Commit graph

11462 commits

Author SHA1 Message Date
Kim Ngo 5f21b33e29
Update CHANGELOG.md 2020-03-17 15:02:56 -05:00
Hans Hasselberg 672db9bef6
docs: fix filenames (#7453) 2020-03-17 21:00:45 +01:00
Kim Ngo 9e8eb7896f
agent/xds: Update mesh gateway to use service router timeout (#7444)
* website/connect/proxy/envoy: specify timeout precedence for services behind mesh gateway
2020-03-17 14:50:14 -05:00
Daniel Nephin 4d485649d1 ci: Use golangci-lint for linting
Using golangci-lint has a number of advantages:

- adding new linters becomes much easier, its a couple lines of yaml config
  instead of more bash scripting

- it enables whitelisting of issues using inline comments or regex

- when running multiple linters less work is done. The parsed source can be reused
  by multiple linters

- linters are run in parallel to reduce CI runtime.
2020-03-17 13:43:40 -04:00
Chris Piraino 6f84d27bf1
Update CHANGELOG.md 2020-03-17 09:56:20 -05:00
Chris Piraino f13d6ca812
Log "vew version available" message at info level (#7462) 2020-03-17 09:53:15 -05:00
Pierre Souchay 48c5785f43
docs: fixed typo on MIME in Changelog (#7461) 2020-03-17 13:44:55 +01:00
Daniel Nephin 02fe105ac0 website/docs: small doc improvements to CLI reference
Small improvements to the join docs.

The help text for `lock` says -try is deprecated and replaced with -timeout.
Update the docs to match.
2020-03-16 17:54:45 -04:00
Hans Hasselberg 99d6d0d7a4
Update CHANGELOG.md to include 1.7.2 2020-03-16 22:08:40 +01:00
Hans Hasselberg 90a234d242
docs: update website version (#7456) 2020-03-16 22:03:36 +01:00
Matt Keeler ca96930283
Don’t pass -u to get get inside Go build image dockerfile (#7455) 2020-03-16 15:26:07 -04:00
Matt Keeler af8dddfbfd
Update CHANGELOG.md 2020-03-16 12:59:28 -04:00
Matt Keeler 58e2969fc1
Fix ACL mode advertisement and detection (#7451)
These changes are necessary to ensure advertisement happens correctly even when datacenters are connected via network areas in Consul enterprise.

This also changes how we check if ACLs can be upgraded within the local datacenter. Previously we would iterate through all LAN members. Now we just use the ServerLookup type to iterate through all known servers in the DC.
2020-03-16 12:54:45 -04:00
Matt Keeler ef944f6c3d
Update namespace docs for some new CLI commands (#7435)
Co-Authored-By: Hans Hasselberg <me@hans.io>
2020-03-16 09:42:39 -04:00
Charlie Jones 0fc91ca047
docs: fix typo in consul-template tutorial (#7454) 2020-03-16 14:04:28 +01:00
Daniel Nephin c4f9f8e8aa
Merge pull request #7438 from hashicorp/dnephin/remove-restore-cache
ci: Remove consul-modcache-v1 from ci config
2020-03-13 12:07:39 -04:00
Freddy e5ba744634
Update CHANGELOG.md 2020-03-12 12:41:41 -06:00
John Cowen 621e7bb11a
Update CHANGELOG.md 2020-03-12 18:31:51 +00:00
Alvin Huang 3e0ecc096c
cherry pick 'docs-cherrypick' label rather than 'docs' to stable-website (#7443) 2020-03-12 13:22:51 -04:00
Daniel Nephin ebe622b4a3 ci: Remove restore_cache
As of go1.13 it is faster to download dependencies from the module
proxy service, than to download a cached /go/pkg/mod
2020-03-11 15:50:42 -04:00
Freddy 8a7ff69b19
Update MSP token and filtering (#7431) 2020-03-11 12:08:49 -06:00
Alvin Huang 2622f2644a
add Authorization header in GitHub API call (#7436) 2020-03-11 13:25:15 -04:00
Hans Hasselberg 6a55f70fa6
tls: remove old ciphers (#7282)
Following advice from:
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices, this PR removes old ciphers.
2020-03-10 21:44:26 +01:00
R.B. Boyer 7315147313 update changelog 2020-03-10 14:47:13 -05:00
R.B. Boyer bfd7424e0d
bump the expected go language version of the main module to 1.13 (#7429) 2020-03-10 14:46:09 -05:00
Daniel Nephin 44d9ad2e38 docs: fix some errors in upgrade-specific
Fix 2 broken links
    Fix some gramatical errors
2020-03-10 14:20:18 -04:00
Alvin Huang bd951c7023
set pr_url outside if (#7424) 2020-03-10 12:31:58 -04:00
R.B. Boyer edea0432db update changelog 2020-03-10 11:20:30 -05:00
R.B. Boyer 10d3ff9a4f
server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419)
Fixes #7414
2020-03-10 11:15:22 -05:00
R.B. Boyer e142934a9c
fix flaky TestCatalogListNodesCommand_verticalBar test (#7422) 2020-03-10 11:01:13 -05:00
Matt Keeler eb44ea335c
Update intention precedence table in the docs (#7421)
* Update intention precedence table in the docs

