Commit Graph

10600 Commits

Author SHA1 Message Date
Freddy a74f7e5177
Add Namespace as an api query/write option (#6551) 2019-09-26 10:05:13 -06:00
R.B. Boyer 4a3496d4bc update changelog 2019-09-26 10:45:32 -05:00
R.B. Boyer 55fdae203f
agent: cache notifications work after error if the underlying RPC returns index=1 (#6547)
Fixes #6521

Ensure that initial failures to fetch an agent cache entry using the
notify API where the underlying RPC returns a synthetic index of 1
correctly recovers when those RPCs resume working.

The bug in the Cache.notifyBlockingQuery used to incorrectly "fix" the
index for the next query from 0 to 1 for all queries, when it should
have not done so for queries that errored.

Also fixed some things that made debugging difficult:

- config entry read/list endpoints send back QueryMeta headers
- xds event loops don't swallow the cache notification errors
2019-09-26 10:42:17 -05:00
Matt Keeler 5b83f589da
Expand the QueryOptions and QueryMeta interfaces (#6545)
In a previous PR I made it so that we had interfaces that would work enough to allow blockingQueries to work. However to complete this we need all fields to be settable and gettable.

Notes:
   • If Go ever gets contracts/generics then we could get rid of all the Getters/Setters
   • protoc / protoc-gen-gogo are going to generate all the getters for us.
   • I copied all the getters/setters from the protobuf funcs into agent/structs/protobuf_compat.go
   • Also added JSON marshaling funcs that use jsonpb for protobuf types.
2019-09-26 09:55:02 -04:00
Freddy 5eace88ce2
Expose HTTP-based paths through Connect proxy (#6446)
Fixes: #5396

This PR adds a proxy configuration stanza called expose. These flags register
listeners in Connect sidecar proxies to allow requests to specific HTTP paths from outside of the node. This allows services to protect themselves by only
listening on the loopback interface, while still accepting traffic from non
Connect-enabled services.

Under expose there is a boolean checks flag that would automatically expose all
registered HTTP and gRPC check paths.

This stanza also accepts a paths list to expose individual paths. The primary
use case for this functionality would be to expose paths for third parties like
Prometheus or the kubelet.

Listeners for requests to exposed paths are be configured dynamically at run
time. Any time a proxy, or check can be registered, a listener can also be
created.

In this initial implementation requests to these paths are not
authenticated/encrypted.
2019-09-25 20:55:52 -06:00
Alvin Huang e8605da914
remove alert bar on homepage (#6544) 2019-09-25 17:28:14 -04:00
R.B. Boyer 9adc39cce0
tests: make envoy integration tests more tolerant of internal retries that may inflate counters (#6539)
This should remove false positives that look like:

    cluster.s2.default.primary.*cx_total - expected count: 2, actual count: 3
2019-09-25 09:08:42 -05:00
R.B. Boyer f1b9476cd8
api/watch: try to avoid more flakes in this package (#6538) 2019-09-24 11:24:48 -05:00
R.B. Boyer 1f99598d18 update changelog 2019-09-24 10:05:49 -05:00
R.B. Boyer 682b5370c9
agent: tolerate more failure scenarios during service registration with central config enabled (#6472)
Also:

* Finished threading replaceExistingChecks setting (from GH-4905)
  through service manager.

* Respected the original configSource value that was used to register a
  service or a check when restoring persisted data.

* Run several existing tests with and without central config enabled
  (not exhaustive yet).

* Switch to ioutil.ReadFile for all types of agent persistence.
2019-09-24 10:04:48 -05:00
Matt Keeler 8885c8d318
Allow for enterprise only leader routines (#6533)
Eventually I am thinking we may need a way to register these at different priority levels but for now sticking this here is fine
2019-09-23 20:09:56 -04:00
R.B. Boyer f28b48cfbe update changelog 2019-09-23 12:54:32 -05:00
R.B. Boyer cc889443a5
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
The fields in the certs are meant to hold the original binary
representation of this data, not some ascii-encoded version.

The only time we should be colon-hex-encoding fields is for display
purposes or marshaling through non-TLS mediums (like RPC).
2019-09-23 12:52:35 -05:00
R.B. Boyer 1d54909333
connect: intermediate CA certs generated with the vault provider lack URI SANs (#6491)
This only affects vault versions >=1.1.1 because the prior code
accidentally relied upon a bug that was fixed in
https://github.com/hashicorp/vault/pull/6505

The existing tests should have caught this, but they were using a
vendored copy of vault version 0.10.3. This fixes the tests by running
an actual copy of vault instead of an in-process copy. This has the
added benefit of changing the dependency on vault to just vault/api.

