James Phillips
71a775d986
Merge pull request #2592 from hashicorp/acl-complete-node-session
...
Adds complete ACL coverage for nodes and sessions.
2016-12-13 13:55:07 -08:00
Kyle Havlovitz
402f30d52e
Merge pull request #2591 from hashicorp/snapshot-interval
...
Change raft snapshot interval to 5 seconds
2016-12-12 19:15:10 -05:00
James Phillips
67f1fe8d0b
Adds support for a new "acl_agent_token" which is used for internal
...
catalog operations.
2016-12-12 14:52:27 -08:00
Kyle Havlovitz
3ae8bedd6d
Change raft snapshot interval to 5 seconds
2016-12-12 13:31:42 -05:00
James Phillips
2b19a5340c
Removes the exception for the "consul" service in the catalog.
2016-12-07 17:58:23 -08:00
James Phillips
2f4c237cff
Adds a max raft multiplier and tweaks documentation.
2016-08-25 15:36:05 -07:00
James Phillips
5df36fbd82
Stops scaling the commit timeout.
2016-08-25 15:05:40 -07:00
James Phillips
f65ef936cb
Increases RPC hold timeout for new default timing.
...
Rather than scale this we just bump it up a bit. It'll be on the edge in
the lower-performance default mode, and will have plenty of margin in the
high-performance mode. This seems like a reasonable compromise to keep the
logic here simple vs. scaling, and seems inline with the expectations of
the different modes of operation.
2016-08-24 23:35:28 -07:00
James Phillips
b339b0d2fc
Adds performance tuning capability for Raft, detuned defaults, and supplemental docs.
2016-08-24 21:58:37 -07:00
James Phillips
ff6d42389c
Merge pull request #2222 from hashicorp/f-raft-v2
...
Integrates Consul with "stage one" of HashiCorp Raft library v2.
2016-08-09 16:04:48 -07:00
James Phillips
44c468995f
Touches up Raft integration after latest changes.
2016-08-08 19:19:18 -07:00
James Phillips
6c8e8271e2
Integrates Consul with new version of Raft library.
2016-08-08 19:19:17 -07:00
James Phillips
9cece515c0
Adds basic ACL replication plumbing.
2016-08-03 21:24:04 -07:00
Armon Dadgar
191876f87e
consul: Add RPCHoldTimeout as tunable hold period
2016-07-10 13:23:43 -04:00
Ryan Uber
ce4cf8a542
consul: dev mode works
2015-12-26 20:19:36 -05:00
James Phillips
132e1d813b
Fixes configs now that Serf always caches coordinates.
2015-10-23 15:23:01 -07:00
James Phillips
aea2194ce3
Makes the default protocol 2 and lets 3 interoperate with 2.
2015-10-23 15:23:01 -07:00
James Phillips
033e8e6625
Adds sort of DCs in catalog queries based on RTT. Cleans up.
...
* Makes the catalog endpoint respect disabling coordinates for all
RTT-sorting query types.
2015-10-23 15:23:01 -07:00
James Phillips
b63909cf67
Adds coordinate sorting support to catalog queries for nodes and service nodes.
2015-10-23 15:23:01 -07:00
James Phillips
9ba9a708f6
Scales coordinate sends to hit a fixed aggregate rate across the cluster.
2015-10-23 15:23:01 -07:00
James Phillips
d8b8a3719f
Simplifies the batching function and adds some comments.
2015-10-23 15:23:01 -07:00
James Phillips
f71c79c53f
Does some small cleanups based on PR feedback.
...
* Holds coordinate updates in map and gets rid of the update channel.
* Cleans up config variables a bit.
2015-10-23 15:23:01 -07:00
James Phillips
acb0dce829
Moves batching down into the state store and changes it to fail-fast.
...
* A batch of updates is done all in a single transaction.
* We no longer need to get an update to kick things, there's a periodic flush.
* If incoming updates overwhelm the configured flush rate they will be dumped with an error.
2015-10-23 15:23:01 -07:00
James Phillips
b6c31bdf2f
Flips the sense of the coordinate enable option.
2015-10-23 15:23:01 -07:00
James Phillips
edb9a119e2
Does a clean up pass on the Consul side.
2015-10-23 15:23:01 -07:00
James Phillips
ac4185b888
Merges config changes after rebase.
2015-10-23 15:23:01 -07:00
Derek Chiang
213f5a15e6
Fix tests
2015-10-23 15:23:01 -07:00
Derek Chiang
eb599a1745
Address comments
2015-10-23 15:23:01 -07:00
Dale Wijnand
c5168e1263
Fix a bunch of typos.
2015-09-15 13:22:08 +01:00
James Phillips
c0127e9932
Bumps protocol version back down as we've made memberlist smarter.
2015-08-31 11:16:34 -07:00
James Phillips
7b8aae37cb
Bumps protocol version to 3 to get serf version 5.
2015-06-02 17:50:35 -07:00
Armon Dadgar
9642384429
consul: support the new TLS wrapper
2015-05-11 15:15:36 -07:00
Michael Fraenkel
c00c4ebaaa
Support SesionTTLMin configuration
...
- Allow setting SessionTTLMin
- Validate on the Server
2015-03-27 05:13:57 -07:00
Armon Dadgar
3e2bd0db2c
consul: Rename TombstoneGC to TombstoneTTL
2015-01-05 14:43:54 -08:00
Armon Dadgar
d5369098ba
consul: Adding TombstoneGC config
2015-01-05 14:43:54 -08:00
Atin Malaviya
2bd0e8c745
consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS
2014-11-18 17:56:48 -05:00
Atin Malaviya
b4424a1a50
Moved TLS Config stuff to tlsutil package
2014-11-18 11:03:36 -05:00
Armon Dadgar
3a1d686444
consul: Adding user event handler for callbacks
2014-08-26 19:04:07 -07:00
Armon Dadgar
ca6a8aef55
agent: Adding ACL master token
2014-08-18 15:46:20 -07:00
Armon Dadgar
ebae394863
consul: ACL setting passthrough
2014-08-18 15:46:20 -07:00
Armon Dadgar
020802f7a5
Merge pull request #233 from nelhage/tls-no-subjname
...
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage
627b2e455f
Add some basic smoke tests for wrapTLSclient.
...
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage
0a2476b20e
Restore the 0.2 TLS verification behavior.
...
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.
As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.
If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.
No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar
80b86c9ee9
Rename Expect to BootstrapExpect. Fixes #223 .
2014-06-19 17:08:55 -07:00
Robert Xu
31c392813c
Add expect bootstrap '-expect=n' mode.
...
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.
If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar
91373968a8
Adding server_name configuration for TLS
2014-06-13 11:10:27 -07:00
Armon Dadgar
b5bd20634a
consul: Gossip the build using Serf
2014-06-06 15:36:40 -07:00
Armon Dadgar
74452a5ae0
consul: Add new protocol version for yamux
2014-05-28 16:32:24 -07:00
Armon Dadgar
c98736b8ae
Merge pull request #174 from nelhage/multi-ca-cert
...
Allow multiple PEM-encoded certificates in the ca_file.
2014-05-27 10:47:41 -07:00
William Tisäter
405dfd99c1
Fix tests on Go 1.3 and greater
...
Go 1.3 and greater require ServerName or InsecureSkipVerify to be set.
https://codereview.appspot.com/67010043/
2014-05-27 00:47:47 +02:00