Andreas Böttger
13c1315916
json syntax corrected
2016-10-04 15:40:53 +02:00
Brian Shumate
7fbec39f1f
Clarify retry_join addresses for #1462
...
- Initial pass at adding note about address formats for retry_join;
IPv4 is a list of IPs only, whereas IPv6 are bracketed IPs + port
2016-10-03 12:15:24 -04:00
Brian Shumate
df41000a94
Update variable value information as port must also be specified, fixes #2210
2016-09-29 12:50:00 -04:00
Brian Shumate
a470c4901a
Finalize update for -bind
2016-09-27 18:36:19 -04:00
Brian Shumate
bd43bd9981
Clarification
2016-09-27 12:38:32 -04:00
Brian Shumate
ac9e1d6a10
Correct inaccurate bind reference, closes #2234
2016-09-27 12:05:22 -04:00
James Phillips
0c8add2a1f
Merge pull request #2362 from mckennajones/cliflagformatting
...
Making CLI flag formatting consistent in the docs
2016-09-27 07:51:56 -07:00
James Phillips
9910cbfa0a
Update operator.html.markdown
2016-09-27 06:25:51 -07:00
McKenna Jones
3390063ec6
cli flag formatting for agent docs and one guide
2016-09-26 21:22:01 -07:00
Seth Vargo
784b45a5b6
Update cas docs
2016-09-26 16:15:27 -07:00
Seth Vargo
e3430e6806
Remove base64 comment entirely
2016-09-26 16:10:22 -07:00
Seth Vargo
70fd7efde9
Fix CAS operations for put
2016-09-26 16:06:56 -07:00
Seth Vargo
9cd78ea4d4
Update kv get docs
2016-09-26 16:06:56 -07:00
Seth Vargo
46f4093f14
Change delete CAS behavior to require ModifyIndex
2016-09-26 16:06:55 -07:00
Seth Vargo
533e4b3168
Add top-level docs command
2016-09-26 16:06:54 -07:00
Seth Vargo
ce5c820c4a
Add kv delete command
2016-09-26 16:06:53 -07:00
Seth Vargo
d5dd8ef7a1
Add kv put command
2016-09-26 16:06:53 -07:00
Seth Vargo
a8dc0f86b6
Add kv get
2016-09-26 16:06:53 -07:00
James Phillips
8a5d6f4d00
Update keyring.html.markdown
2016-09-23 16:00:05 -07:00
Seth Vargo
6a6d169ace
Clarify that hostname defaults to localhost for tcp
2016-09-21 12:20:36 -04:00
Brian Shumate
af45d3463a
Remove references to the 'unknown' state.
...
- Remove reference to 'unknown' state in catalog endpoint docs
- Remove reference to 'unknown' state in health endpoint docs
2016-09-21 09:50:12 -04:00
James Phillips
daa8a40993
Adds Operator endpoint link.
2016-09-15 13:13:09 -07:00
James Phillips
27061563ea
Tweaks wording in lifeguard section.
2016-09-14 10:17:23 -07:00
James Phillips
b7cf261f38
Adds a section about lifeguard.
2016-09-14 10:09:23 -07:00
Pawel Szymczyk
4c82447726
remove reference to localhost in operator.html.markdown
2016-09-14 12:12:27 +02:00
James Phillips
3b1f368fe5
Adds version note to near parameter.
2016-09-06 07:50:06 -07:00
James Phillips
6db4aea4c4
Tweaks options doc after latest merges.
2016-09-01 22:18:34 -07:00
James Phillips
aed72ccc60
Merge pull request #2263 from sweeneyb/dnsPort
...
Add support for dns port as a command line option
2016-09-01 22:16:15 -07:00
James Phillips
1924eccf71
Merge pull request #2322 from hashicorp/pr-2321-slackpad
...
Adds a configurable timeout for DNS recursor client.
2016-09-01 22:11:54 -07:00
James Phillips
ca71911eed
Tweaks documentation.