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2020-03-10 11:49:08 -04:00
Alvin Huang 740bee5928
add slack notifications for cherry-pick (#7423) 2020-03-10 11:47:23 -04:00
Hans Hasselberg f49144fcee
connect: support for envoy 1.13.1 and 1.12.3 (#7380)
* setup new envoy versions for CI
* bump version on the website too.
2020-03-10 11:04:46 +01:00
Kyle Havlovitz 520d464c85
Merge pull request #7373 from hashicorp/acl-segments-fix
Add stub methods for ACL/segment bug fix from enterprise
2020-03-09 14:25:49 -07:00
R.B. Boyer 3ca1216876 update changelog 2020-03-09 16:00:59 -05:00
R.B. Boyer a7fb26f50f
wan federation via mesh gateways (#6884)
This is like a Möbius strip of code due to the fact that low-level components (serf/memberlist) are connected to high-level components (the catalog and mesh-gateways) in a twisty maze of references which make it hard to dive into. With that in mind here's a high level summary of what you'll find in the patch:

There are several distinct chunks of code that are affected:

* new flags and config options for the server

* retry join WAN is slightly different

* retry join code is shared to discover primary mesh gateways from secondary datacenters

* because retry join logic runs in the *agent* and the results of that
  operation for primary mesh gateways are needed in the *server* there are
  some methods like `RefreshPrimaryGatewayFallbackAddresses` that must occur
  at multiple layers of abstraction just to pass the data down to the right
  layer.

* new cache type `FederationStateListMeshGatewaysName` for use in `proxycfg/xds` layers

* the function signature for RPC dialing picked up a new required field (the
  node name of the destination)

* several new RPCs for manipulating a FederationState object:
  `FederationState:{Apply,Get,List,ListMeshGateways}`

* 3 read-only internal APIs for debugging use to invoke those RPCs from curl

* raft and fsm changes to persist these FederationStates

* replication for FederationStates as they are canonically stored in the
  Primary and replicated to the Secondaries.

* a special derivative of anti-entropy that runs in secondaries to snapshot
  their local mesh gateway `CheckServiceNodes` and sync them into their upstream
  FederationState in the primary (this works in conjunction with the
  replication to distribute addresses for all mesh gateways in all DCs to all
  other DCs)

* a "gateway locator" convenience object to make use of this data to choose
  the addresses of gateways to use for any given RPC or gossip operation to a
  remote DC. This gets data from the "retry join" logic in the agent and also
  directly calls into the FSM.

* RPC (`:8300`) on the server sniffs the first byte of a new connection to
  determine if it's actually doing native TLS. If so it checks the ALPN header
  for protocol determination (just like how the existing system uses the
  type-byte marker).

* 2 new kinds of protocols are exclusively decoded via this native TLS
  mechanism: one for ferrying "packet" operations (udp-like) from the gossip
  layer and one for "stream" operations (tcp-like). The packet operations
  re-use sockets (using length-prefixing) to cut down on TLS re-negotiation
  overhead.

* the server instances specially wrap the `memberlist.NetTransport` when running
  with gateway federation enabled (in a `wanfed.Transport`). The general gist is
  that if it tries to dial a node in the SAME datacenter (deduced by looking
  at the suffix of the node name) there is no change. If dialing a DIFFERENT
  datacenter it is wrapped up in a TLS+ALPN blob and sent through some mesh
  gateways to eventually end up in a server's :8300 port.

* a new flag when launching a mesh gateway via `consul connect envoy` to
  indicate that the servers are to be exposed. This sets a special service
  meta when registering the gateway into the catalog.

* `proxycfg/xds` notice this metadata blob to activate additional watches for
  the FederationState objects as well as the location of all of the consul
  servers in that datacenter.

