Commit graph

1821 commits

Author SHA1 Message Date
kaitlincarter-hc 5cf6d7681a
Fixing smart quotes (#5522) 2019-03-25 09:22:27 -05:00
Alvin Huang d686201776 fix broken link 2019-03-22 19:20:48 -04:00
Judith Malnick 6c75291aeb
[docs] improve telegraf guide with objectives, summary, formatting (#5527) 2019-03-22 09:40:38 -07:00
Jud White 84bcf52cdb docs: update 'sc' usage in windows-guide.html.md (#5501)
- the space after `=` is significant in sc parameters (binPath= "<path> <args>, start= auto)
- given the text "the service automatically starts up during/after boot", added `start= auto` to
  the example,  otherwise the service will be set to Manual start mode.
2019-03-21 12:51:04 -05:00
Todd Radel 10d71fa84a [docs] New doc on integration with Ambassador Proxy (#5497)
* New doc on integration with Ambassador Proxy

* Remove reference to "step 1"

* Added link to docs for `consul intention check`

* Update website/source/docs/platform/k8s/ambassador.html.md

Co-Authored-By: tradel <todd@radel.us>

* Update website/source/docs/platform/k8s/ambassador.html.md

Co-Authored-By: tradel <todd@radel.us>

* Update website/source/docs/platform/k8s/ambassador.html.md

Co-Authored-By: tradel <todd@radel.us>

* Added links to install guide and Connect guide
2019-03-21 11:00:39 -05:00
Judith Malnick 0957c8f59d
Update website/source/docs/guides/kubernetes-reference.html.md
Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-03-21 09:51:37 -05:00
Judith Malnick cf875d74c3
Update website/source/docs/guides/kubernetes-reference.html.md
Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-03-21 09:50:25 -05:00
kaitlincarter-hc d186873324
Updating network segments guide (#5529) 2019-03-21 09:35:49 -05:00
Rebecca Zanzig 05587186a6 Add dns configuration info for CoreDNS users 2019-03-20 23:02:04 -07:00
kaitlincarter 83594b22e6 New k8s reference arch guide. 2019-03-20 19:20:05 -05:00
tryan225 3dcc00f854 Adding an example of extraVolumes with the Helm chart 2019-03-19 14:31:11 -07:00
Erik DeLamarter a3ca2e77ce [Docs] Added a note to GCE auto-join credentials option (#5391)
* Added a note to GCE auto-join credentials option

Simply added a note to remind users that putting a json file in the config-dir will make consul parse it as a config file.
Hope to help someone else avoid wasting a day because of these errors:
==> Error parsing /etc/consul.d/credentials.json: 10 error(s) occurred: * invalid config key private_key

* Updated according to style guidelines

Co-Authored-By: delamart <erik@delamarter.ch>
2019-03-19 09:40:12 -05:00
kaitlincarter-hc facda98f0a Updating the intro. 2019-03-18 14:52:17 -05:00
John Cowen 73f79ac599 [Docs] Connect Sidecar Proxies: Fixes 'must may' typo and adds formatting to follow other docs (#5397)
* Fixes 'must may' typo and adds formatting to follow other docs

* Reverts local_service_port docs to state its optional
2019-03-18 11:48:56 -07:00
Todd Radel d3ad84a710 [docs] Added section on using Helm chart to deploy Enterprise binaries (#5454)
* Added section on using Helm chart to deploy Enterprise binaries

* Update website/source/docs/platform/k8s/helm.html.md

Switch to active voice.

Co-Authored-By: tradel <todd@radel.us>

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: tradel <todd@radel.us>

* Update website/source/docs/platform/k8s/helm.html.md

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: tradel <todd@radel.us>
2019-03-18 11:21:40 -07:00
Steve Burns ff8ab320da Add log_file attribute to agent configuration documentation (#5492) 2019-03-18 10:24:49 -07:00
Alex Mayer a73d983d19 Docs Proofing (#5424)
* Docs: Remove default_policy From Code Example

It is not needed according to:
https://www.consul.io/docs/agent/acl-system.html#configuring-acls

* Docs: Cleanup Commands And Their Output On ACL Guide Page

Remove extra spaces and newlines
Ensure rules match input rules

* Docs: Remove Incomplete "Added In Version" Statement

Version added is specified on parent option

* Docs: Fix Broken Links

* Docs: Minor Sentence Tweaks
2019-03-15 09:35:33 -05:00
kaitlincarter-hc 1cecaca601
[docs] Deploying Consul with Kubernetes (#5471)
* Adding new K8s guide.

* Update website/source/docs/guides/kuberenetes-deployment.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/kuberenetes-deployment.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* updating based on feedback.

* Couple updates based on feedback.

* Update website/source/docs/guides/kuberenetes-deployment.html.md

* updating value file.
2019-03-13 16:56:00 -05:00
Rebecca Zanzig 1be36c82ed Add docs for using Helm --set to create extraConfig variables (#5474)
* Add docs for using Helm `--set` to create extraConfig variables

Based on info provided for `consul-helm` issue 74.

* fixing formatting
2019-03-13 16:25:09 -05:00
kaitlincarter-hc a321b69a45
[docs] Move Sentinel documentation (#5478)
* Moving sentinel doc

* updating links, fixing headings.

* Update website/source/docs/agent/acl-rules.html.md
2019-03-13 12:47:25 -05:00
kaitlincarter-hc cf617ab7d1
[docs] Bootstrapping Guide -> Install docs (#5473)
* moved the bootstrapping guide to the docs.

* More edits for consistency.

* Added arch link
2019-03-13 10:12:52 -05:00
Hans Hasselberg d511e86491
agent: enable reloading of tls config (#5419)
This PR introduces reloading tls configuration. Consul will now be able to reload the TLS configuration which previously required a restart. It is not yet possible to turn TLS ON or OFF with these changes. Only when TLS is already turned on, the configuration can be reloaded. Most importantly the certificates and CAs.
2019-03-13 10:29:06 +01:00
Reid Beels 257d079fac Remove misleading encrypt param documentation (#5452)
According to https://www.consul.io/docs/agent/options.html#_encrypt, the `encrypt` param specifies the 16-byte key to use, not the path to a config file containing the key.
2019-03-12 10:26:40 -05:00
Alvin Huang 4956d632b9
Merge pull request #5451 from hashicorp/update_go_discover_for_azure
Update go-discover vendor
2019-03-11 16:39:39 -04:00
Lowe Schmidt 7638a1ca1a Typo fix (segement > segment) (#5469) 2019-03-11 16:25:19 +01:00
Masato Yamazaki 774b39dd94 website: delete duplication of "are" (#5464) 2019-03-11 10:42:15 +01:00
petems e9b7569759 Update go-discover vendor
* Adds note about use of ENV variables for auto-join on Azure
2019-03-08 22:57:48 +00:00
Rebecca Zanzig 180110f3b3
Merge pull request #5445 from hashicorp/docs/helm-annotations
Add docs for new Helm `annotations` options
2019-03-08 12:11:30 -08:00
kaitlincarter-hc 7d5c252599
[Docs] ACL Bootstrap Guide (#5399)
* Adding updates for consul reload of token config.

* Update website/source/docs/guides/acl.html.md
2019-03-08 13:12:16 -06:00
kaitlincarter-hc 3a5db38e09
[doc] New Ports Documentation (#5442)
* Adding a ports table.

* Updating layout based on feedback.
2019-03-08 13:10:35 -06:00
Rebecca Zanzig 13133c0fff Add docs for new Helm annotations options 2019-03-08 10:10:25 -08:00
Rebecca Zanzig 2f8bcd2b66 Add docs about new Helm priorityClassName options 2019-03-08 09:42:53 -08:00
Rebecca Zanzig c5b3f98b14 Move aclSyncToken docs under syncCatalog
Additionally updates the anchors to follow the established convention.
2019-03-07 16:54:11 -08:00
Rebecca Zanzig 5ab580990b
Merge pull request #5431 from hashicorp/docs/helm-extraConfig
[docs] Add examples for the `extraConfig` options in the Helm chart
2019-03-06 14:25:25 -08:00
Rebecca Zanzig 5b322d84e4 Add examples for the extraConfig options in the Helm chart 2019-03-06 13:01:17 -08:00
kaitlincarter-hc ca463fb1d5
[Docs] Production Guide for ACLs (#5385)
* New guide for ACLs

* Fixing some formatting issues.