2016-09-01 21:50:46 -07:00
James Phillips
d623366201
Merge pull request #2320 from hashicorp/f-leave
...
Changes default for `leave_on_terminate` based on server or client mode.
2016-09-01 09:08:10 -07:00
Pivotal DX129
2682410059
Merge remote-tracking branch 'upstream/master'
2016-09-01 10:15:32 -04:00
James Phillips
6036f855a9
Cleans up the upgrade guide.
2016-09-01 00:22:09 -07:00
James Phillips
d419a0ae0d
Changes default for leave_on_terminate
based on server or client mode.
2016-08-31 23:39:11 -07:00
James Phillips
2deda0c65b
Adds a note about stale reads to the performance guide.
2016-08-30 18:11:05 -07:00
James Phillips
3304352272
Changes default DNS allow_stale to true.
2016-08-30 13:55:19 -07:00
James Phillips
c063a1a8d0
Updates documentation with details on the Consul operator actions.
2016-08-30 13:15:37 -07:00
James Phillips
1b7a16b7d3
Adds new consul operator endpoint, CLI, and ACL and some basic Raft commands.
2016-08-30 00:02:50 -07:00
Pierre Delagrave
a5fccc45db
Added website documentation for the new recursor_timeout parameter
2016-08-29 14:41:30 -04:00
James Phillips
6f030a1167
Tweaks formatting of Consul version.
2016-08-25 17:12:55 -07:00
James Phillips
1e5c4b4bcb
Adds top-level link to performance guide.
2016-08-25 16:54:29 -07:00
James Phillips
668cf9cea2
Fixes a typo in the performance guide.
2016-08-25 16:13:54 -07:00
James Phillips
07df993129
Adds a note about 2 CPU cores.
2016-08-25 15:59:18 -07:00
James Phillips
2f4c237cff
Adds a max raft multiplier and tweaks documentation.
2016-08-25 15:36:05 -07:00
James Phillips
69bcf86535
Tweaks wording in performance guide.
2016-08-24 22:10:59 -07:00
James Phillips
b339b0d2fc
Adds performance tuning capability for Raft, detuned defaults, and supplemental docs.
2016-08-24 21:58:37 -07:00
Brian Shumate
b1164d256e
Fix typo
2016-08-18 09:14:15 -04:00
James Phillips
18701c5019
Update outage.html.markdown
2016-08-17 18:41:56 -07:00
James Phillips
1820de27fc
Merge pull request #2235 from robwdux/patch-1
...
update ca tutorial to one more recent and relevant
2016-08-17 18:00:03 -07:00
James Phillips
5f5e0b3e76
Makes protocol version a little clearer.
2016-08-17 11:29:09 -07:00
James Phillips
db4666c7e4
Update acl.html.markdown
2016-08-17 10:21:59 -07:00
kyhavlov
5bd32c0316
Fix links for ACL replication status
2016-08-17 12:41:04 -04:00
James Phillips
a6b925521c
Update outage.html.markdown
2016-08-16 15:48:22 -07:00
James Phillips
ac3935249e
Updates the 0.7-specific upgrade notes.
2016-08-16 15:10:52 -07:00
James Phillips
cfd5e1ba6a
Updates the outage docs with details about new Raft behavior.
2016-08-16 15:10:37 -07:00
James Phillips
1f171a0aac
Updates version documentation.
2016-08-16 14:15:13 -07:00
James Phillips
db9a72dde1
Merge branch 'master' into f-deregister-critical
2016-08-16 12:53:21 -07:00
James Phillips
607595f99e
Cleans up based on code review feedback.
2016-08-16 12:52:30 -07:00
James Phillips
bc333335be
Adds an X-Consul-Translate-Addresses
to signal translation is enabled.
2016-08-16 11:31:41 -07:00
James Phillips
817d7e93e4
Adds an "lan" tagged address so we have a way to get them all.
...
If we didn't have this, then there would be no way to know the LAN
address if address translation was turned on.
2016-08-16 10:49:03 -07:00
James Phillips
f517f9ed0d
Fixes a typo and adds an admonition about only being in Consul 0.7+.