* `xds:` if the extra metadata is in place additional clusters are defined in a
  DC to bulk sink all traffic to another DC's gateways. For the current
  datacenter we listen on a wildcard name (`server.<dc>.consul`) that load
  balances all servers as well as one mini-cluster per node
  (`<node>.server.<dc>.consul`)

* the `consul tls cert create` command got a new flag (`-node`) to help create
  an additional SAN in certs that can be used with this flavor of federation.
2020-03-09 15:59:02 -05:00
Freddy da2639adf5
Update namespace docs for config entries (#7420) 2020-03-09 14:51:21 -06:00
Dane Harrigan 21cb30acc8
Update envoy.html.md.erb (#7394)
Minor typo
2020-03-09 13:58:29 -04:00
Matt Keeler 9753e28333
Gather instance counts of aggregated services (#7415) 2020-03-09 11:56:19 -04:00
Noel Quiles 955f065d70
website:update middleman-hashicorp to 0.3.44 (#7382) 2020-03-09 14:41:58 +01:00
Pierre Souchay 49dc891737
agent: configuration reload preserves check's statuses for services (#7345)
This fixes issue #7318

Between versions 1.5.2 and 1.5.3, a regression has been introduced regarding health
of services. A patch #6144 had been issued for HealthChecks of nodes, but not for healthchecks
of services.

What happened when a reload was:

1. save all healthcheck statuses
2. cleanup everything
3. add new services with healthchecks

In step 3, the state of healthchecks was taken into account locally,
so at step 3, but since we cleaned up at step 2, state was lost.

This PR introduces the snap parameter, so step 3 can use information from step 1
2020-03-09 12:59:41 +01:00
Alex Dzyoba 827c5d9010
command: change delim in columnize to funny node names (#6652)
When node name contains vertical bar symbol some commands output is
garbled because `|` is used as a delimiter in `columnize.SimpleFormat`.

This commit changes format string to use `\x1f` - ASCII unit
separator[1] as a delimiter and also adds test to cover this case.

Affected commands:

* `consul catalog nodes`
* `consul members`
* `consul operator raft list-peers`
* `consul intention get`

Fixes #3951.

[1]: https://en.wikipedia.org/wiki/Delimiter#Solutions
2020-03-09 11:24:56 +01:00
Hans Hasselberg eb8bdc372e
docs: add docs for kv_max_value_size (#7405)
Apart from the added docs, the error messages are similar now and are
pointing to the corresponding options.
Fixes #6708.
2020-03-09 11:13:40 +01:00
Johannes Scheuermann bc87976708
agent: log error when agent crashes in an early stage (#7411) 2020-03-09 10:45:21 +01:00
John Cowen 40e632a955
ui: Enable recovery from an unreachable datacenter (500 error) (#7404)
For URL maintenance reasons we store the last visited DC in
localStorage incase you come back to a page (for example settings) that
doesn't have a dc in the URL.

A problem arises here if the last DC you tried to visit is unreachable.

The first fix here clears out the last visited DC from localStorage if
the API has errored out.

Secondly, our `href-mut` helper which mutates the current current and
replaces 'parts' in the URL rather than the whole thing functioned by
detecting the current route/URL you are on an 'mutating' that. A problem
arose here as even though you might be on the `/ui/dc-1/services` URL the
actual route is the 'error' route which does not have a URL that can be
changed properly.

The second fix here uses route.currentRoute.name over route.currentRouteName.

The latter is equal to error when an error occurs whereas the former gives you the name of the route before the error happened, which is actually what we want/the intent here.

ie. when `router.currentRouteName === 'error'` then
`router.currentRoute.name === Name Of Route Before It Errored` it seems
2020-03-09 09:10:47 +00:00
Alvin Huang c2b5edf805
add auto cherry-picking (#7406)
* add auto cherry-picking

* exit on git cherry-pick failure

* release branches are #.#.x
2020-03-06 17:59:14 -05:00
Kim Ngo f2d0feea15
Update CHANGELOG.md 2020-03-05 15:49:26 -06:00
Kim Ngo ab8a3b8044
agent/txn_endpoint: configure max txn request length (#7388)
configure max transaction size separately from kv limit
2020-03-05 15:42:37 -06:00
Matt Keeler 31dde765bf
Change where the envoy snapshots get put when a test fails (#7298)
This will allow us to capture them in CI
2020-03-05 16:01:10 -05:00
Matt Keeler c975a87c3c
Update CHANGELOG.md 2020-03-05 15:40:01 -05:00