reference and Complete TODOs in production guide 2018-06-25 12:26:20 -07:00
Paul Banks e8fc5c2ad5 Fix relative links 2018-06-25 12:26:20 -07:00
Paul Banks 8ae4ca5752 Link from getting started; note on incremental adoption 2018-06-25 12:26:20 -07:00
Paul Banks c5cdcd08aa Connect production guide draft 1 2018-06-25 12:26:20 -07:00
Paul Banks 37b11ca900 Initial draft of connect production guide 2018-06-25 12:26:20 -07:00
Matt Keeler 50e26d458c
Merge pull request #4150 from hashicorp/topfunky-patch-1
Minor clarification of server nodes
2018-06-20 10:55:45 -04:00
Omar Khawaja da12d8a88c
update encryption doc and add guide for creating certificates (#4238)
* update encryption doc and add guide for creating certificates in consul with cfssl

* add details about CLI and disabling HTTP

* delete $ symbols and add guide elements

* add missing periods and steps heading
2018-06-18 15:25:35 -04:00
Matt Keeler cbf27d8c30 Put systemd-resolved in backticks 2018-06-05 10:38:42 -04:00
Matt Keeler ac2bd6bb45 Mention that PTR queries get sent to all resolvers 2018-06-04 13:56:34 -04:00
Matt Keeler 7a0ca2456f Update DNS forwarding docs to include how to use with systemd-resolved 2018-06-04 13:43:47 -04:00
Geoffrey Grosenbach a6df13c6a3
Minor clarification of server nodes
In **Node Removal** section, clarify that server nodes are being discussed.
2018-05-23 14:59:31 -07:00
Geoffrey Grosenbach f23c788b2a Consul production deployment guide 2018-05-11 19:30:13 -07:00
Geoffrey Grosenbach e244a49af5 WIP Edits to Consul production deployment guide 2018-05-10 18:18:08 -07:00
Geoffrey Grosenbach 045dfc8687 WIP Consul deployment guide 2018-05-10 17:47:44 -07:00
Jack Pearkes bf2b3f8d88
Merge pull request #3929 from sryabkov/patch-1
Highlighting the dead link in documentation
2018-03-19 16:00:32 -07:00
Jack Pearkes da7f8ab59d website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes 9a911bba0c website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
2018-03-14 16:46:04 -07:00
Jack Pearkes e04a003d7a
Merge pull request #3884 from rberlind/master
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Sergei Ryabkov 4e0d229191
Highlighting the dead link
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
Paul Banks 37e7e6e7a1
Notes on ACL token storage and permissions 2018-03-02 16:20:11 +00:00
Paul Banks 89ede0539f
Fix a couple of minor typos found in docs. 2018-02-13 16:21:12 +00:00
Roger Berlind 25568c2f1d
Updated Stale Reads section of DNS Caching Guide
I updated the content based on discussion with James Phillips in #team-connect on 2/8/2018.
2018-02-12 11:26:10 -05:00
Preetha 0f83e6840c
Clarification around locking (#3853) 2018-02-01 14:08:06 -06:00
James Phillips 62e471a5e8
Update external.html.md 2018-01-12 13:23:16 -08:00
Tomas Celaya e4325df8ad Include a warning about the interaction between `translate_wan_addrs` and `bind_addr` in the Basic WAN guide. 2017-12-14 13:12:04 -08:00
Ivan Smirnov df3a548a6c
Fix syntax error.
Running consul 1.0.0, 'consul operator raft' requires 'list-peers' rather than '-list-peers'
2017-11-20 20:17:20 -08:00
James Phillips cd2c85a2ed
Update atlas.html.md 2017-11-02 14:16:47 -07:00
Preetha Appan 6f286dd9b8 Update autopilot documentation to mention correct Consul version that defaults raft protocol to 3. 2017-10-19 11:31:29 -05:00
James Phillips cb41ae2428 Update sentinel.html.markdown.erb 2017-10-13 12:15:08 -07:00
csawyerYumaed f97ec6dc3b Update dns forwarding documentation (#3574)
Add details about setting up macOS to point to consul for services without the headache of dnsmasq, bind, etc.
2017-10-12 14:25:57 -07:00
Frank Schroeder 0f664d098f doc: drop last references to -retry-join-* options 2017-10-04 19:12:28 +02:00
Preetha Appan a855b69b54 Update ACL guide to describe the new list policy for Keys 2017-10-04 06:19:20 -05:00
Preetha Appan dd2cb9f619 Fix grammar in containers guide. 2017-09-29 10:37:04 -05:00
