Matt Keeler
da3ed5dc76
Fix #4515 : Segfault when serf_wan port was -1 but reconnect_time_wan was set ( #4531 )
...
Fixes #4515
This just slightly refactors the logic to only attempt to set the serf wan reconnect timeout when the rest of the serf wan settings are configured - thus avoiding a segfault.
2018-08-17 14:44:25 -04:00
Matt Keeler
5c7c58ed26
Gossip tuneables ( #4444 )
...
Expose a few gossip tuneables for both lan and wan interfaces
gossip_nodes
gossip_interval
probe_timeout
probe_interval
retransmit_mult
suspicion_mult
2018-07-26 11:39:49 -04:00
Mitchell Hashimoto
5c42dacef4
Merge pull request #4320 from hashicorp/f-alias-check
...
Add "Alias" Check Type
2018-07-20 13:01:33 -05:00
Matt Keeler
95e8f795df
Use the agent logger instead of log module
2018-07-19 11:22:01 -04:00
Matt Keeler
953b72318f
Persist proxies from config files
...
Also change how loadProxies works. Now it will load all persisted proxies into a map, then when loading config file proxies will look up the previous proxy token in that map.
2018-07-18 17:04:35 -04:00
Matt Keeler
9f8991e0cc
Fix issue with choosing a client addr that is 0.0.0.0 or ::
2018-07-16 16:30:15 -04:00
Mitchell Hashimoto
65bbc12d69
agent: use the correct ACL token for alias checks
2018-07-12 10:17:53 -07:00
Mitchell Hashimoto
99ead8324f
agent: alias checks have no interval
2018-07-12 09:36:11 -07:00
Mitchell Hashimoto
75ea0a1ee7
agent: run alias checks
2018-07-12 09:36:10 -07:00
Paul Banks
6fe7faa554
Merge pull request #4381 from hashicorp/proxy-check-default
...
Proxy check default
2018-07-12 17:08:35 +01:00
Matt Keeler
0a365b1a4f
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
...
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
Paul Banks
9223102331
Default managed proxy TCP check address sanely when proxy is bound to 0.0.0.0.
...
This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.
2018-07-12 12:57:10 +01:00
Matt Keeler
1e5e9fd8cd
PR Updates
...
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
Matt Keeler
358e6c8f6a
Pass around an API Config object and convert to env vars for the managed proxy
2018-07-10 12:13:51 -04:00
Matt Keeler
115893b7d8
Remove https://prefix from TLSConfig.Address
2018-07-09 12:31:15 -04:00
mkeeler
1da3c42867
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Mitchell Hashimoto
54ad6fc050
agent: convert the proxy bind_port to int if it is a float
2018-06-25 12:26:18 -07:00
Paul Banks
1d6e1ace11
register TCP check for managed proxies
2018-06-25 12:25:40 -07:00
Paul Banks
d1810ba338
Make proxy only listen after initial certs are fetched
2018-06-25 12:25:40 -07:00
Paul Banks
42e28fa4d1
Limit proxy telemetry config to only be visible with authenticated with a proxy token
2018-06-25 12:25:39 -07:00
Paul Banks
ca68136ac7
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
2df422e1e5
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
Mitchell Hashimoto
0d457a3e71
agent: RemoveProxy also removes the proxy service
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
c30affa4b6
agent/proxy: AllowRoot to disable executing managed proxies when root
2018-06-25 12:25:11 -07:00
Paul Banks
d0674cdd7a
Warn about killing proxies in dev mode
2018-06-25 12:24:16 -07:00
Paul Banks
d140612350
Fixs a few issues that stopped this working in real life but not caught by tests:
...
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
- Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
- Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
- Naming things
2018-06-25 12:24:14 -07:00
Paul Banks
3df45ac7f1
Don't kill proxies on agent shutdown; backport manager close fix
2018-06-25 12:24:13 -07:00
Paul Banks
3bac52480e
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
9cea27c66e
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
Paul Banks
c97db00903
Run daemon processes as a detached child.