2016-08-16 09:27:20 -07:00
James Phillips
b4f981c837
Adds ability to deregister a service based on critical check state longer than a timeout.
2016-08-16 01:00:26 -07:00
James Phillips
4ca26f68fd
Tweaks translate_wan_addr documentation.
...
Adds a note about HTTP being 0.7 and later only.
2016-08-15 16:23:01 -07:00
James Phillips
3af9257cb8
Merge pull request #2275 from hashicorp/pr-2118-slackpad
...
Translates node addresses to WAN addresses where appropriate.
2016-08-15 16:16:56 -07:00
James Phillips
ee2e161dfe
Updates docs for WAN address translation and tweaks some nearby unrelated docs.
2016-08-15 16:12:01 -07:00
Brian Shumate
dc7824b0cd
Add anchor
2016-08-15 16:48:54 -04:00
James Phillips
64ff915823
Merge pull request #2241 from io41/patch-1
...
Update upgrading.html.markdown
2016-08-12 16:46:30 -07:00
James Phillips
31ad878324
Merge pull request #2246 from atomicpirate/patch-1
...
Minor fix: "lookup up" -> "looking up"
2016-08-12 16:45:41 -07:00
James Phillips
9afac9e2c3
Merge pull request #2266 from hashicorp/pr-2096-slackpad
...
Compresses all DNS responses by default.
2016-08-11 16:28:51 -07:00
James Phillips
086a5af5ff
Finishes up DNS compression by adding opt-out, tests, and documentation. Fixes trim routine.
2016-08-11 16:27:08 -07:00
James Phillips
8f789d11fc
Merge pull request #2006 from fusiondog/patch-1
...
Adds documentation about DNS forwarding with iptables.
2016-08-10 16:52:32 -07:00
James Phillips
f471c6e2ad
Merge pull request #2264 from hashicorp/pr-2045-slackpad
...
Enables stale mode for watchers.
2016-08-10 15:58:34 -07:00
James Phillips
32cf81e59c
Fixes a typo and adds stale documentation to website.
2016-08-10 15:46:28 -07:00
sweeneyb
e8117ba622
Add support for dns port as a command line option
2016-08-10 04:05:56 +00:00
James Phillips
359587f70e
Removes support for muxado and protocol version 1.
2016-08-09 18:10:04 -07:00
James Phillips
ff64833b4a
Adds a note about HTTP telemetry.
2016-08-09 16:03:59 -07:00
James Phillips
3585b5a4cb
Merge pull request #2237 from hashicorp/f-acl-replication
...
Adds ACL replication.
2016-08-09 11:42:16 -07:00
Seth Vargo
dee626c6f2
Update links to serf
2016-08-08 12:44:27 -04:00
atomicpirate
d1493cd9ca
Minor fix: "lookup up" -> "looking up"
2016-08-05 10:18:13 -04:00
James Phillips
5577b8ef66
Updates documentation for ACL replication.
2016-08-05 00:23:28 -07:00
James Phillips
661f36ecdf
Update upgrade-specific.html.markdown
2016-08-04 06:39:50 -07:00
Tim Kersten
d56c316f07
Update upgrading.html.markdown
...
The change fixes a minor bug in the document that says consul supports back to version 0 when the example output says version 1, and makes the document less ambiguous by having a different "current" protocol and earliest supported protocol.
2016-08-03 21:11:02 +01:00
rob dux
3bd9be7151
update ca tutorial to one more recent and relevant
2016-08-02 21:24:02 -05:00
Seth Vargo
1b2586abd4
Update arch diagram
2016-08-02 13:13:43 +05:30
Andrei Burd
06c0663082
Added missing comma
2016-08-01 18:46:43 +03:00
James Phillips
63ff6ebc2c
Adds a cautionary note about the stats in the self API.
2016-07-29 13:45:25 -07:00
Brian Shumate
c9005797e8
Updated FAQ entry
2016-07-29 14:43:51 -04:00
Brian Shumate
05ebb9db6f
Network ports.