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Resolving PR comments.

* Closing the rest of the PR comments

* Updates for persistence.

* Updating commands.

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/production-acls.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-03-06 10:46:07 -06:00
R.B. Boyer 66af091de9 website: fix broken links 2019-03-05 14:24:33 -06:00
Hans Hasselberg 330b8aec69 default to tls 1.2 as promised. (#5340) 2019-03-04 09:42:04 -05:00
Aestek ce447e0e16 Fix race condition in DNS when using cache (#5398)
* Fix race condition in DNS when using cache

The healty node filtering was modifying the result from the cache, which
caused a crash when multiple queries were made to the same service
simultaneously.
We now copy the node slice before filtering to ensure we do not modify
the data stored in the cache.

* Fix wording in dns cache config doc

s/dns_max_age/cache_max_age/
2019-03-04 09:22:01 -05:00
Hans Hasselberg f9f8aa28a1 typo (#5407) 2019-03-01 08:51:37 -06:00
Matt Keeler 0c76a4389f
ACL Token Persistence and Reloading (#5328)
This PR adds two features which will be useful for operators when ACLs are in use.

1. Tokens set in configuration files are now reloadable.
2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload)

Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change.

Some other secondary changes:

* Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly.
* Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. 
* Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents.
* Docs updated to reflect the API additions and to show using the new endpoints.
* Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 14:28:31 -05:00
Aestek f8a28d13dd Allow DNS interface to use agent cache (#5300)
Adds two new configuration parameters "dns_config.use_cache" and
"dns_config.cache_max_age" controlling how DNS requests use the agent
cache when querying servers.
2019-02-25 14:06:01 -05:00
R.B. Boyer 72218cafae website: fix errant mention of 'snapshot save' on docs for 'snapshot restore' 2019-02-21 13:48:20 -06:00
kaitlincarter-hc f827e6feaa
[Docs] Helm Chart (#5350)
* Updating the Helm chart to include ACL parameter and examples.

* Updates based on feedback.

* Update website/source/docs/platform/k8s/helm.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-02-20 18:27:28 -06:00
kaitlincarter-hc 7a9be3e4a8
[docs] ACL reset procedure (#5334)
* Adding reset instructions.

* Added link to the boostrapping guide for the reset procedure.

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/acl.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-02-19 10:45:23 -06:00
kaitlincarter-hc dade260753
[Docs] New KV documentation (#5315)
* Adding new KV doc

* fixing the metadata

* Update website/source/docs/agent/kv.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/kv.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/kv.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/kv.html.md
2019-02-14 10:25:17 -06:00
R.B. Boyer 6e6a14ad51
Merge pull request #5343 from hashicorp/fixes-grab-bag
various small fixes
2019-02-13 13:26:20 -06:00
R.B. Boyer 57be6ca215 correct some typos 2019-02-13 13:02:12 -06:00
Dan Brown fdff2d3f7c Docs EA update RA and DG (#5336)
* Confirm RA against Consul 1.3

Change product_version frontmatter to ea_version and increase to 1.3

* Confirm DG against Consul 1.3

Change product_version frontmatter to ea_version and increase to 1.3
2019-02-13 12:53:21 -06:00
petems 39f8d12ec2 Adds newline for bullets
* Formatting was previously broken
2019-02-13 00:54:51 +00:00
petems 7fdb488ba4 Adds note about secret value
* For future traveler, this literally ate up an entire day of debugging, so hopefully it helped you! 💃
2019-02-13 00:54:27 +00:00
petems e036462adf Update specific perms for Azure
* `listAll` is not valid
2019-02-13 00:53:51 +00:00
petems ec59d88ac3 Add note about equals signs 2019-02-12 23:47:19 +00:00
adawalli e67f1722f6 website: Update UI Policy recommendations from Guide (#5321)
The guide currently uses node, service, and service for the UI Policy.
This will cause a practically useless UI. This patch uses the _prefix
variants instead which will have the intended behavior.
2019-02-08 14:39:28 -06:00
Rebecca Zanzig ea60cc172e
Merge pull request #5302 from hashicorp/docs/k8s-acl
Update k8s ACL documentation
2019-02-07 13:46:44 -08:00
Rebecca Zanzig b75a02c029 Add additional clarification to the ACL token wording 2019-02-07 13:26:17 -08:00
kaitlincarter-hc 95ee68a4d7
Apply suggestions from code review
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2019-02-07 13:08:04 -08:00
Nick Gunia 7b09d0aa6c Remove invalid option -name from ACL token read documentation (#5324)
It appears that the `read` command for ACL policies was used to template the `read` command for ACL tokens, and an invalid option was not dropped from the docs.
2019-02-07 13:05:12 -05:00
Matt Keeler 210c3a56b0
Improve Connect with Prepared Queries (#5291)
Given a query like:

```
{
   "Name": "tagged-connect-query",
   "Service": {
      "Service": "foo",
      "Tags": ["tag"],
      "Connect": true
   }
}
```

And a Consul configuration like:

```
{
   "services": [
      "name": "foo",
      "port": 8080,
      "connect": { "sidecar_service": {} },
      "tags": ["tag"]
   ]
}
```

If you executed the query it would always turn up with 0 results. This was because the sidecar service was being created without any tags. You could instead make your config look like:

```
{
   "services": [
      "name": "foo",
      "port": 8080,
      "connect": { "sidecar_service": {
         "tags": ["tag"]
      } },
      "tags": ["tag"]
   ]
}
```

However that is a bit redundant for most cases. This PR ensures that the tags and service meta of the parent service get copied to the sidecar service. If there are any tags or service meta set in the sidecar service definition then this copying does not take place. After the changes, the query will now return the expected results.

A second change was made to prepared queries in this PR which is to allow filtering on ServiceMeta just like we allow for filtering on NodeMeta.
2019-02-04 09:36:51 -05:00
kaitlincarter-hc c4e4aad95b
Apply suggestions from code review
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2019-02-01 14:33:06 -08:00
kaitlincarter-hc e845d4ad5f
Update website/source/docs/platform/k8s/service-sync.html.md
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2019-02-01 14:32:37 -08:00
R.B. Boyer df546ad924
incorrect examples for 'consul acl policy' commands (#5303) 2019-02-01 09:16:36 -06:00
Rebecca Zanzig 0ec987d94f Update k8s ACL documentation
Clarifies that an ACL token only needs to be provided when ACLs are
enabled within the Consul cluster.
2019-01-31 13:55:09 -08:00
Matt Keeler 472b7165fd Fix some docs formatting around DNS SOA RR configuration (#5297) 2019-01-30 16:47:32 -06:00
Rebecca Zanzig a3fff4effe
Merge pull request #5292 from hashicorp/docs/acl-quotes
Switch smart quotes to straight quotes
2019-01-29 15:11:00 -08:00
kaitlincarter-hc 7b62d7192b
Created a new index page that links to all the ACL guides. I also removed the sidebar nav drop down to be more consistent with the other guides. (#5260) 2019-01-29 14:51:41 -06:00
Rebecca Zanzig e159f3baeb Switch smart quotes to straight quotes
The ACL guide had a couple instances of smart quotes which get rendered
as the incorrect character on the website.
2019-01-29 11:29:16 -08:00
Ilya Pavlov 9cb766a8de Fix missed letter in the documentation (#5281) 2019-01-28 16:25:56 -06:00
kaitlincarter-hc ffab5f55a6
Fixing broken link. (#5283) 2019-01-28 16:23:29 -06:00
Gabriel Pérez S 945f4f355e Invalid syntax in Envoy configuration docs. (#5275) 2019-01-28 09:58:29 -05:00
danielehc ac288bad21 Adding quorum note on leave command page (#5102)
Reusing the same phrasing as  https://github.com/hashicorp/consul/pull/5095/ to provide info on the effects of the `consul leave` command on Consul quorum
2019-01-25 14:20:48 -06:00
Geoffrey Grosenbach 859b54a7ba Corrects defile to defined (#5262) 2019-01-25 13:45:08 -06:00
Matt Hoey 56bd1d676d website: reference last command's last field instead of background PID (#5264) 2019-01-25 17:30:38 +01:00
Paul Banks 28b94ccd3e
Update services.html.md 2019-01-24 12:41:43 +00:00
Diogenes S. Jesus 90f2788fa2 Fix repeating wording in sentence (#5256)
Fix `to join to join` typo
2019-01-23 09:12:41 -05:00
Paul Banks 1c4dfbcd2e
connect: tame thundering herd of CSRs on CA rotation (#5228)
* Support rate limiting and concurrency limiting CSR requests on servers; handle CA rotations gracefully with jitter and backoff-on-rate-limit in client

