Commit graph

10604 commits

Author SHA1 Message Date
Matt Keeler 70a5279114
Update CHANGELOG.md 2019-08-30 11:41:00 -04:00
Matt Keeler 31d9d2e557
Store primaries root in secondary after intermediate signature (#6333)
* Store primaries root in secondary after intermediate signature

This ensures that the intermediate exists within the CA root stored in raft and not just in the CA provider state. This has the very nice benefit of actually outputting the intermediate cert within the ca roots HTTP/RPC endpoints.

This change means that if signing the intermediate fails it will not set the root within raft. So far I have not come up with a reason why that is bad. The secondary CA roots watch will pull the root again and go through all the motions. So as soon as getting an intermediate CA works the root will get set.

* Make TestAgentAntiEntropy_Check_DeferSync less flaky

I am not sure this is the full fix but it seems to help for me.
2019-08-30 11:38:46 -04:00
R.B. Boyer c5e1faaddb
test: ensure the node name is a valid dns name (#6424)
The space in the node name was making every test emit a useless warning.
2019-08-29 16:52:13 -05:00
R.B. Boyer 4a2867a814
test: explicitly run the pprof tests for 1s instead of the 30s default (#6421) 2019-08-29 12:06:50 -05:00
R.B. Boyer 0f29543315
test: add additional http status code assertions in coordinate HTTP API tests (#6410)
When this test flakes sometimes this happens:

    --- FAIL: TestCoordinate_Node (1.69s)
    panic: interface conversion: interface {} is nil, not structs.Coordinates [recovered]
    FAIL    github.com/hashicorp/consul/agent       19.999s
    Exit code: 1
    panic: interface conversion: interface {} is nil, not structs.Coordinates [recovered]
            panic: interface conversion: interface {} is nil, not structs.Coordinates

There is definitely a bug lurking, but the code seems to imply this can
only return nil on 404. The tests previously were not checking the
status code.

The underlying cause of the flake is unknown, but this should turn the
failure into a more normal test failure.
2019-08-29 09:55:05 -05:00
Matt Keeler f8d49dc4da
TxnCheckOp has a Check field not a Service field (#6418) 2019-08-28 15:57:41 -04:00
Pierre Souchay 35d90fc899 Display IPs of machines when node names conflict to ease troubleshooting
When there is an node name conflicts, such messages are displayed within Consul:

`consul.fsm: EnsureRegistration failed: failed inserting node: Error while renaming Node ID: "e1d456bc-f72d-98e5-ebb3-26ae80d785cf": Node name node001 is reserved by node 05f10209-1b9c-b90c-e3e2-059e64556d4a with name node001`

While it is easy to find the node that has reserved the name, it is hard to find
the node trying to aquire the name since it is not registered, because it
is not part of `consul members` output

This PR will display the IP of the offender and solve far more easily those issues.
2019-08-28 15:57:05 -04:00
Pierre Souchay bfc27eb244 [BUGFIX][BUILD] When test fail in circle-ci in main, have a proper error message (#6416)
Since FUNCNAME is not defined when running outside a function,
trap does not work and display wrong error message.

Example from https://circleci.com/gh/hashicorp/consul/69506 :

```
  ⨯ FAIL
  /home/circleci/project/test/integration/connect/envoy/run-tests.sh: line 1: FUNCNAME[0]: unbound variable
  make: *** [GNUmakefile:363: test-envoy-integ] Error 1
```

This fix will avoid this error message and display the real cause.
2019-08-28 10:26:05 -04:00
Alvin Huang e4e9381851
revert commits on master (#6413) 2019-08-27 17:45:58 -04:00
tradel 2838a1550a update tests to match new method signatures 2019-08-27 14:16:39 -07:00
tradel 93c839b76c confi\gure providers with DC and domain 2019-08-27 14:16:25 -07:00
tradel 1acde6e30a create a common name for autoTLS agent certs 2019-08-27 14:15:53 -07:00
tradel 82544b64e5 add subject names to issued certs 2019-08-27 14:15:10 -07:00
tradel 1c9b271731 construct a common name for each CSR 2019-08-27 14:12:56 -07:00
tradel 8c733260cd add serviceID to leaf cert request 2019-08-27 14:12:22 -07:00
tradel b0bbcd8b94 add domain and nodeName to agent cert request 2019-08-27 14:11:40 -07:00
tradel 3dc47a9251 Added DC and domain args to Configure method 2019-08-27 14:09:01 -07:00
R.B. Boyer 1b3d066f90
test: send testagent logs through testing.Logf (#6411) 2019-08-27 12:21:30 -05:00
R.B. Boyer 0c5409d172
test: fix TestAgent.Start() to not segfault if the DNSServer cannot ListenAndServe (#6409)
The embedded `Server` field on a `DNSServer` is only set inside of the
`ListenAndServe` method. If that method fails for reasons like the
address being in use and is not bindable, then the `Server` field will
not be set and the overall `Agent.Start()` will fail.

This will trigger the inner loop of `TestAgent.Start()` to invoke
`ShutdownEndpoints` which will attempt to pretty print the DNS servers
using fields on that inner `Server` field. Because it was never set,
this causes a nil pointer dereference and crashes the test.
2019-08-27 10:45:05 -05:00
Alvin Huang 9662b7c01a
add nil pointer check for pointer to ACLToken struct (#6407) 2019-08-27 11:23:28 -04:00
Hans Hasselberg 108ba9fa15
Update CHANGELOG.md 2019-08-27 17:12:47 +02:00
Nick Fagerlund e4e3fd4299 website: Update middleman-hashicorp container and Gemfile.lock (#6374)
* website: Update middleman-hashicorp container and Gemfile.lock

Time marches on, and so do security vulnerabilities in Nokogiri. So it's time
for a new container.