...
- Added a table of protocols an ports used by Consul to FAQ.
2016-07-29 13:42:30 -04:00
James Phillips
36b2ef619e
Tweaks the agent docs for EnableTagOverride
.
2016-07-23 14:48:54 -07:00
shalev67
0763f1a9f5
Added api agent docs enableTagOverride var
2016-07-22 20:21:07 +03:00
Jason Martin
bda170a872
Escape verify_server_hostname angle-brackets
2016-07-20 15:57:07 -07:00
matt maier
9c3f14ce1b
Change circonus_broker_search_tag to circonus_broker_select_tag to match same change to command/agent/config.go
2016-07-20 11:44:38 -04:00
James Phillips
51fbad91fd
Merge pull request #2193 from hashicorp/pr-2188-slackpad
...
Adds Circonus support for telemetry metrics.
2016-07-19 17:15:29 -07:00
James Phillips
ca5f42d61d
Tweaks the docs a bit.
2016-07-19 15:54:52 -07:00
akbarahmed
99c1e0051d
Merge remote-tracking branch 'upstream/master'
2016-07-19 11:01:55 -07:00
akbarahmed
25f6bc9d56
Unnest TaggedAddresses. Add sentence to mention that multiple Checks may
...
be specified as an array. Closes hashicorp/consul#2176
2016-07-19 10:55:46 -07:00
matt maier
53936f336d
Documentation for Circonus Telemetry integration
2016-07-18 16:24:49 -04:00
Stu Small
6a664a4669
Fixing minor punctuation mistake.
2016-07-13 16:50:19 -06:00
Ryan Uber
62d0edbdd4
Merge pull request #1847 from mssola/dc-to-datacenter
...
[proposal] command: deprecated the -dc flag in the agent CLI
2016-07-05 13:01:51 -07:00
Sean Macdonald
c24fe9f8b5
small typo
2016-07-02 01:29:00 -04:00
Ryan Uber
e9960e6c85
Merge pull request #2137 from hashicorp/f-pq-near
...
Support "near" parameter in prepared query service block
2016-07-01 12:28:48 -07:00
Ryan Uber
c5c0f225b5
website: add upgrading note for Near param in PQ's
2016-07-01 12:26:14 -07:00
Ryan Uber
53dc58ff27
website: document near parameter of prepared queries
2016-07-01 11:50:09 -07:00
James Phillips
2dc98dee32
Adds a note about prepared queries to the coordinates internals guide.
2016-06-28 23:02:00 -07:00
James Phillips
055b6973f6
Merge pull request #2123 from hashicorp/f-key-metrics
...
Adds a key metrics section to the telemetry guide.
2016-06-18 04:01:15 +01:00
James Phillips
53f082b2af
Adds a key metrics section to the telemetry guide.
2016-06-17 18:57:42 +01:00
fusiondog
b9eb3b1979
Added an and
2016-06-09 17:05:00 -07:00
Sheldon Kwok
a3788d4ede
Update agent.html.markdown
...
The documentation was not clear and I had to try with the cli to figure it out.
2016-06-09 16:48:18 -07:00
fusiondog
832eb77103
Adding more detail about best use case.
2016-06-09 14:29:54 -07:00
Evan Gilman
6235467a9a
Document consul lock
shell execution
...
Consul lock executes children under a shell, which was previously
undocumented. Document it, and warn against cases where this can cause
children to leak when the lock is lost.
I have made this a dedicated section so it can easily be removed
later when we move to exec
https://github.com/hashicorp/consul/issues/1692
2016-06-03 17:01:05 -07:00
lihz
b862d3f044
add tcp in service/register
...
I found consul /service/register interface supprt TCP check as well.
2016-06-03 19:29:05 +08:00
Michael Barrow
0871236ca7
Fix typo
...
Simple typo fix.
2016-05-29 10:24:44 -07:00
Sean Chittenden
67b9104daf
Fix the href target for the /v1/catalog/node/<node>
endpoint.