Also update VaultProvider to use similar SetIntermediate validation code
as the ConsulProvider implementation.
2019-09-23 12:04:40 -05:00
R.B. Boyer e512378118 ci: ensure build-distros uses the same go.mod file as normal builds
When running 'make tools' the go command indirectly edits both the
go.mod and go.sum files in ways that can cause the later build of consul
itself to build with slightly different dependencies than it normally
would.
2019-09-23 11:26:02 -05:00
Jack Pearkes 7736be1b5c
website: update alert bar on homepage (#6518)
Per @changli0617
2019-09-20 15:32:25 -07:00
Matt Keeler 2040e92e4d
Nil checks in the testWriter to prevent using a bad testing.TB (#6517)
Also needed to update some funcs that were taking a *testing.T to use a testing.TB. This prevents passing a nil pointer as a non-nil interface value
and thus making it impossible to detect nil before using the interfaces functions.
2019-09-20 17:01:08 -04:00
Matt Keeler 5e460b335c
Dont crash in the testutil server creation (#6516) 2019-09-20 15:52:02 -04:00
Matt Keeler 8431c5f533
Add support for implementing new requests with protobufs instea… (#6502)
* Add build system support for protobuf generation

This is done generically so that we don’t have to keep updating the makefile to add another proto generation.

Note: anything not in the vendor directory and with a .proto extension will be run through protoc if the corresponding namespace.pb.go file is not up to date.

If you want to rebuild just a single proto file you can do so with: make proto-rebuild PROTOFILES=<list of proto files to rebuild>

Providing the PROTOFILES var will override the default behavior of finding all the .proto files.

* Start adding types to the agent/proto package

These will be needed for some other work and are by no means comprehensive.

* Add ability to resolve/fixup the agentpb.ACLLinks structure in the state store.

* Use protobuf marshalling of raft requests instead of msgpack for protoc generated types.

This does not change any encoding of existing types.

* Removed structs package automatically encoding with protobuf marshalling

Instead the caller of raftApply that wants to opt-in to protobuf encoding will have to call `raftApplyProtobuf`

* Run update-vendor to fixup modules.txt

Nothing changed as far as dependencies go but the ordering of modules in that file depends on the time they are first seen and its not alphabetical.

* Rename some things and implement the structs.RPCInfo interface bits

agentpb.QueryOptions and agentpb.WriteRequest implement 3 of the 4 RPCInfo funcs and the new TargetDatacenter message type implements the fourth.

* Use the right encoding function.

* Renamed agent/proto package to agent/agentpb to prevent package name conflicts

* Update modules.txt to fix ordering

* Change blockingQuery to take in interfaces for the query options and meta

* Add %T to error output.

* Add/Update some comments
2019-09-20 14:37:22 -04:00
Luke Kysow 9ee27c49ff
Merge pull request #6511 from hashicorp/code-highlighting
Give code blocks coloured background
2019-09-20 10:35:53 -07:00
Luke Kysow 65258a0fb3
Merge pull request #6460 from hashicorp/helm-wait
Update consul-helm enterprise docs for ACLs
2019-09-19 15:32:27 -07:00
Bartek Jaroszewski 3be27beba3 website, add git2consul-go to the tools list (#6286)
Signed-off-by: bjaroszewski <bjaroszewski@griddynamics.com>
2019-09-19 17:20:50 -05:00
Luke Kysow c5fca5d4b5
Update consul-helm enterprise docs for ACLs
If ACLs are added then slightly different commands are needed.
2019-09-19 15:09:38 -07:00
Luke Kysow bd789f1011
Update Consul DNS on kube docs
- fix instructions for CoreDNS (it updated)
- fix instructions for new component names
- recommend installing with the name 'consul'
- add disclaimer that catalog sync is not always required
- clean up example values.yaml files
2019-09-19 15:09:38 -07:00
Luke Kysow 7ac70493c6
Give code blocks coloured background
This will make them stand out more and matches the style of terraform.io
2019-09-19 14:53:28 -07:00
Alvin Huang a0c9a2b329
remove nightly master merge into release/ job (#6510) 2019-09-19 10:28:49 -04:00
R.B. Boyer 4a1a7d6fa6 api/watch: reduce timing dependence on tests of watch behavior
Also for debugging purposes send the stdout/stderr streams from consul
processes spawned for API tests to testing.T.Logf
2019-09-19 09:20:53 -05:00
Iryna Shustava ca98bd0eb8
Merge pull request #6500 from hashicorp/typo-fix
Fix typo in "Service Ports" section
2019-09-18 13:11:52 -07:00
kaitlincarter-hc 483870b01a
[docs]Updated Containers Guide (#6215)
* Adding the updated containers guide that will be deployed on Learn only.