Preetha Appan 429fc86479 Update containers guide to mention that Consul now handles nodes changing IP addresses. 2017-09-29 10:20:33 -05:00
Preetha Appan acc32ccd2c Update sentinel documentation to remove features that are coming in a future release 2017-09-28 21:00:00 -05:00
Alex Dadgar ccccba75be Fix mispelled words 2017-09-27 11:20:01 -07:00
Michael Stewart 1040dbb2d4 Fix docs/guides/segements sidebar selection. 2017-09-19 16:45:39 -05:00
Preetha Appan df742843a4
Adds documentation for Sentinel integration in Consul Enterprise. 2017-09-19 09:02:53 -05:00
James Phillips 402ebe53ef Update outage.html.md 2017-09-06 21:19:46 -07:00
James Phillips 87eeec254f Update segments.html.markdown.erb 2017-09-06 16:42:13 -07:00
James Phillips bc9780baad Adds simple rate limiting for client agent RPC calls to Consul servers. (#3440)
* Added rate limiting for agent RPC calls.
* Initializes the rate limiter based on the config.
* Adds the rate limiter into the snapshot RPC path.
* Adds unit tests for the RPC rate limiter.
* Groups the RPC limit parameters under "limits" in the config.
* Adds some documentation about the RPC limiter.
* Sends a 429 response when the rate limiter kicks in.
* Adds docs for new telemetry.
* Makes snapshot telemetry look like RPC telemetry and cleans up comments.
2017-09-01 15:02:50 -07:00
James Phillips 20fcfe866e
Tweaks network segments guide. 2017-09-01 11:19:39 -07:00
Kyle Havlovitz 5605d735a1
Update segment docs 2017-08-31 17:39:57 -07:00
Kyle Havlovitz 02c35fe0ba
Add doc sections for network segments 2017-08-31 11:19:08 -07:00
Kevin Bidwell 8a53f556f9 Added configuration instructions for forwarding DNS queries from Unbound to consul. 2017-08-18 08:45:43 -06:00
Preetha Appan 00a5eb9071 Add note about configuring recursors to be able to resolve external services. 2017-08-09 11:13:30 -05:00
James Phillips 31676bba76
Adds a note about not replicating data to FAQ and federation-related spots. 2017-08-04 16:14:39 -07:00
James Phillips 803ed9a245 Adds secure introduction for the ACL replication token. (#3357)
Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 15:39:31 -07:00
Preetha Appan 4c0c912a52 Fix incorrect punctuation 2017-08-03 16:40:22 -05:00
James Phillips c31b56a03e Adds a new /v1/acl/bootstrap API (#3349) 2017-08-02 17:05:18 -07:00
Preetha Appan a708123164 Minor tweaks, fixed spacing issue with docker run examples 2017-08-01 16:38:34 -05:00
Preetha Appan ff4009bed2 Address more review comments 2017-08-01 15:25:13 -05:00
Preetha Appan bde197e161 Added links to new containers guide to navbar and index pages 2017-08-01 11:48:25 -05:00
Preetha Appan b5fc169e2c Added a section on configuration 2017-08-01 11:36:34 -05:00
Preetha Appan ec52d0036a More tweaks and grammar corrections 2017-08-01 11:13:24 -05:00
Preetha Appan d152b31364 More review feedback 2017-08-01 10:38:43 -05:00
Preetha Appan 7ab4255231 Addressed review comments 2017-07-31 19:56:42 -05:00
Preetha Appan a12cfe8918 Capitalize Consul and Docker throughout 2017-07-31 17:54:03 -05:00
Preetha Appan e4de25367d First pass at a consul containers guide 2017-07-31 17:19:15 -05:00
James Phillips 005c9ad12a Update geo-failover.html.md 2017-07-26 16:42:35 -07:00
James Phillips cafe110669 Update geo-failover.html.md 2017-07-26 15:44:17 -07:00
James Phillips fe0f0285a9 Adds a geo failover guide using prepared queries. (#3328) 2017-07-26 15:40:01 -07:00
James Phillips 6e794ea1b3 Adds support for agent-side ACL token management via API instead of config files. (#3324)
* Adds token store and removes all runtime use of config for ACL tokens.
* Adds a new API for changing agent tokens on the fly.
2017-07-26 11:03:43 -07:00
James Phillips 31ac5c45e1 Tweaks title. 2017-07-18 14:48:38 -07:00
Kyle Havlovitz 73ec6541f6
Add UpgradeVersionTag information to docs 2017-07-18 14:01:21 -07:00
James Phillips 30316a9a54 Update acl.html.md 2017-07-18 07:44:35 -07:00
James Phillips 8058f1b234 Improves structure of ACL guide. 2017-07-18 07:41:59 -07:00