2016-05-27 00:12:17 -07:00
Andrew Widdersheim
01798b32b4
Fix typo
2016-05-26 10:46:55 -04:00
Sean Kilgore
a60c0b630a
docs: clarify address specification for telemetry
...
Earlier on this page, under `addresses`, we say "For TCP addresses, these should simply be an IP address without the port. For example: 10.0.0.1, not 10.0.0.1:8500." Since we expect the port to be included for `_address` for telemetry, call it out specifically.
2016-05-24 12:55:23 -07:00
Saif Abid
e786aafe70
Fix json for /v1/catalog/node in markdown
...
add in a missing comma after the "Address" field
2016-05-19 14:41:41 -04:00
James Phillips
ffcba3df58
Merge pull request #2028 from hashicorp/f-atomic-kv
...
Adds support for atomic transactions spanning multiple KV entries.
2016-05-15 13:46:05 -07:00
Sean Chittenden
b20f86b4c7
Speling police
2016-05-15 09:13:52 -07:00
James Phillips
c786e1d457
Reduces the number of operations in a transaction to 64.
2016-05-14 21:40:46 -07:00
James Phillips
a11f32a1da
Adds a get-tree verb to KV transaction operations.
2016-05-13 16:57:39 -07:00
James Phillips
77ae55c692
Adds some size limiting features to transactions to help prevent abuse.
2016-05-13 13:39:01 -07:00
James Phillips
5fd99b13ef
Removes null results for deletes, and preps for more than one result from an operation.
2016-05-13 01:47:55 -07:00
James Phillips
2649a6336e
Adds a read-only optimized path for transactions.
2016-05-13 00:34:05 -07:00
James Phillips
6daf26ada4
Adds documentation for the transaction endpoint.
2016-05-11 14:18:47 -07:00
fusiondog
9c10bd0b23
Clarify need for recursors option.
...
Reiterating that the iptables option requires recursors to be set to resolve for any domain besides .consul
2016-04-29 16:45:59 -07:00
fusiondog
aa8dda5149
DNS forwarding with iptables
...
Adding notes on using iptables to forward ports
2016-04-28 23:27:28 -07:00
James Phillips
76b90ccb17
Fixes and clarifies the only_passing docs.
2016-04-27 14:55:38 -07:00
James Phillips
03b0c196e0
Merge pull request #1762 from mshean/script-timeout
...
Add Timeout field to CheckMonitor
2016-04-24 23:08:06 -07:00
Sean Chittenden
b0203278f2
Tweak discussion regarding reaping to advise against adjusting these
...
values.
2016-04-21 14:24:41 -07:00
Sean Chittenden
515a42e733
Fix broken markdown
2016-04-20 18:46:01 -04:00
James Phillips
6182a34600
Merge pull request #1935 from hashicorp/f-reap-time
...
Makes reap time configurable for LAN and WAN.
2016-04-20 13:50:21 -07:00
James Phillips
bc6efbae18
Sets an anti-footgun floor for the configurable reap time.
2016-04-20 13:49:51 -07:00
Matt Shean
f232a11291
Update documentation for CheckMonitor timeout
2016-04-20 11:43:49 -07:00
James Phillips
24c2bc44f1
Clarifies default behavior of blank service addresses.
2016-04-20 10:16:06 -07:00
Ryan Uber
1e9f3341d0
website: mention 4K output limit for checks
2016-04-14 14:35:35 -07:00
James Phillips
07e9c09a58
Merge pull request #1891 from romansky/patch-1
...
clerify RPC usage
2016-04-12 02:10:15 -07:00
James Phillips
86bb36f211
Updates some docs that say reaping is not configurable.
2016-04-11 00:56:03 -07:00
James Phillips
32389a9822
Makes reap time configurable for LAN and WAN.
2016-04-11 00:38:25 -07:00
Sean Chittenden
8156eb9953
Add a note re: pre-0.7 behavior
2016-03-31 18:06:58 -07:00
Sean Chittenden
9eaffc456f
skip_leave_on_int's default changes based on agent mode
...