As with last time, here's a reminder for the next person who needs to update
this:

- You shouldn't just update the dependency in Gemfile.lock, because your build
  times will go to heck as you compile Nokogiri from source on every run. So you
  need an updated container with all the dependencies.
- To update the container, you need to push a new tag to the middleman-hashicorp
  repo. Teamcity does the rest, and will ship a new container to Docker Hub
  (unless its credentials are out of date, in which case go ask team-eng-serv.)
- Once that's pushed:
    - Update Makefile
    - Update the Gemfile
    - Delete Gemfile.lock
    - `make website` until it comes up, then ctrl-C
    - Commit the changes

* website: Specify a different json version in Gemfile.lock

The Consul website uses different containers for preview and deploy, and this
oddball JSON version was causing issues. This commit sacrifices a little bit
of preview startup speed for (hopefully) working deploys.
2019-08-27 11:05:18 -04:00
Hans Hasselberg c87285e3a9
changelog: add known issues section for 1.6.
Update CHANGELOG.md
2019-08-27 14:40:26 +02:00
Hans Hasselberg 3314dfd4ec
make sure auto_encrypt has private key type and bits (#6392) 2019-08-27 14:37:56 +02:00
Hans Hasselberg dee5a4ac51
auto_encrypt: verify_incoming_rpc is good enough for auto_encrypt.allow_tls (#6376)
Previously `verify_incoming` was required when turning on `auto_encrypt.allow_tls`, but that doesn't work together with HTTPS UI in some scenarios. Adding `verify_incoming_rpc` to the allowed configurations.
2019-08-27 14:36:36 +02:00
Mike Morris c108fd01a0
bump eventmachine to 1.2.7 in Gemfile.lock (#6389) 2019-08-27 02:00:43 -04:00
R.B. Boyer fa2c0a7316
test: actually run envoy 1.11.1 integration tests on PRs (#6397) 2019-08-26 16:30:17 -05:00
R.B. Boyer 09ce7e1220
test: don't leak agent goroutines in TestAgent_sidecarServiceFromNodeService (#6396)
A goroutine dump using runtime.Stack() before/after shows a drop from 121 => 4.
2019-08-26 15:19:59 -05:00
Aaron Bennett 9988cf1200 update dependencies for enterprise change (#6395) 2019-08-26 15:22:28 -04:00
Freddy 51fbcc5fcd
Rephrase bind docs (#6394) 2019-08-26 11:31:55 -06:00
R.B. Boyer cd6ad9a530 Putting source back into Dev Mode 2019-08-26 12:22:20 -05:00
Hans Hasselberg e1bc7407d5
Update CHANGELOG.md
Co-Authored-By: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
2019-08-26 16:51:36 +02:00
Hans Hasselberg 4d8bc2f6b0
Update CHANGELOG.md
Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-08-26 16:38:32 +02:00
Hans Hasselberg 9ff7c17148
Update CHANGELOG.md 2019-08-26 16:29:57 +02:00
Hans Hasselberg 4f7a3e8fa8 make sure auto_encrypt has private key type and bits 2019-08-26 13:09:50 +02:00
hashicorp-ci 59bda8d3d5
Release v1.6.0 2019-08-23 22:10:51 +00:00
hashicorp-ci a3ac04526a
update bindata_assetfs.go 2019-08-23 22:10:50 +00:00
R.B. Boyer e45484c62f mod: bump main module to api v1.2.0 and sdk v0.2.0 2019-08-23 16:45:30 -05:00
R.B. Boyer a69d34f87d api: bump to sdk v0.2.0 2019-08-23 16:41:19 -05:00
R.B. Boyer 7ef2b5c4a6
flatten 1.6 series changelog (#6390) 2019-08-23 16:36:31 -05:00
Matt Keeler 505df4eaa3
Update CHANGELOG.md 2019-08-23 16:04:10 -04:00
Hans Hasselberg 15a8744ac7
Update CHANGELOG.md 2019-08-23 21:56:27 +02:00
R.B. Boyer 2d4a3b51d0
Merge pull request #6388 from hashicorp/release/1-6
merging release/1-6 into master
2019-08-23 13:44:46 -05:00
Matt Keeler 89ac998e8b
Secondary CA establishLeadership fix (#6383)
This prevents ACL issues (or other issues) during intermediate CA cert signing from failing leader establishment.
2019-08-23 11:32:37 -04:00
Anudeep Reddy 02197b2cd2 Update observability.html.md (#6379) 2019-08-23 17:07:48 +02:00
danielehc 992b1a8d88
Update agent.html.markdown.erb (#6380)
Adding a note on how to make Consul trust S3-compatible storage that expose a self-signed certificate.
2019-08-23 16:09:41 +02:00
Hans Hasselberg aada537d87
auto_encrypt: use server-port (#6287)
AutoEncrypt needs the server-port because it wants to talk via RPC. Information from gossip might not be available at that point and thats why the server-port is being used.
2019-08-23 10:18:46 +02:00
R.B. Boyer 37f89f8ffe update changelog 2019-08-22 15:13:06 -05:00
R.B. Boyer ea65298070
connect: allow 'envoy_cluster_json' escape hatch to continue to function (#6378) 2019-08-22 15:11:56 -05:00
Alvin Huang a6351223e7 Merge Consul OSS branch 'master' at commit 59150281c52fafa4a3320c42128f1caf9dbd083b 2019-08-21 18:22:19 -04:00