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md

* Update website/source/docs/guides/containers-guide.md
2019-09-17 13:35:46 -07:00
R.B. Boyer 5c5f21088c sdk: add freelist tracking and ephemeral port range skipping to freeport
This should cut down on test flakiness.

Problems handled:

- If you had enough parallel test cases running, the former circular
approach to handling the port block could hand out the same port to
multiple cases before they each had a chance to bind them, leading to
one of the two tests to fail.

- The freeport library would allocate out of the ephemeral port range.
This has been corrected for Linux (which should cover CI).

- The library now waits until a formerly-in-use port is verified to be
free before putting it back into circulation.
2019-09-17 14:30:43 -05:00
Iryna Shustava b3f1b5afd5
Fix typo in "Service Ports" section 2019-09-17 12:05:04 -07:00
Dmitry Shemin 979570c7a3 ui: [bugfix] Tag wrapping on detail pages (#6478)
Makes sure that tags wrap on the detail pages for service and nodes whilst making sure they don't wrap on the listing pages.
2019-09-17 17:29:04 +01:00
Blake Covarrubias d6f2371fcd docs: Fix typo in acl/acl-rules 2019-09-13 19:50:35 -07:00
Blake Covarrubias 2888e444c2 docs: Add .tgz to snapshot restore example (#6476) 2019-09-13 19:48:49 -07:00
R.B. Boyer edf5347d3c fix typo of 'unknown' in log messages 2019-09-13 15:59:49 -05:00
Hans Hasselberg 303cab2164
Update CHANGELOG.md 2019-09-13 17:55:45 +02:00
Hans Hasselberg 62de041a36
docs (Consul Enterprise): Google Cloud Storage snapshot documentation (#6480) 2019-09-13 17:54:15 +02:00
Matt Keeler bdb3a9792e
Move tar install forward (#6483) 2019-09-12 17:25:14 -04:00
R.B. Boyer 2b04e2666c update changelog 2019-09-12 16:19:18 -05:00
R.B. Boyer c17e417cc8 cache: remove data race in agent cache
In normal operations there is a read/write race related to request
QueryOptions fields. An example race:

    WARNING: DATA RACE
    Read at 0x00c000836950 by goroutine 30:
      github.com/hashicorp/consul/agent/structs.(*ServiceConfigRequest).CacheInfo()
          /go/src/github.com/hashicorp/consul/agent/structs/config_entry.go:506 +0x109
      github.com/hashicorp/consul/agent/cache.(*Cache).getWithIndex()
          /go/src/github.com/hashicorp/consul/agent/cache/cache.go:262 +0x5c
      github.com/hashicorp/consul/agent/cache.(*Cache).notifyBlockingQuery()
          /go/src/github.com/hashicorp/consul/agent/cache/watch.go:89 +0xd7

    Previous write at 0x00c000836950 by goroutine 147:
      github.com/hashicorp/consul/agent/cache-types.(*ResolvedServiceConfig).Fetch()
          /go/src/github.com/hashicorp/consul/agent/cache-types/resolved_service_config.go:31 +0x219
      github.com/hashicorp/consul/agent/cache.(*Cache).fetch.func1()
          /go/src/github.com/hashicorp/consul/agent/cache/cache.go:495 +0x112

This patch does a lightweight copy of the request struct so that the
embedded QueryOptions fields that are mutated during Fetch() are scoped
to just that one RPC.
2019-09-12 16:18:01 -05:00
Matt Keeler ccd5b241ba
Also install tar for the website deploy job (#6482) 2019-09-12 17:05:02 -04:00
hashicorp-ci a42944542b
Release v1.6.1 2019-09-12 19:39:59 +00:00
hashicorp-ci 52bd29b337
update bindata_assetfs.go 2019-09-12 19:39:58 +00:00
Matt Keeler a179a4eb2c
Update CHANGELOG.md 2019-09-12 10:30:52 -04:00
Matt Keeler 01c3445a53
Update memberlist to v0.1.5 (#6479) 2019-09-12 10:28:57 -04:00
Hans Hasselberg dbc4f0f27f
Update CHANGELOG.md 2019-09-12 15:09:16 +02:00
R.B. Boyer ad067ae4a5
ci: inject missing tar binary (#6477) 2019-09-11 10:41:02 -05:00
Hans Hasselberg 8bab4b37e5
Update CHANGELOG.md 2019-09-11 15:08:10 +02:00
Hans Hasselberg f025a7440d
agent: handleEnterpriseLeave (#6453) 2019-09-11 11:01:37 +02:00
Jud White 25aab18339 docs: fix typo in install/performance (#6428) 2019-09-09 21:23:25 +01:00