`skip_leave_on_int`'s behavior now changes based on whether or not the agent is acting as a client or server.
Fixes: 1687
2016-03-31 17:45:14 -07:00
Roman Landenband
bb17b99dbe
fix correct RPC entity
2016-03-30 12:21:52 +03:00
Sean Chittenden
7603dcfd4b
Reword udp_answer_limit
for the better.
2016-03-29 23:48:22 -07:00
Sean Chittenden
0bf0f2a1ab
Use industry jargon re: DNS round-robin
...
s/randomized DNS round-robin/round-robin DNS/
2016-03-29 23:07:42 -07:00
Sean Chittenden
64c1c12752
Whitespace, indent markdown correctly
2016-03-29 19:27:36 -07:00
Sean Chittenden
d1166307aa
Trim UDP responses per configuration
2016-03-29 19:27:21 -07:00
Sean Chittenden
f8a0e1fb1a
Merge branch 'b-dns-single-record' of ssh://github.com/hashicorp/consul into b-dns-single-record
...
# Conflicts:
# command/agent/dns.go
2016-03-29 19:24:53 -07:00
Sean Chittenden
a29f6e8c8f
Allow adjusting the number of DNS records in a response...
...
Based on work done by @fusiondog in #1583 , extend the concept to use an integer instead of a boolean.
Fixes : #1583 && #1481
2016-03-29 19:23:56 -07:00
Roman Landenband
f0c30e8d0f
clerify RPC usage
2016-03-29 15:10:28 +03:00
James Phillips
0f23210628
Fixes JSON in wildcard query example.
2016-03-23 14:33:20 -07:00
James Phillips
7ad0d9789f
Merge pull request #1839 from foxel/patch-1
...
Clarification for advertise_addrs.rpc
2016-03-21 16:14:17 -07:00
Sean Chittenden
5a40caf2a8
Update the docs slightly re: only_passing
...
Signed-off by: @slackpad
2016-03-21 16:07:56 -07:00
Sayalic
85e3590a95
add inline code segment to enableTagOverride
2016-03-20 11:09:12 +08:00
Wim
508bc796a8
Allow [::] as a bind address (binds to first public IPv6 address)
2016-03-18 23:59:44 +01:00
Miquel Sabaté Solà
314a0913e2
command: deprecated the -dc flag in the agent CLI
...
The `-dc` flag from the agent CLI command has been deprecated in favor of
`-datacenter`. This is done this way because:
- Other CLI commands used `-datacenter`. See: event, exec and watch.
- The agent configuration file uses `datacenter`.
Signed-off-by: Miquel Sabaté Solà <msabate@suse.com>
2016-03-18 15:44:35 +01:00
James Phillips
4c3b2edfed
Fixes a few bugs in the prepared query doc.
2016-03-17 23:42:27 -07:00
James Phillips
0ed56d6606
Adds a note about template query ACLs.
2016-03-17 08:21:58 -07:00
Andrey Kupreychik
d3bce2b1af
Clarification for advertise_addrs.rpc
...
Clarification for advertise_addrs.rpc as it sets the server RPC port (default 8300)
2016-03-16 12:10:54 +05:00
James Phillips
ec82388e32
Merge pull request #1803 from tylert/doc-enc-update
...
Update agent encryption doc example
2016-03-10 20:06:02 -08:00
James Phillips
ae7b45a6df
Merge pull request #1820 from hashicorp/f-port-docs
...
Adds a reference to the network ports from the security guide.
2016-03-09 21:22:41 -08:00
James Phillips
b2992a5e83
Adds a reference to the network ports from the security page.
2016-03-09 21:21:49 -08:00
Igor Dubinskiy
8a877c44eb
Fix doc typo
2016-03-09 12:41:49 -08:00
Tyler Tidman
df7f593747
Update agent encryption doc example
2016-03-09 11:18:48 -05:00
Igor Dubinskiy
f4edb28ef3
Make sure UDP DNS responses aren't larger than allowed
2016-03-07 16:41:17 -08:00
James Phillips
e634e91ae6
Fixes broken example JSON.