...
This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie.
I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.
2018-06-25 12:24:08 -07:00
Paul Banks
3a00574a13
Persist proxy state through agent restart
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
9249662c6c
agent: leaf endpoint accepts name, not service ID
...
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
2018-06-14 09:42:20 -07:00
Paul Banks
bd5e569dc7
Make invalid clusterID be fatal
2018-06-14 09:42:17 -07:00
Paul Banks
834ed1d25f
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Mitchell Hashimoto
c42510e1ec
agent/cache: implement refresh backoff
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
b4f990bc6c
agent: verify local proxy tokens for CA leaf + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
8f7b5f93cd
agent: verify proxy token for ProxyConfig endpoint + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
1dfb4762f5
agent: increase timer for blocking cache endpoints
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
7bb13246a8
agent: clarify why we Kill still
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
147b066c67
agent: restore proxy snapshot but still Kill proxies
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
4301f7f1f5
agent: only set the proxy manager data dir if its set
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
5e0f0ba178
agent/proxy: write pid file whenever the daemon process changes
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
49bc7181a4
agent/proxy: send logs to the correct location for daemon proxies
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
52665f7d23
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
bae428326a
agent: use os.Executable
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
4722e3ef76
agent: fix crash that could happen if proxy was nil on load
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
669268f85c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
a2167a7fd1
agent/proxy: manager and basic tests, not great coverage yet coming soon
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
f64a002f68
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Paul Banks
dcd277de8a
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Paul Banks
153808db7c
Don't allow connect watches in agent/cli yet
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
2167713226
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Mitchell Hashimoto
73838c9afa
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
dcb2671d10
agent/cache: address PR feedback, lots of typos
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
a1f8cb9570
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
8bb4fd95a6
agent: initialize the cache and cache the CA roots
2018-06-14 09:42:00 -07:00
Paul Banks
aed5e5b03e
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict...
2018-06-14 09:41:58 -07:00
Paul Banks
cbd8606651
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
2018-06-14 09:41:57 -07:00
Paul Banks
c2266b134a
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
78e48fd547
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Matt Keeler
f9d0323c0b
Fixup a weird merge problem
2018-06-11 16:27:39 -04:00
Matt Keeler
c5d9c2362f
Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
...
# Conflicts:
# agent/agent.go
# agent/consul/client.go
2018-06-11 16:11:36 -04:00
Matt Keeler
c589991452
Apply the limits to the clients rpcLimiter
2018-06-11 15:51:17 -04:00
Matt Keeler
e043621dd3
Merge pull request #4156 from hashicorp/enterprise-coexistence
...
Enterprise/Licensing Cleanup
2018-06-05 10:50:32 -04:00
Matt Keeler
4858aa6be4
Add RunWithConfig and put Run signature back to normal
2018-05-31 20:22:14 -04:00
Matt Keeler
365e8d11ee
Allow passing in a config to the watch plan to use when creating the API client
...
This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
2018-05-31 17:07:36 -04:00
Matt Keeler
14661a417b
Allow for easy enterprise/oss coexistence
...
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
Preetha Appan
e28c5fbb4e
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
eb4bc79118
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Kyle Havlovitz
a480434517
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Jared Wasinger
9a1737a5f0
agent: reload limits upon restart
2018-04-08 14:28:29 -07:00
runsisi
2f09d10df5
minor fix for endpoints shutdown
...
Signed-off-by: runsisi <runsisi@zte.com.cn>
2018-03-29 21:45:46 +08:00
Matt Keeler
b5cdbbd033
Merge pull request #3990 from hashicorp/b-gh-3854
...
Warn when node name isnt a valid DNS label
2018-03-29 09:04:47 -04:00
Preetha
f91db69d6e
Merge pull request #3984 from hashicorp/f-allow-federation-disable
...