* Add CSR rate limiting docs

* Fix config naming and add tests for new CA configs
2019-01-22 17:19:36 +00:00
kaitlincarter-hc fd1c1a656b
Add acl.enable_key_list_policy to agent config docs. (#5227)
* Adding key list parameter to agent config docs.

* Fixed typo in master token section

* Updated based on comments from Paul and Matt.
2019-01-22 10:20:05 -06:00
Erik R. Rygg 3e75415d71
Merge pull request #5215 from hashicorp/deployment_guide_updates
Include information about multi-dc Connect
2019-01-17 19:39:41 -07:00
Rebecca Zanzig a023a09ed0 Fix broken links 2019-01-16 14:42:12 -08:00
Rebecca Zanzig 30e4796efe Indent code blocks further to fix list formatting 2019-01-16 14:31:50 -08:00
Rebecca Zanzig e46dd7c059
Merge pull request #5222 from hashicorp/docs/helm-0.5.0
Add documentation about the two additional Helm chart options
2019-01-16 14:18:15 -08:00
Chris Wang 1143878455 Fix typo in k8s connect documentation (#5229) 2019-01-16 17:03:40 -05:00
kaitlincarter-hc 7e8553ba4a
Update links for learn migration (#5223)
* Stared updaing links for the learn migration

* Language change cluster -> datacenter (#5212)

* Updating the language from cluster to datacenter in the backup guide to be consistent and more accurate.

* missed some clusters

* updated three broken links for the sidebar nav
2019-01-15 14:57:17 -06:00
Rebecca Zanzig b221d239e3
Merge pull request #5213 from hashicorp/docs/helm-security
Add a security warning about the default Helm chart installation
2019-01-14 16:28:31 -08:00
Rebecca Zanzig c085f005e1 Add documentation about the two additional Helm chart options
Adds info about `k8stag` and `nodePortSyncType` options that were
added in consul-helm v0.5.0.

Additionally moves the k8sprefix to match the order in the Helm chart
values file, while also clarifying that it only affects one sync
direction.
2019-01-14 16:15:26 -08:00
Rebecca Zanzig 880544dd85 Add a security warning about the default Helm chart installation
If a user installs the default Helm chart Consul on a Kubernetes
cluster that is open to the internet, it is lacking some important
security configurations.
2019-01-14 15:59:27 -08:00
kaitlincarter-hc 737143418d
Language change cluster -> datacenter (#5212)
* Updating the language from cluster to datacenter in the backup guide to be consistent and more accurate.

* missed some clusters
2019-01-14 10:46:34 -06:00
R.B. Boyer 3c52de46de
website: minor acl guide fixes (#5214) 2019-01-10 14:17:20 -06:00
Aestek 154c41e165 [Security] Allow blocking Write endpoints on Agent using Network Addresses (#4719)
* Add -write-allowed-nets option

* Add documentation for the new write_allowed_nets option
2019-01-10 09:27:26 -05:00
kaitlincarter-hc 2e972b46c6
Re-worked the ACL guide into two docs and an updated guide. (#5093)
* Re-worked the ACL guide into two docs and an updated guide.

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Updating syntax based on amayer5125's comments.

* Missed one of amayer5125's comments

* found a bad link in the acl system docs

* fixing a link in the rules docs
2019-01-09 15:07:20 -06:00
Erik R. Rygg 94718e75c7 Include information about multi-dc Connect 2019-01-08 14:30:36 -07:00
Hans Hasselberg 092907077d
connect: add tls config for vault connect ca provider (#5125)
* add tlsconfig for vault connect ca provider.
* add options to the docs
* add tests for new configuration
2019-01-08 17:09:22 +01:00
Jack Pearkes 5b31ec33db
website: fixed ca provider references (#5185)
Fixes https://github.com/hashicorp/consul/issues/5182.
2019-01-07 18:47:02 -08:00
R.B. Boyer 801e7e1c38
website: fix stray sentinel references using the old syntax (#5191)
[skip ci]
2019-01-07 09:59:17 -06:00
kaitlincarter-hc 841b01c6f0
Added the new monitoring guide (#5117) 2019-01-04 10:26:07 -06:00
Junpei Tsuji 6f14d3eeae website: Use secret id instead of policy id (#5049)
The document uses _the agent-token policy_ as agent token by mistake.
So I fixed it to use the secret id instead of it.
2019-01-03 10:45:01 -05:00
Tayyab Talha 87763ac96b Fix Type in go integration (#5132)
Fix Typo in second example
From svc.ServeTLSConfig() to svc.ServerTLSConfig()
2019-01-03 10:39:23 -05:00
Rebecca Zanzig 3833f49a7b
Merge pull request #5112 from hashicorp/docs/helm-resources-example
Add examples for helm chart multi-line strings
2018-12-20 15:33:33 -08:00
kaitlincarter-hc fb8270232a
removed an extra period that messed up formatting (#5120) 2018-12-19 18:12:43 -06:00
kaitlincarter-hc 9b38ef2c87
Adding the new backup guide (#5080)
* Adding the new backup guide

* Update website/source/docs/guides/backup.html.md

Looks good.

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/backup.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/backup.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/backup.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Updated the directions for the restore command.

* Update website/source/docs/guides/backup.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/backup.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* updated the token env

* Trying to make it extra clear where to run the commands.

* added not that list of backed up items isn't inclusive
2018-12-19 13:01:35 -06:00
kaitlincarter-hc 1bb95a1dc7
Encryption Docs and New Guide (#5059)
* Added the new encryption guide, updated the encryption docs, updated the side-nav and index page for new guide.

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Making updates based on feedback

* Updating language

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Removing all reload mentions

* Updated the final remarks about TLS encryption to include a note about HTTP connections

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/agent-encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* removed the mention of cfssl

* also removed the bit about cfssl in the doc

* updating cert names

* updated all cert values
2018-12-19 12:41:25 -06:00
Hans Hasselberg 1a520d65b4
Builtin tls helper (#5078)
* command: add tls subcommand
* website: update docs and guide
2018-12-19 09:22:49 +01:00
Jack Pearkes 1237bf5d11
website: highlight how to use agent certs for tls checks (#5086)
Also clarifies that HTTP and gRPC checks both use the same
TLS configuration.
2018-12-18 16:47:52 -08:00
Rebecca Zanzig 1f05af4fdc Add examples for helm chart multi-line strings
There has been some confusion about the formating of multi-line
string variables in the Helm chart. This adds examples for these
situations, hopefully clarifying things for users.
2018-12-18 12:46:45 -08:00
kaitlincarter-hc 3f40af540f
Guide Update: Adding/Removing Server (#5095)
* first draft of updated content for consul leave

* Changed the consul leave/bootstrap_expect scenario into a note
2018-12-17 09:16:07 -06:00
Alvin Huang 7dfc32d1c4
Merge pull request #5065 from hashicorp/clarify_separator_api
clarify how `separator` should be in CLI and API
2018-12-12 12:14:19 -08:00
kaitlincarter-hc 0b4ed6ea6e
Updates to the Adding/Removing Servers Guide (#5004)
* added a new section for adding servers, updated section titles, and added code snippets.