2016-03-07 10:45:39 -08:00
James Phillips
275c84a0cc
Renames "debug" endpoint and structures to "explain".
2016-03-07 10:45:39 -08:00
James Phillips
8493640b09
Adds a prepared query debug endpoint.
2016-03-07 10:45:39 -08:00
James Phillips
e6232a21e4
Adds basic docs for prepared query templates.
2016-03-07 10:45:39 -08:00
James Phillips
5dd137056c
Fixes name of new query ACL.
2016-03-04 16:32:53 -08:00
James Phillips
bd4f2ee6b7
Adds a new PUT-based TTL check update endpoint.
2016-03-02 17:54:01 -08:00
James Phillips
ecc617008a
Merge pull request #1777 from hashicorp/b-port-docfix
...
TLS example and correcting error
2016-03-01 13:02:30 -08:00
James Phillips
807769e6bd
Tweaks the address and advertise docs.
2016-03-01 13:01:13 -08:00
James Phillips
72f7c08a0a
Cleans up the documents.
2016-02-24 18:05:58 -08:00
James Phillips
c75256ac8b
Adds a check for users re-submitting the redacted token.
2016-02-24 17:35:26 -08:00
James Phillips
2f7eac8b86
Renames "prepared_query" ACL policy to "query".
2016-02-24 17:02:06 -08:00
James Phillips
0ea990f3d2
Adds an upgrade note about the new ACL behavior.
2016-02-24 01:33:10 -08:00
James Phillips
a8ac27fa49
Refactors docs into a more complete state for prepared query ACLs.
2016-02-23 22:27:44 -08:00
James Phillips
633c231d67
Creates new "prepared-query" ACL type and new token capture behavior.
...
Prior to this change, prepared queries had the following behavior for
ACLs, which will need to change to support templates:
1. A management token, or a token with read access to the service being
queried needed to be provided in order to create a prepared query.
2. The token used to create the prepared query was stored with the query
in the state store and used to execute the query.
3. A management token, or the token used to create the query needed to be
supplied to perform and CRUD operations on an existing prepared query.
This was pretty subtle and complicated behavior, and won't work for
templates since the service name is computed at execution time. To solve
this, we introduce a new "prepared-query" ACL type, where the prefix
applies to the query name for static prepared query types and to the
prefix for template prepared query types.
With this change, the new behavior is:
1. A management token, or a token with "prepared-query" write access to
the query name or (soon) the given template prefix is required to do
any CRUD operations on a prepared query, or to list prepared queries
(the list is filtered by this ACL).
2. You will no longer need a management token to list prepared queries,
but you will only be able to see prepared queries that you have access
to (you get an empty list instead of permission denied).
3. When listing or getting a query, because it was easy to capture
management tokens given the past behavior, this will always blank out
the "Token" field (replacing the contents as <hidden>) for all tokens
unless a management token is supplied. Going forward, we should
discourage people from binding tokens for execution unless strictly
necessary.
4. No token will be captured by default when a prepared query is created.
If the user wishes to supply an execution token then can pass it in via
the "Token" field in the prepared query definition. Otherwise, this
field will default to empty.
5. At execution time, we will use the captured token if it exists with the
prepared query definition, otherwise we will use the token that's passed
in with the request, just like we do for other RPCs (or you can use the
agent's configured token for DNS).
6. Prepared queries with no name (accessible only by ID) will not require
ACLs to create or modify (execution time will depend on the service ACL
configuration). Our argument here is that these are designed to be
ephemeral and the IDs are as good as an ACL. Management tokens will be
able to list all of these.
These changes enable templates, but also enable delegation of authority to
manage the prepared query namespace.
2016-02-23 17:12:43 -08:00
csawyerYumaed
793195b7d8
Update documentation - add Network Ports.
...
Update security.html.markdown add section on Network Port usage.