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-27 16:05:53 -05:00
Matt Keeler
fd9297ad8f
Formatting update
2018-03-27 16:31:27 -04:00
Preetha Appan
17a011b9bd
fix typo and remove comment
2018-03-27 14:28:05 -05:00
Matt Keeler
2d8a68cce9
GH-3854: Warn when node name isnt a valid DNS label
2018-03-27 15:00:33 -04:00
Preetha Appan
512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
Guido Iaquinti
244fc72b05
Add package name to log output
2018-03-21 15:56:14 +00:00
Josh Soref
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
James Phillips
5b245c0201
Merge pull request #3845 from 42wim/tagfix
...
Fix service tags not added to health check. Part two
2018-02-05 16:18:00 -08:00
James Phillips
0aa05cc5f0
Merge pull request #3855 from hashicorp/pr-3782-slackpad
...
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00
James Phillips
1a08e8c0f1
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00
Wim
5cc76cce09
Fix service tags not added to health check. Part two
2018-01-29 20:32:44 +01:00
Veselkov Konstantin
c2395d9bd0
fix refactoring
2018-01-28 22:53:30 +04:00
Veselkov Konstantin
05666113a4
remove golint warnings
2018-01-28 22:40:13 +04:00
Kyle Havlovitz
b651253cb2
Don't remove the files, just log an error
2018-01-19 14:25:51 -08:00
Kyle Havlovitz
17ec4a9394
Add graceful handling of malformed persisted service/check files.
...
Previously a change was made to make the file writing atomic,
but that wasn't enough to cover something like an OS crash so we
needed something here to handle the situation more gracefully.
Fixes #1221 .
2018-01-19 14:07:36 -08:00
Dmytro Kostiuchenko
a45f6ad740
Add gRPC health-check #3073
2018-01-04 16:42:30 -05:00
James Phillips
518ab954bc
Merge pull request #3642 from yfouquet/master
...
[Fix] Service tags not added to health checks
2017-12-14 13:59:39 -08:00
James Phillips
63011dd393
Copies the autopilot settings from the runtime config.
...
Fixes #3730
2017-12-13 10:32:05 -08:00
Yoann Fouquet
f4f7db0059
[Fix] Service tags not added to health checks
...
Since commit 9685bdcd0ba4b4b3adb04f9c1dd67d637ca7894e, service tags are added to the health checks.
Otherwise, when adding a service, tags are not added to its check.
In updateSyncState, we compare the checks of the local agent with the checks of the catalog.
It appears that the service tags are different (missing in one case), and so the check is synchronized.
That increase the ModifyIndex periodically when nothing changes.
Fixed it by adding serviceTags to the check.
Note that the issue appeared in version 0.8.2.
Looks related to #3259 .
2017-12-12 13:39:37 +01:00
James Phillips
532cafe0af
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
James Phillips
8709f65afd
Adds HTTP/2 support to Consul's HTTPS server. ( #3657 )
...
* Refactors the HTTP listen path to create servers in the same spot.
* Adds HTTP/2 support to Consul's HTTPS server.
* Vendors Go HTTP/2 library and associated deps.
2017-11-07 15:06:59 -08:00
Kyle Havlovitz
bc3ba5f873
Merge branch 'master' into esm-changes
2017-11-01 11:37:48 -07:00
Frank Schroeder
7d05e55734
docker: stop previous check on replace
2017-10-26 12:03:07 +02:00
Kyle Havlovitz
16908be034
Add deregister critical service field and refactor duration parsing
2017-10-25 19:17:41 -07:00
Frank Schroeder
1dab004335
Decouple the code that executes checks from the agent
2017-10-25 11:18:07 +02:00
Frank Schroeder
29435004f6
ae: fix typo in constructor name
2017-10-23 10:56:05 +02:00
Frank Schroeder
da604495a0
local state: address review comments
...
* move non-blocking notification mechanism into ae.Trigger
* move Pause/Resume into separate type
2017-10-23 10:56:04 +02:00