* Fixing typos

* fixing typos

* Addressing some of Paul's feedback.

* Updated the outage recovery recommendation
2018-12-12 09:12:29 -06:00
kaitlincarter-hc 21c69d7304
Outage Recover Guide Updates. (#5003)
* Adding examples and a summary. Minor structure updates.

* Added a link to the deployment guide, but needed to remove a sentence referring to a guide that's not published yet.

* fixed typo
2018-12-11 14:51:24 -06:00
Rebecca Zanzig 37cf3d35c5 Add documentation about the new ClusterIP syncing
Adds ClusterIP as a supported service type in the sync doc, as well
as add `syncClusterIPServices` to the helm chart detailed list.
2018-12-07 16:04:35 -08:00
Alvin Huang 10c5b84a64 change depth to prefix 2018-12-07 14:57:00 -05:00
Jack Pearkes 9d170164e4
Documentation and changes for verify_server_hostname (#5069)
* verify_server_hostname implies verify_outgoing

* mention CVE in the docs.
2018-12-06 13:51:49 -08:00
Hannah Oppenheimer 18d2269ca2 Docs: clarify output vs notes
fixup
2018-12-06 11:25:57 -06:00
Alvin Huang 0e35b10683 clarify how separator should be in CLI and API 2018-12-06 10:59:43 -05:00
danielehc 7a20d2b679 Update configuration.html.md (#5058)
Link to Upstream Configuration was pointing to http://localhost:4567.
Fixed reference.
2018-12-05 16:32:11 +00:00
Stenio Ferreira 3306aa6535 Fixed typos in autopilot doc (#5051) 2018-12-04 07:52:30 -08:00
Jack Pearkes 1ac264e666
website: clarify format of prepared query upstreams (#5026)
This just gives an example of a prepared query upstream
configuration and clarifies the format in the description
2018-11-30 16:22:52 -08:00
Geoffrey Grosenbach 13fcb1b81e Merge branch 'doc-intro-learn-url' 2018-11-29 13:43:29 -08:00
Geoffrey Grosenbach 7a0de19f98
Corrects you/your and camelcasing of "GitHub" (#5018) 2018-11-29 13:41:22 -08:00
Hans Hasselberg 51090ef213
website: capitalize headline (#5024) 2018-11-29 22:39:50 +01:00
Jack Pearkes c8965c840d website: add consul-aws guide from @i0rek (#5023)
* website: add consul-aws guide from @i0rek
2018-11-29 17:18:05 +01:00
kaitlincarter-hc 741e8647a2
Updates to DNS Caching Guide (#5001)
* Updates to DNS Caching Guide

* Spelling and grammar
2018-11-29 08:08:44 -08:00
Geoffrey Grosenbach b9b16c22dc Fixes URL paths to learn.hashicorp.com
Removes `.html` when not needed in order to clean up analytics.
2018-11-28 15:39:28 -08:00
Paul Banks 9a849faeb8
Update security notices around script checks 2018-11-27 17:15:17 +00:00
kaitlincarter-hc 7fa1a97da0
Updated autopilot guide (#4997)
* Updated the autopilot guide to prepare for the migration to the learn platform.

* Correcting typos
2018-11-27 09:10:44 -08:00
R.B. Boyer 5ad9490998
website: remove lingering beta note about Connect (#5009)
[skip ci]
2018-11-27 09:56:26 -06:00
Louis Willcock 8e2ccec8d3 UPDATE snapshot.html.erb - fix formatting on links (#4982)
Links to the `agent` and `inspect` docpages were broken by errant whitespace.
2018-11-26 10:28:33 -08:00
Jack Pearkes 7240d1b27a
guides: remove references to specific versions (#4999)
This changes with time so will opt to not hardcoding this. Investigated using the middleman helper to render
out the current configured version but that won't exist on learn.hashicorp.com so I think this
is the most future-proof way.
2018-11-26 10:26:46 -08:00
Paul Banks ed6f893697
Fix sidecar-service docs 2018-11-26 12:41:47 +00:00
Rebecca Zanzig f55c4c29f1 Update type for resources variables
These were changed to multi-line strings to match the affinity
definition.
2018-11-20 10:56:11 -08:00
kaitlincarter-hc 7b5385055e
Adding the new Consul Template Guide. (#4947)
* Adding the new Consul Template Guide.

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Making updates based on Pauls feedback.

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/consul-template.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Couple more updates based on Pauls feedback.

* updated the intro to include how template can replace api use

* updated the address

* Adding minikube guide to the index page.
2018-11-20 10:17:54 -06:00
Geoffrey Grosenbach 1a552cd6b3
Consul on Minikube guide (#4949)
* Adds images for Minikube guide
* Adds notes about Helm YAML configuration
* Embed Wistia video for Consul Minikube guide
* Cleans up menus, instructions, Helm steps
* Adds captions for all images
* Uses Docker images hosted on hashicorp org for demo
* Adds link to Minikube guide from menu and k8s index page
* Clarify steps in Minikube/Kubernetes guide
2018-11-16 15:17:04 -08:00
Geoffrey Grosenbach 2759fc2286
Fixes links to ACL API docs (#4966)
Was previously pointed to `/api/acl.html` but should be `/api/acl/acl.html`.
This commit fixes all instances of the incorrect link.
2018-11-16 11:06:35 -08:00
Paul Banks 743ddef1ff
Update upgrade-specific.html.md (#4956) 2018-11-14 21:39:59 +00:00
Paul Banks a0ee09f254
Acl upgrade guide (#4880)
* Very WIP upgrade docs. Actual Upgrade notes doneish; token migration guide WIP.

* Token migration guide

* Complete ACL migration guide

* Upgrade guide cleanup

* Updated upgrade and migration guides

* Typo fix

Co-Authored-By: banks <banks@banksco.de>

* Update website/source/docs/guides/acl-migrate-tokens.html.md

Co-Authored-By: banks <banks@banksco.de>

* Update website/source/docs/guides/acl-migrate-tokens.html.md

Co-Authored-By: banks <banks@banksco.de>

* Update upgrade-specific.html.md

* Update website/source/docs/guides/acl-migrate-tokens.html.md

* Update website/source/docs/guides/acl-migrate-tokens.html.md

* Note Multi-DC changes in upgrade guide.

* Update website/source/docs/upgrade-specific.html.md
2018-11-14 15:40:02 +00:00
Jack Pearkes 5faa61a906 Doc changes for 1.4 Final (#4870)
* website: add multi-dc enterprise landing page

* website: switch all 1.4.0 alerts/RC warnings

* website: connect product wording

Co-Authored-By: pearkes <jackpearkes@gmail.com>

* website: remove RC notification

* commmand/acl: fix usage docs for ACL tokens

* agent: remove comment, OperatorRead

* website: improve multi-dc docs

Still not happy with this but tried to make it slightly more informative.

* website: put back acl guide warning for 1.4.0

* website: simplify multi-dc page and respond to feedback

* Fix Multi-DC typos on connect index page.

* Improve Multi-DC overview.

A full guide is a WIP and will be added post-release.