TODO: add Atlas port usage.
2016-02-23 11:27:15 -08:00
Michael Crilly
b90e77421a
TLS example and correcting error
...
The example configuration file omits TLS support in the HTTP API. This is fine, but a second example demonstrating how to enable TLS over the HTTP API is harmless and, in fact, should be default practice.
Using the format `ip:port` in the "addresses" block will cause Consul to crash on reload/start. See issue (#1727 )[https://github.com/hashicorp/consul/issues/1727#issuecomment-184980751 ]
2016-02-17 15:24:37 +10:00
Kim Toms
a3f49a1f21
Update leader-election.html.markdown
...
Remove duplicate 'leader'
2016-02-14 09:32:23 -05:00
Sean Chittenden
66feca5b5f
Allow adjusting the number of DNS records in a response...
...
Based on work done by @fusiondog in #1583 , extend the concept to use an integer instead of a boolean.
Fixes : #1583 && #1481
2016-02-12 12:18:25 -08:00
James Phillips
48a29b5a31
Fixes a typo.
2016-02-09 16:37:06 -08:00
James Phillips
9fabd05157
Merge pull request #1698 from hashicorp/pr-1547-slackpad
...
Implements WAN address translation.
2016-02-07 14:26:04 -08:00
James Phillips
800910137d
Adds documentation for WAN address translation.
2016-02-07 11:12:19 -08:00
James Phillips
498c8e1d9c
Merge pull request #1609 from kevinsimper/patch-1
...
Updating dns forwarding
2016-02-06 22:21:00 -08:00
James Phillips
4b3dede0fb
Tweaks the telemetry docs.
2016-02-06 22:07:11 -08:00
James Phillips
a599e88507
Merge pull request #1284 from nbrownus/telemetry
...
Option to disable hostnames from telemetry
2016-02-06 22:00:14 -08:00
James Phillips
43a8eb8189
Adds a warning about DoS-ing the cluster with consul exec.
2016-02-05 17:36:19 -08:00
Sean Chittenden
c1c3daed9a
Iterate on the DNS forwarding docs
...
Specifically:
* add Dnsmasq examples for reverse DNS for most of the RFC1918, 5735, and 6598 netblocks.
* Highlight some example options for dnsmasq that are probably of interest.
* Add a small section on reverse DNS testing
* Break out BINDs troubleshooting with Dnsmasq's troubleshooting
Not an exhaustive sweep, but should be helpful when introducing consul to new environments.
2016-02-02 15:06:25 -08:00
Nate Brown
541a98c9c7
Option to disable hostnames from telemetry
2016-01-29 13:44:48 -08:00
Raja Nadar
aa45c07f28
fixing small typo in json
2016-01-29 01:25:23 -08:00
Daryl
c4860cad7d
Correcting count of checks
...
I saw there were 5 checks listed - script, tcp, http, ttl, docker.
2016-01-19 22:50:27 -05:00
Kevin Simper
759e535f54
Updating dns forwarding
...
It is not really clear that you only have to do one of the following and not all three.
2016-01-14 22:53:14 +01:00
Jon Benson
d79139760a
Fix semaphore typo
2016-01-13 16:56:40 -08:00
Seth Vargo
e110abee9b
Fix broken link
2016-01-13 19:32:30 -05:00
Seth Vargo
dc9131a732
Use HTTPS + www. where appropriate
2016-01-13 17:44:01 -05:00
James Phillips
6d35366228
Adds a note about 2X memory provisioning.
2016-01-08 19:15:42 -08:00
James Phillips
6bfc266657
Adds a cautionary note about data fitting into RAM.
2016-01-08 18:49:31 -08:00
James Phillips
55970248bc
Tweaks wording of reap config option section.
2016-01-06 22:29:03 -08:00
James Phillips
6dd0835319
Makes the timeout behavior more intuitive.
...
Previously, it would try once "up to" the timeout, but in practice it would
just fall through. This modifies the behavior to block until the timeout has
been reached.
2016-01-06 09:40:20 -08:00