Commit graph

69 commits

Author SHA1 Message Date
James Phillips 96bff003b7
Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
James Phillips 71a775d986 Merge pull request #2592 from hashicorp/acl-complete-node-session
Adds complete ACL coverage for nodes and sessions.
2016-12-13 13:55:07 -08:00
Kyle Havlovitz 402f30d52e Merge pull request #2591 from hashicorp/snapshot-interval
Change raft snapshot interval to 5 seconds
2016-12-12 19:15:10 -05:00
James Phillips 67f1fe8d0b
Adds support for a new "acl_agent_token" which is used for internal
catalog operations.
2016-12-12 14:52:27 -08:00
Kyle Havlovitz 3ae8bedd6d
Change raft snapshot interval to 5 seconds 2016-12-12 13:31:42 -05:00
James Phillips 2b19a5340c
Removes the exception for the "consul" service in the catalog. 2016-12-07 17:58:23 -08:00
James Phillips 2f4c237cff
Adds a max raft multiplier and tweaks documentation. 2016-08-25 15:36:05 -07:00
James Phillips 5df36fbd82
Stops scaling the commit timeout. 2016-08-25 15:05:40 -07:00
James Phillips f65ef936cb
Increases RPC hold timeout for new default timing.
Rather than scale this we just bump it up a bit. It'll be on the edge in
the lower-performance default mode, and will have plenty of margin in the
high-performance mode. This seems like a reasonable compromise to keep the
logic here simple vs. scaling, and seems inline with the expectations of
the different modes of operation.
2016-08-24 23:35:28 -07:00
James Phillips b339b0d2fc
Adds performance tuning capability for Raft, detuned defaults, and supplemental docs. 2016-08-24 21:58:37 -07:00
James Phillips ff6d42389c Merge pull request #2222 from hashicorp/f-raft-v2
Integrates Consul with "stage one" of HashiCorp Raft library v2.
2016-08-09 16:04:48 -07:00
James Phillips 44c468995f
Touches up Raft integration after latest changes. 2016-08-08 19:19:18 -07:00
James Phillips 6c8e8271e2
Integrates Consul with new version of Raft library. 2016-08-08 19:19:17 -07:00
James Phillips 9cece515c0
Adds basic ACL replication plumbing. 2016-08-03 21:24:04 -07:00
Armon Dadgar 191876f87e consul: Add RPCHoldTimeout as tunable hold period 2016-07-10 13:23:43 -04:00
Ryan Uber ce4cf8a542 consul: dev mode works 2015-12-26 20:19:36 -05:00
James Phillips 132e1d813b Fixes configs now that Serf always caches coordinates. 2015-10-23 15:23:01 -07:00
James Phillips aea2194ce3 Makes the default protocol 2 and lets 3 interoperate with 2. 2015-10-23 15:23:01 -07:00
James Phillips 033e8e6625 Adds sort of DCs in catalog queries based on RTT. Cleans up.
* Makes the catalog endpoint respect disabling coordinates for all
  RTT-sorting query types.
2015-10-23 15:23:01 -07:00
James Phillips b63909cf67 Adds coordinate sorting support to catalog queries for nodes and service nodes. 2015-10-23 15:23:01 -07:00
James Phillips 9ba9a708f6 Scales coordinate sends to hit a fixed aggregate rate across the cluster. 2015-10-23 15:23:01 -07:00
James Phillips d8b8a3719f Simplifies the batching function and adds some comments. 2015-10-23 15:23:01 -07:00
James Phillips f71c79c53f Does some small cleanups based on PR feedback.
* Holds coordinate updates in map and gets rid of the update channel.
* Cleans up config variables a bit.
2015-10-23 15:23:01 -07:00
James Phillips acb0dce829 Moves batching down into the state store and changes it to fail-fast.
* A batch of updates is done all in a single transaction.
* We no longer need to get an update to kick things, there's a periodic flush.
* If incoming updates overwhelm the configured flush rate they will be dumped with an error.
2015-10-23 15:23:01 -07:00
James Phillips b6c31bdf2f Flips the sense of the coordinate enable option. 2015-10-23 15:23:01 -07:00
James Phillips edb9a119e2 Does a clean up pass on the Consul side. 2015-10-23 15:23:01 -07:00
James Phillips ac4185b888 Merges config changes after rebase. 2015-10-23 15:23:01 -07:00
Derek Chiang 213f5a15e6 Fix tests 2015-10-23 15:23:01 -07:00
Derek Chiang eb599a1745 Address comments 2015-10-23 15:23:01 -07:00
Dale Wijnand c5168e1263 Fix a bunch of typos. 2015-09-15 13:22:08 +01:00
James Phillips c0127e9932 Bumps protocol version back down as we've made memberlist smarter. 2015-08-31 11:16:34 -07:00
James Phillips 7b8aae37cb Bumps protocol version to 3 to get serf version 5. 2015-06-02 17:50:35 -07:00
Armon Dadgar 9642384429 consul: support the new TLS wrapper 2015-05-11 15:15:36 -07:00
Michael Fraenkel c00c4ebaaa Support SesionTTLMin configuration
- Allow setting SessionTTLMin
- Validate on the Server
2015-03-27 05:13:57 -07:00
Armon Dadgar 3e2bd0db2c consul: Rename TombstoneGC to TombstoneTTL 2015-01-05 14:43:54 -08:00
Armon Dadgar d5369098ba consul: Adding TombstoneGC config 2015-01-05 14:43:54 -08:00
Atin Malaviya 2bd0e8c745 consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS 2014-11-18 17:56:48 -05:00
Atin Malaviya b4424a1a50 Moved TLS Config stuff to tlsutil package 2014-11-18 11:03:36 -05:00
Armon Dadgar 3a1d686444 consul: Adding user event handler for callbacks 2014-08-26 19:04:07 -07:00
Armon Dadgar ca6a8aef55 agent: Adding ACL master token 2014-08-18 15:46:20 -07:00
Armon Dadgar ebae394863 consul: ACL setting passthrough 2014-08-18 15:46:20 -07:00
Armon Dadgar 020802f7a5 Merge pull request #233 from nelhage/tls-no-subjname
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage 627b2e455f Add some basic smoke tests for wrapTLSclient.
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage 0a2476b20e Restore the 0.2 TLS verification behavior.
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.

As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.

If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.

No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar 80b86c9ee9 Rename Expect to BootstrapExpect. Fixes #223. 2014-06-19 17:08:55 -07:00
Robert Xu 31c392813c Add expect bootstrap '-expect=n' mode.
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.

If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.

Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar 91373968a8 Adding server_name configuration for TLS 2014-06-13 11:10:27 -07:00
Armon Dadgar b5bd20634a consul: Gossip the build using Serf 2014-06-06 15:36:40 -07:00
Armon Dadgar 74452a5ae0 consul: Add new protocol version for yamux 2014-05-28 16:32:24 -07:00
Armon Dadgar c98736b8ae Merge pull request #174 from nelhage/multi-ca-cert
Allow multiple PEM-encoded certificates in the ca_file.
2014-05-27 10:47:41 -07:00