Pierre Souchay
90d2f7bca1
Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index
2018-03-22 13:07:11 +01:00
Pierre Souchay
9cc9dce848
More test cases
2018-03-22 12:41:06 +01:00
Pierre Souchay
7e8e4e014b
Added new test regarding checks index
2018-03-22 12:20:25 +01:00
Pierre Souchay
a8b66fb7aa
Fixed minor typo in comments
...
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
Guido Iaquinti
244fc72b05
Add package name to log output
2018-03-21 15:56:14 +00:00
Jack Pearkes
bf2b3f8d88
Merge pull request #3929 from sryabkov/patch-1
...
Highlighting the dead link in documentation
2018-03-19 16:00:32 -07:00
Paul Banks
d659e034fe
Note TLS cipher suite support changes
2018-03-19 21:51:14 +00:00
Josh Soref
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
Paul Banks
4a684ce6fb
Merge pull request #3961 from canterberry/docs/tls-cipher-suites
...
📝 Clarify the list of supported TLS cipher suites
2018-03-19 16:51:14 +00:00
Paul Banks
b86de4c2e3
Use master
2018-03-19 16:50:52 +00:00
Paul Banks
e2673c76d6
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
...
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
Paul Banks
4b01c1a147
Merge pull request #3966 from hashicorp/docs-ui-acls
...
website: add UI section to ACL guide
2018-03-19 16:40:50 +00:00
Pierre Souchay
3eb287f57d
Fixed typo in comments
2018-03-19 17:12:08 +01:00
Pierre Souchay
eb2a4eaea3
Refactoring to have clearer code without weird bool
2018-03-19 16:12:54 +01:00
Pierre Souchay
a5f6ac0df4
[BUGFIX] When a node level check is removed, ensure all services of node are notified
...
Bugfix for https://github.com/hashicorp/consul/pull/3899
When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.
If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Preetha Appan
5b5850aac0
Update CHANGELOG
2018-03-16 09:39:00 -05:00
Preetha Appan
84bd6dc5d1
cleanup unit test code a bit
2018-03-16 09:36:57 -05:00
Preetha
164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests
...
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry
8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs
2018-03-15 10:30:38 -07:00
Devin Canterberry
bd11f567c4
📝 Prefer brevity at the cost of some ambiguity
2018-03-15 10:25:27 -07:00
Devin Canterberry
2001b9f35f
✅ Match expectation of TLSCipherSuites to values of tls_cipher_suites
2018-03-15 10:19:46 -07:00
Devin Canterberry
881d20c606
🐛 Formatting changes only; add missing trailing commas
2018-03-15 10:19:46 -07:00
Devin Canterberry
ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
Devin Canterberry
23dfc483a0
⤵️ Merge from `master`; no conflicts
2018-03-15 09:13:01 -07:00
Jack Pearkes
da7f8ab59d
website: clarify where ACL token is set in the UI
2018-03-14 16:50:04 -07:00
Jack Pearkes
9a911bba0c
website: add section on securing the UI with ACLs
...
Figured it would be worth documenting due to #3931 .
2018-03-14 16:46:04 -07:00
Paul Banks
e9218d031e
Call out the service-watch upgrade notice
2018-03-14 11:03:21 +00:00
Jack Pearkes
e04a003d7a
Merge pull request #3884 from rberlind/master
...
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes
7390fdcad1
Merge pull request #3952 from slopeinsb/patch-1
...
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes
defd90b3da
Update CHANGELOG.md
2018-03-13 15:32:37 -07:00
Devin Canterberry
089ceff264
📝 Clarify the list of supported TLS cipher suites
...
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha
8b41890cee
Merge pull request #3946 from hashicorp/je.fixes
...
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson
24588fc479
Update index.html.md
...
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay
d9b59d1b3e
Fixed minor typo (+ travis tests is unstable)
2018-03-09 18:42:13 +01:00
Pierre Souchay
871b9907cb
Optimize size for SRV records, should improve performance a bit
...
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan
75549ec960
Update CHANGELOG.md
2018-03-09 07:37:57 -06:00
Preetha
401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
...
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha
80bc8e1ff6
Some tweaks to the documentation for a_record_limit
2018-03-08 11:23:07 -06:00
Pierre Souchay
8545b998ff
Updated documentation as requested by @preetapan
2018-03-08 18:02:40 +01:00
Pierre Souchay
b0b243bf1b
Fixed wrong format of debug msg in unit test
2018-03-08 00:36:17 +01:00
Pierre Souchay
c3713dbbf1
Performance optimization for services having more than 2k records
2018-03-08 00:26:41 +01:00
Pierre Souchay
1085d5a7b4
Avoid issue with compression of DNS messages causing overflow
2018-03-07 23:33:41 +01:00
Pierre Souchay
241c7e5f5f
Cleaner Unit tests from suggestions from @preetapan
2018-03-07 18:24:41 +01:00
Pierre Souchay
b672707552
64000 max limit to DNS messages since there is overhead
...
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay
06afb4d02c
[BUGFIX] do not break when TCP DNS answer exceeds 64k
...
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).
Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante
41d6a3762c
update to latest middleman-hashicorp
...
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante
b4dce65d45
First instance of 'Consul' on homepage -> 'HashiCorp Consul'
2018-03-06 16:37:47 -05:00
Mitchell Hashimoto
734f50b7a7
Merge pull request #3944 from hashicorp/f-testify
...
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
Pierre Souchay
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00