* Fixes typo avaiable > available
2018-11-13 13:43:53 +00:00
Rebecca Zanzig b04e96f889 Update the helm chart join instructions
This fixes some previous incorrect information about the join feature
in the Helm chart. Based on the fix for consul-helm issue 59.
2018-11-12 12:22:18 -08:00
Kyle Havlovitz b0dcf54e50
Merge pull request #4917 from hashicorp/replication-token-cleanup
Use acl replication_token for connect
2018-11-12 09:12:54 -08:00
Rebecca Zanzig bd5ecc4828 Update docs for Helm chart maxUnavailable value
Due to a Helm templating limitation, setting this value to `0` requires
an extra flag when installing. This adds information about that.
2018-11-09 16:58:54 -08:00
Rebecca Zanzig 0b7b3cbd41
Merge pull request #4928 from hashicorp/docs/server-affinity
Add documentation of server affinity Helm chart variable
2018-11-09 12:37:33 -08:00
R.B. Boyer 74520a6470
docs: use hcl heredoc syntax for multi line strings in sentinel examples (#4930) 2018-11-08 16:28:40 -06:00
Rebecca Zanzig 25f5085e6c Add doc info for added server affinity value
Supports newly added functionality to the Helm chart.
2018-11-08 12:07:30 -08:00
Rebecca Zanzig 4323efed53 Reorder Helm chart server values
This matches the ordering in the Helm chart, to make it easier for
users to find information.
2018-11-08 12:06:00 -08:00
R.B. Boyer 480ea8e7c6
docs: remove curly quotes from shell block (#4921) 2018-11-07 10:42:13 -08:00
Kyle Havlovitz ee4f8b79cb
Merge pull request #4912 from hashicorp/acl-doc-fixes
docs: fix some examples in the new ACL guide
2018-11-07 09:23:36 -08:00
Kyle Havlovitz 69a8d149d5
docs: remove leftover typo from replication_token info 2018-11-07 09:22:23 -08:00
Kyle Havlovitz 60bb53d4e6
config: remote connect replication_token 2018-11-07 02:15:37 -08:00
Kyle Havlovitz 604951e466 docs: fix some examples in the new ACL guide 2018-11-06 18:47:44 -08:00
Mike Pettypiece 6ca8138d4e Update consul CLI docs for kv export and import
This will make the kv docs consistent with get/delete/put
2018-11-06 20:19:09 -05:00
Rebecca Zanzig 85372872a5
Merge pull request #4900 from hashicorp/docs/helm-extension
Document options for additional helm chart configuration
2018-11-06 15:39:40 -08:00
Rebecca Zanzig e4be60b25c
Merge pull request #4891 from hashicorp/docs/k8s-storage
Clarify storage usage for consul + k8s
2018-11-05 12:45:22 -08:00
Rebecca Zanzig 3ec036f499 Document options for additional helm chart configuration
There is a fine line between making the helm chart easy and simple to
use and supporting lots of configurability. This documents options for
users who would like to extend the Helm chart beyond what is readily
available in the `values.yaml` file.
2018-11-05 12:20:14 -08:00
Rebecca Zanzig cb36193b74 Clarify storage usage for consul + k8s
This adds two Helm chart values into the documentation with details
that have come up in several issues.

Additionally, it notes that persistent volumes and their claims need
to be removed manually because of current kubernetes and helm design.
2018-11-05 10:50:41 -08:00
R.B. Boyer a5d57f5326
fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
Geoffrey Grosenbach 5a4543cf56 Adds redirects and updates links for learn.hashicorp (#4878)
* Adds redirects for Getting Started pages

* Uses correct links to resources at learn.hashicorp

* Reconfigures "Learn more" links to point to learn.hashicorp

* Links to learn.hashicorp on segmentation page

* Adds redirect for sample config file

* Fixes links to Getting Started guide on learn.hashicorp

* Remove getting started guide which is now on learn.hashicorp

* Corrects link to `consul/io` which should go to `consul.io`

* Revert "Remove getting started guide which is now on learn.hashicorp"

This reverts commit 2cebacf402f83fb936718b41ac9a27415f4e9f21 so a placeholder
message can be written here while we are transitioning content to
learn.hashicorp

* Adding a new page for getting started to direct users to learn.

* Added a note at the being of each doc to notify users about the temporary repo change.

* Revert "Added a note at the being of each doc to notify users about the temporary repo change."

This reverts commit 9a2a8781f9705028e4f53f758ef235e74b2b7198.

From conversation at https://github.com/hashicorp/consul/pull/4878

* Removes redirect from sample web.json demo file

* Removed typo
2018-11-01 14:44:49 -07:00
Anubhav Mishra 80776eead4
Clarify sync wording.
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2018-10-31 13:18:50 -07:00
Anubhav Mishra 548c8e798d
Updating configuration wording.
Co-Authored-By: adilyse <rebecca@hashicorp.com>
2018-10-31 13:18:01 -07:00
Rebecca Zanzig e2a1b2fa2d Update Helm docs to include the default flag for catalog sync
Additionally fixes an issue with quotes on the related annotation.
2018-10-30 16:37:04 -07:00
Jack Pearkes a2485f60af
website: clarify log file filename format (#4856)
Fixes #4697
2018-10-29 09:29:14 -07:00
Sébastien Portebois a0614aadca website: broken partial rendering and missing id (#4862)
* Fix partial rendering in service command (CLI) help
* Fix sample JSON to be a valid json for service registration
* Add missing id field to make the complete document complete.
2018-10-29 01:41:25 -07:00
Martin Halder 62dae2fd9f website: fix minor typo in documentation (#4864) 2018-10-29 01:33:42 -07:00
Paul Banks e2fa2b133b Correct prometheus docs (#4805) 2018-10-26 12:11:57 -07:00
Jack Pearkes b6cb4f3465
Fix some broken links in docs (#4858)
* website: let curl make noise during website deploy

* website: fix a handful of broken links
2018-10-26 10:55:12 -07:00
Rebecca Zanzig 478f1b749f
Merge pull request #4828 from hashicorp/docs/helm-16-getting-started
Update the `join` command format in the k8s Running Consul section
2018-10-25 15:47:14 -07:00
Rebecca Zanzig 3a961dc98b
Merge pull request #4854 from hashicorp/docs/k8s+helm
Add connectInject `image` info into helm docs
2018-10-25 15:07:36 -07:00
Hans Hasselberg 22481039ca
website: sync guides list with guides sidebar. (#4831) 2018-10-25 12:07:26 -07:00
Rebecca Zanzig 0ddfb602df Add connectInject image info into helm docs
This field was added back into the helm chart, but it was not added
back to the documentation. This adds it, then additionally fixes a
few typos in the same file.
2018-10-25 08:41:59 -07:00
Matt Keeler 8fa3d61d25
Implement CLI token cloning & special ID handling (#4827)
* Implement CLI token cloning & special ID handling

* Update a couple CLI commands to take some alternative options.

* Document the CLI.

* Update the policy list and set-agent-token synopsis
2018-10-24 10:24:29 -04:00
Martin Logan ca9a54bea5 website: Update deprecated script tag in example. (#4790)
Signed-off-by: Martin Logan <mlogan@fanatics.com>
2018-10-24 07:21:20 -07:00
Matt Keeler c95927a9a8
Fix some uuids and make it clear that the SecretID is used for agent tokens (#4845) 2018-10-24 09:47:55 -04:00
Rebecca Zanzig e3d9d570ed Update the join command format in the k8s Running Consul section
Based on info from consul-helm issue 16, the formatting of the helm
chart value for joining an external cluster needs to be specified
as a yaml array. This updates the documentation to reflect this.
2018-10-22 14:08:13 -07:00
Matt Keeler b816bee165 ACL documentation (#4824)
* Updating the ACL guide.

* Update the docs correctly

* Finish updating the ACL docs - for now.
2018-10-19 13:26:31 -07:00
Matt Keeler 99e0a124cb
New ACLs (#4791)
This PR is almost a complete rewrite of the ACL system within Consul. It brings the features more in line with other HashiCorp products. Obviously there is quite a bit left to do here but most of it is related docs, testing and finishing the last few commands in the CLI. I will update the PR description and check off the todos as I finish them over the next few days/week.
Description

At a high level this PR is mainly to split ACL tokens from Policies and to split the concepts of Authorization from Identities. A lot of this PR is mostly just to support CRUD operations on ACLTokens and ACLPolicies. These in and of themselves are not particularly interesting. The bigger conceptual changes are in how tokens get resolved, how backwards compatibility is handled and the separation of policy from identity which could lead the way to allowing for alternative identity providers.

On the surface and with a new cluster the ACL system will look very similar to that of Nomads. Both have tokens and policies. Both have local tokens. The ACL management APIs for both are very similar. I even ripped off Nomad's ACL bootstrap resetting procedure. There are a few key differences though.

    Nomad requires token and policy replication where Consul only requires policy replication with token replication being opt-in. In Consul local tokens only work with token replication being enabled though.
    All policies in Nomad are globally applicable. In Consul all policies are stored and replicated globally but can be scoped to a subset of the datacenters. This allows for more granular access management.
    Unlike Nomad, Consul has legacy baggage in the form of the original ACL system. The ramifications of this are:
        A server running the new system must still support other clients using the legacy system.
        A client running the new system must be able to use the legacy RPCs when the servers in its datacenter are running the legacy system.
        The primary ACL DC's servers running in legacy mode needs to be a gate that keeps everything else in the entire multi-DC cluster running in legacy mode.

So not only does this PR implement the new ACL system but has a legacy mode built in for when the cluster isn't ready for new ACLs. Also detecting that new ACLs can be used is automatic and requires no configuration on the part of administrators. This process is detailed more in the "Transitioning from Legacy to New ACL Mode" section below.
2018-10-19 12:04:07 -04:00
Jack Pearkes a10297c15b
website: minor notes about 1.4.0 (#4820) 2018-10-19 08:52:56 -07:00
Pierre Souchay a72f92cac6 dns: implements prefix lookups for DNS TTL (#4605)
This will fix https://github.com/hashicorp/consul/issues/4509 and allow forinstance lb-* to match services lb-001 or lb-service-007.
2018-10-19 08:41:04 -07:00
Jack Pearkes e0e33aee26 website: note Envoy support in Nomad guide (#4787) 2018-10-19 08:41:03 -07:00
Jack Pearkes 197d62c6ca New command: consul debug (#4754)
* agent/debug: add package for debugging, host info

* api: add v1/agent/host endpoint

* agent: add v1/agent/host endpoint

* command/debug: implementation of static capture

* command/debug: tests and only configured targets

* agent/debug: add basic test for host metrics

* command/debug: add methods for dynamic data capture

* api: add debug/pprof endpoints

* command/debug: add pprof

* command/debug: timing, wg, logs to disk

* vendor: add gopsutil/disk

* command/debug: add a usage section

* website: add docs for consul debug

* agent/host: require operator:read

* api/host: improve docs and no retry timing

* command/debug: fail on extra arguments

* command/debug: fixup file permissions to 0644

* command/debug: remove server flags

* command/debug: improve clarity of usage section

* api/debug: add Trace for profiling, fix profile

* command/debug: capture profile and trace at the same time

* command/debug: add index document

* command/debug: use "clusters" in place of members

* command/debug: remove address in output

* command/debug: improve comment on metrics sleep

* command/debug: clarify usage

* agent: always register pprof handlers and protect

This will allow us to avoid a restart of a target agent
for profiling by always registering the pprof handlers.

Given this is a potentially sensitive path, it is protected
with an operator:read ACL and enable debug being
set to true on the target agent. enable_debug still requires
a restart.

If ACLs are disabled, enable_debug is sufficient.

* command/debug: use trace.out instead of .prof

More in line with golang docs.

* agent: fix comment wording

* agent: wrap table driven tests in t.run()
2018-10-19 08:41:03 -07:00
Kyle Havlovitz 96a35f8abc re-add Connect multi-dc config changes
This reverts commit 8bcfbaffb6588b024cd1a3cf0952e6bfa7d9e900.
2018-10-19 08:41:03 -07:00
Rebecca Zanzig e81571d6e9 Add additional formatting detail to the Helm join command
In response to consul-helm issue 16.
2018-10-17 12:53:44 -07:00
Jack Pearkes 847a0a5266 Revert "Connect multi-dc config" (#4784) 2018-10-11 17:32:45 +01:00
danielehc 6c12a35834
Update creating-certificates.html.md (#4780)
In case `verify_server_hostname` is set in the configuration, Consul checks the certificate against  `server.<datacenter>.<domain>`.

The name suggested by the guide generates errors like the following:
```
2018/10/10 12:42:20 [ERR] consul: Failed to confirm peer status for consul-3: rpc error getting client: failed to get conn: x509: certificate is valid for server.node.consul.labs, localhost, not server.consul.labs. Retrying in 16s...
```

Removing the `node` part from the certificate permits them to work also when that option is set.
2018-10-11 14:23:51 +02:00
Aestek 260a9880ae [Security] Add finer control over script checks (#4715)
* Add -enable-local-script-checks options

These options allow for a finer control over when script checks are enabled by
giving the option to only allow them when they are declared from the local
file system.

* Add documentation for the new option

* Nitpick doc wording
2018-10-11 13:22:11 +01:00
Paul Banks e95d78483d
Be more explicit about rolling upgrade process 2018-10-11 11:44:20 +01:00
Paul Banks bf634fafee
Move 1.0.6 upgrade docs that were added in the wrong place 2018-10-11 11:38:55 +01:00
Paul Banks 94332edf2e
[WIP] Initial draft of Sidecar Service and Managed Proxy deprecation docs (#4752)
* Initial draft of Sidecar Service and Managed Proxy deprecation docs

* Service definition deprecation notices and sidecar service

* gRPC and sidecar service config options; Deprecate managed proxy options

* Envoy Docs: Basic envoy command; envoy getting started/intro

* Remove change that snuck in

* Envoy custom config example

* Add agent/service API docs; deprecate proxy config endpoint

* Misc grep cleanup for managed proxies; capitalize Envoy

* Updates to getting started guide

* Add missing link

* Refactor Envoy guide into a separate guide and add bootstrap reference notes.

* Add limitations to Envoy docs; Highlight no fixes for known managed proxy issues on deprecation page; clarify snake cae stuff; Sidecar Service lifecycle
2018-10-11 10:44:42 +01:00
Pierre Souchay 42f250fa53 Added SOA configuration for DNS settings. (#4714)
This will allow to fine TUNE SOA settings sent by Consul in DNS responses,
for instance to be able to control negative ttl.

Will fix: https://github.com/hashicorp/consul/issues/4713

# Example

Override all settings:

* min_ttl: 0 => 60s
* retry: 600 (10m) => 300s (5 minutes),
* expire: 86400 (24h) => 43200 (12h)
* refresh: 3600 (1h) => 1800 (30 minutes)

```
consul agent -dev -hcl 'dns_config={soa={min_ttl=60,retry=300,expire=43200,refresh=1800}}'
```

Result:
```
dig +multiline @localhost -p 8600 service.consul

; <<>> DiG 9.12.1 <<>> +multiline @localhost -p 8600 service.consul
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36557
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;service.consul.		IN A

;; AUTHORITY SECTION:
consul.			0 IN SOA ns.consul. hostmaster.consul. (
				1537959133 ; serial
				1800       ; refresh (30 minutes)
				300        ; retry (5 minutes)
				43200      ; expire (12 hours)
				60         ; minimum (1 minute)
				)

;; Query time: 4 msec
;; SERVER: 127.0.0.1#8600(127.0.0.1)
;; WHEN: Wed Sep 26 12:52:13 CEST 2018
;; MSG SIZE  rcvd: 93
```
2018-10-10 15:50:56 -04:00
Kyle Havlovitz 0cbd176a48 connect/ca: more OSS split for multi-dc 2018-10-10 12:17:59 -07:00
Kyle Havlovitz 5b98a602af agent: add primary_datacenter and connect replication config options 2018-10-10 12:17:59 -07:00
Kyle Havlovitz 475afd0300 docs: deprecate acl_datacenter and replace it with primary_datacenter 2018-10-10 12:16:47 -07:00
Paul Banks 92fe8c8e89 Add Proxy Upstreams to Service Definition (#4639)
* Refactor Service Definition ProxyDestination.

This includes:
 - Refactoring all internal structs used
 - Updated tests for both deprecated and new input for:
   - Agent Services endpoint response
   - Agent Service endpoint response
   - Agent Register endpoint
     - Unmanaged deprecated field
     - Unmanaged new fields
     - Managed deprecated upstreams
     - Managed new
   - Catalog Register
     - Unmanaged deprecated field
     - Unmanaged new fields
     - Managed deprecated upstreams
     - Managed new
   - Catalog Services endpoint response
   - Catalog Node endpoint response
   - Catalog Service endpoint response
 - Updated API tests for all of the above too (both deprecated and new forms of register)

TODO:
 - config package changes for on-disk service definitions
 - proxy config endpoint
 - built-in proxy support for new fields

* Agent proxy config endpoint updated with upstreams

* Config file changes for upstreams.

* Add upstream opaque config and update all tests to ensure it works everywhere.

* Built in proxy working with new Upstreams config

* Command fixes and deprecations

* Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts...

TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct.

* Fix translated keys in API registration.
≈

* Fixes from docs
 - omit some empty undocumented fields in API
 - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally.

* Documentation updates for Upstreams in service definition

* Fixes for tests broken by many refactors.

* Enable travis on f-connect branch in this branch too.

* Add consistent Deprecation comments to ProxyDestination uses

* Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
2018-10-10 16:55:34 +01:00
Paul Banks 5b0d4db6bc Support Agent Caching for Service Discovery Results (#4541)
* Add cache types for catalog/services and health/services and basic test that caching works

* Support non-blocking cache types with Cache-Control semantics.

* Update API docs to include caching info for every endpoint.

* Comment updates per PR feedback.

* Add note on caching to the 10,000 foot view on the architecture page to make the new data path more clear.

* Document prepared query staleness quirk and force all background requests to AllowStale so we can spread service discovery load across servers.
2018-10-10 16:55:34 +01:00
Mitchell Hashimoto 1e81b23bbb
Merge pull request #4766 from hashicorp/f-connect-inject
website: add docs for the Connect injection
2018-10-10 08:23:56 -07:00
Matt Ho 70cedfd10a website: fix typo in connect example (#4774) 2018-10-10 11:01:57 +02:00
Mitchell Hashimoto 293194e7f2
website: address PR feedback 2018-10-09 09:30:37 -07:00
Hannah Oppenheimer 29170340b3 Clarify enable_tag_override explanation
In designing a potential UI for a configuration of `enable_tag_override`,
I found the documentation confusing and lengthy. Here, I've made an
attempt at re-writing this section to be more concise and clear.

I also made a few small changes to the organization of this file to map
explanations to the order of the properties listing at the top. I find
it easier to scan docs when explanations appear in the same order they
are listed at the top. For explanations that span multiple paragraphs, I
provided a subheading, which also helps in linking from other pages.

Finally, I removed a duplicated paragraph from the documentation.
2018-10-09 09:55:44 -05:00
Mitchell Hashimoto 374ab6ff5f
website: note that env vars are set 2018-10-08 09:55:55 -07:00
Mitchell Hashimoto e3786a6d1c
website: address some PR feedback 2018-10-08 08:24:25 -07:00
Mitchell Hashimoto 57834a307f
website: add docs for the Connect injection 2018-10-07 23:47:08 -07:00
Dan Brown a10f1ce2df Fix retry_join config documentation (#4757)
'retry_join': source data must be an array or slice, got string
2018-10-05 14:16:02 -04:00
Matt Keeler 71297a6b9d
Update the snapshot agent documentation(#4758)
Detail the S3 permissions required in addition to a gotcha regarding having part of the key within the S3 bucket name configuration.
2018-10-05 13:55:06 -04:00
Chris Hoffman e7820bc9cb typo: missing space 2018-10-05 11:33:28 -05:00
Freddy 851bf8c2eb Update semaphore guide (#4661)
* Fill in gaps in semaphore guide
* Update to match that values come back b64 encoded
* Add that the value needs to be decoded
* Remove outdated reference to session1
* Fix some typos
* Clarify what is mean by a session having an active key
* Clarify requirements for lock holders in semaphore guide
2018-10-04 12:06:53 -10:00
danielehc 20ae959be8 Update options.html.md (#4753) 2018-10-04 19:28:26 +01:00
Dan Brown 2fac2d1439 Add Deployment Guide and update links (#4487)
* Adds Deployment Guide and update links
* Fixes releases link
* Re-organisation of content
* Cuts down "deployment" doc (which should focus on Reference Architecture) by moving raft and performance tuning to the Server Performance page which already covers some of this.
* Moves backups from "deployment" doc (which should focus on Reference Architecture) to "deployment-guide"
* Cleans up some notes and add single DC diagram
* Removes old link to deployment guide from nav
* Corrects minor styling, formatting, and grammar
2018-10-03 11:37:36 -10:00
Mitchell Hashimoto d80c383198
Merge pull request #4732 from hashicorp/f-service-cli
cli: add `services register` and  `deregister`
2018-10-02 12:45:58 -07:00
Mitchell Hashimoto 0258fc94d5
website: clarify that downward API works in any pod spec 2018-10-01 10:35:09 -07:00
Mitchell Hashimoto 3bbbc3fd66
website: docs for services CLI 2018-10-01 10:27:15 -07:00
Mitchell Hashimoto f1f951d491
website: clarify that the server cluster can run anywhere 2018-09-26 08:41:25 -05:00
Mitchell Hashimoto add6b8e05e
website: clarify coredns requirement 2018-09-25 23:37:21 -05:00
Mitchell Hashimoto a69acc076d
website: address feedback 2018-09-25 21:55:32 -05:00
Mitchell Hashimoto 9ca5ddfe38
website: fix the description of the sync page 2018-09-25 17:56:19 -05:00
Mitchell Hashimoto 697719c4e1
Add new helm fields 2018-09-25 09:20:36 -05:00
Mitchell Hashimoto fb7d1fe348
website: document helm options 2018-09-23 17:29:18 -07:00
Mitchell Hashimoto 2042fbe602
website: document consul-k8s 2018-09-23 17:15:54 -07:00
Mitchell Hashimoto ff1b78b818
website: docs for catalog sync 2018-09-23 17:12:14 -07:00
Alvaro Miranda Aguilera 9ac38c2c7f fix typo on connect/index (#4681)
wtihin -> within
2018-09-17 12:06:47 +01:00
Mitchell Hashimoto b7f7571886
website: correct chart casing 2018-09-13 14:45:40 -07:00
Mitchell Hashimoto 62ceacde67 website: document k8s go-discover (#4666)
This adds documentation for the `k8s` go-discover provider that will be part of 1.2.3.
2018-09-13 10:12:27 -04:00
Mitchell Hashimoto b69342f0c1
Initial Helm Chart/K8S Docs (#4653)
* website: initial Kubernetes section with Helm information

* website: extraConfig for clients

* website: add more helm fields

* website: document extraVolumes

* website: document Consul DNS

* website: fix typos and show example of downward API
2018-09-12 08:44:30 -07:00
Freddy 7a19f2a6da
Update snapshot agent docs to include s3-endpoint (#4652) 2018-09-11 16:32:31 +01:00
Matt Keeler 61a5c965c9
Ensure that errors setting up the DNS servers get propagated back to the shell (#4598)
Fixes: #4578 

Prior to this fix if there was an error binding to ports for the DNS servers the error would be swallowed by the gated log writer and never output. This fix propagates the DNS server errors back to the shell with a multierror.
2018-09-07 10:48:29 -04:00
Pierre Souchay 473e589d86 Implementation of Weights Data structures (#4468)
* Implementation of Weights Data structures

Adding this datastructure will allow us to resolve the
issues #1088 and #4198

This new structure defaults to values:
```
   { Passing: 1, Warning: 0 }
```

Which means, use weight of 0 for a Service in Warning State
while use Weight 1 for a Healthy Service.
Thus it remains compatible with previous Consul versions.

* Implemented weights for DNS SRV Records

* DNS properly support agents with weight support while server does not (backwards compatibility)

* Use Warning value of Weights of 1 by default

When using DNS interface with only_passing = false, all nodes
with non-Critical healthcheck used to have a weight value of 1.
While having weight.Warning = 0 as default value, this is probably
a bad idea as it breaks ascending compatibility.

Thus, we put a default value of 1 to be consistent with existing behaviour.

* Added documentation for new weight field in service description

* Better documentation about weights as suggested by @banks

* Return weight = 1 for unknown Check states as suggested by @banks

* Fixed typo (of -> or) in error message as requested by @mkeeler

* Fixed unstable unit test TestRetryJoin

* Fixed unstable tests

* Fixed wrong Fatalf format in `testrpc/wait.go`

* Added notes regarding DNS SRV lookup limitations regarding number of instances

* Documentation fixes and clarification regarding SRV records with weights as requested by @banks

* Rephrase docs
2018-09-07 15:30:47 +01:00
Geoffrey Grosenbach 36fa155675
Adds XL machine spec and notes on large deployments (#4622)
* Adds XL machine spec and notes on large deployments
* Clarifies machine sizes
* Fixes internal links within the document
* Moves datacenter size guidelines to "Single Datacenter" section
2018-08-31 10:41:48 -05:00
Siva Prasad 59dea9a31f
Adds a new command line flag -log-file for file based logging. (#4581)
* Added log-file flag to capture Consul logs in a user specified file

* Refactored code.

* Refactored code. Added flags to rotate logs based on bytes and duration

* Added the flags for log file and log rotation on the webpage

* Fixed TestSantize from failing due to the addition of 3 flags

* Introduced changes : mutex, data-dir log writes, rotation logic

* Added test for logfile and updated the default log destination for docs

* Log name now uses UnixNano

* TestLogFile is now uses t.Parallel()

* Removed unnecessary int64Val function

* Updated docs to reflect default log name for log-file

* No longer writes to data-dir and adds .log if the filename has no extension
2018-08-29 16:56:58 -04:00
Freddy 31c5e19e2f
Correct rpc telemetry docs (#4602) 2018-08-28 16:38:22 -04:00
Jack Pearkes a1bd33da11
website: use 127.0.0.1 instead of consul.rocks (#4523)
By default, the Consul agent listens on the local interface
at port 8500 for API requests. This change makes the API examples
using `curl` copy-pasteable for this default configuration.
2018-08-28 09:07:15 -07:00
Rémi Jouannet 3d5d7ba6df
Update monitoring-telegraf.html.md 2018-08-24 16:48:02 +02:00
jjshanks 12342e0d0e Update intentions documentation to clarify ACL behavior (#4546)
* Update intentions documentation to clarify ACL behavior

* Incorprate @banks suggestions into docs

* Fix my own typos!
2018-08-20 20:03:53 +01:00
Miroslav Bagljas 8f7e87439a Fixes #4483: Add support for Authorization: Bearer token Header (#4502)
Added Authorization Bearer token support as per RFC6750

* appended Authorization header token parsing after X-Consul-Token
* added test cases
* updated website documentation to mention Authorization header

* improve tests, improve Bearer parsing
2018-08-17 16:18:42 -04:00
sandstrom 0e987522d9 Clarify port usage for agents (#4510) 2018-08-14 16:10:01 -07:00
Paul Banks 352057b956
Update intentions.html.md 2018-08-14 15:09:45 +01:00
Geoffrey Grosenbach d3573d7c27
Consul Production Deployment Guide
Renames guide to "Production Deployment"
Adds link in sidebar menu.
Implements edits suggested by Consul engineering team.
2018-08-10 11:51:05 -07:00
Geoffrey Grosenbach c2c6765fc0 Remove all mention of Atlas, even in deprecated changelogs 2018-08-03 10:51:18 -07:00
Jack Pearkes 5c993a3f5f
Clarification for serf_wan documentation (#4459)
* updates docs for agent options

trying to add a little more clarity to suggestion that folks should use
port 8302 for both LAN and WAN comms

* website: clarify language for serf wan port behavior
2018-08-02 10:25:25 -07:00
Jeff Escalante 2dea506400 a couple more corrections 2018-07-27 19:39:44 -04:00
Jeff Escalante 60e1450606 fix a couple html errors (#4456) 2018-07-26 16:30:24 -07:00
Christie Koehler fb4a902ca3 docs: Update links to ttl health check endpoints. (#4208)
* docs: Update links to ttl health check endpoints.

* remove absolute URLs
2018-07-26 16:14:44 -07:00
Matt Keeler 5c7c58ed26
Gossip tuneables (#4444)
Expose a few gossip tuneables for both lan and wan interfaces

gossip_nodes
gossip_interval
probe_timeout
probe_interval
retransmit_mult
suspicion_mult
2018-07-26 11:39:49 -04:00
Paul Banks c4be0d2a4f
Document managed proxy logs (#4447)
* Document proxy logs

* Add extra note about terminating proxies
2018-07-26 13:56:28 +01:00
Paul Banks 25628f0e69
Add config option to disable HTTP printable char path check (#4442) 2018-07-26 13:53:39 +01:00
Kyle Havlovitz ecc02c6aee
Merge pull request #4400 from hashicorp/leaf-cert-ttl
Add configurable leaf cert TTL to Connect CA
2018-07-25 17:53:25 -07:00
Siva Prasad a5ebab63e7 Vendoring update for go-discover. (#4412)
* New Providers added and updated vendoring for go-discover

* Vendor.json formatted using make vendorfmt

* Docs/Agent/auto-join: Added documentation for the new providers introduced in this PR

* Updated the golang.org/x/sys/unix in the vendor directory

* Agent: TestGoDiscoverRegistration updated to reflect the addition of new providers

* Deleted terraform.tfstate from vendor.

* Deleted terraform.tfstate.backup

Deleted terraform state file artifacts from unknown runs.

* Updated x/sys/windows vendor for Windows binary compilation
2018-07-25 16:21:04 -07:00
Pierre Souchay 7bf22a5091 Added explainations on how having a working configuration for Prometheus (#4397)
* Added explainations on how having a working configuration for Prometheus

Since Prometheus escapes by default query parameters, this paragraph explains
how having `format=prometheus` to be taken into account by prometheus.

* Rephrase Prometheus notes in documentation as requested by @pearkes
2018-07-25 16:17:38 -07:00
Sergey Shepelev e6dea80797 website: typo in node meta additional section (#4429) 2018-07-25 13:32:36 -07:00
Paul Banks 17de36c36e
Allow config-file based Service Definitions for unmanaged proxies and Connect-natice apps. (#4443) 2018-07-25 19:55:41 +01:00
Paul Banks feeea60dea
Ooops that was meant to be to a branch no master... EMORECOFFEE
Revert "Add config option to disable HTTP printable char path check"

This reverts commit eebe45a47b4df5c0271b17f0fd1bd85db8bdefca.
2018-07-25 15:54:11 +01:00
Paul Banks d6c16dd0ad
Add config option to disable HTTP printable char path check 2018-07-25 15:52:37 +01:00
Paul Banks 186987874c
Merge pull request #4353 from azam/add-serf-lan-wan-port-args
Make RPC, Serf LAN, Serf WAN port configurable from CLI
2018-07-24 12:33:10 +01:00
Peter Souter 056db5d697 Adds Monitoring with Telegraf guide (#4227)
* Installing Telegraf
* Configuring Telegraf 
* Configuring Consul to send metrics to Telegraf
* Important metrics and aggregates
2018-07-23 16:46:43 -07:00
Kyle Havlovitz a125735d76
connect/ca: check LeafCertTTL when rotating expired roots 2018-07-20 16:04:04 -07:00
Mitchell Hashimoto 5c42dacef4
Merge pull request #4320 from hashicorp/f-alias-check
Add "Alias" Check Type
2018-07-20 13:01:33 -05:00