473e589d86
Implementation of Weights Data structures ( #4468 )
...
* Implementation of Weights Data structures
Adding this datastructure will allow us to resolve the
issues #1088 and #4198
This new structure defaults to values:
```
{ Passing: 1, Warning: 0 }
```
Which means, use weight of 0 for a Service in Warning State
while use Weight 1 for a Healthy Service.
Thus it remains compatible with previous Consul versions.
* Implemented weights for DNS SRV Records
* DNS properly support agents with weight support while server does not (backwards compatibility)
* Use Warning value of Weights of 1 by default
When using DNS interface with only_passing = false, all nodes
with non-Critical healthcheck used to have a weight value of 1.
While having weight.Warning = 0 as default value, this is probably
a bad idea as it breaks ascending compatibility.
Thus, we put a default value of 1 to be consistent with existing behaviour.
* Added documentation for new weight field in service description
* Better documentation about weights as suggested by @banks
* Return weight = 1 for unknown Check states as suggested by @banks
* Fixed typo (of -> or) in error message as requested by @mkeeler
* Fixed unstable unit test TestRetryJoin
* Fixed unstable tests
* Fixed wrong Fatalf format in `testrpc/wait.go`
* Added notes regarding DNS SRV lookup limitations regarding number of instances
* Documentation fixes and clarification regarding SRV records with weights as requested by @banks
* Rephrase docs
2018-09-07 15:30:47 +01:00
e184a18e4b
connect/ca: add Configure/GenerateRoot to provider interface
2018-09-06 19:18:59 -07:00
54d8157ee1
Fixed more flaky tests in ./agent/consul ( #4617 )
2018-09-04 14:02:47 +01:00
10d3048bd6
Bugfix: Use "%#v" when formatting structs ( #4600 )
2018-08-28 12:37:34 -04:00
9b5cf0c1d0
[BUGFIX] Avoid returning empty data on startup of a non-leader server ( #4554 )
...
Ensure that DB is properly initialized when performing stale queries
Addresses:
- https://github.com/hashicorp/consul-replicate/issues/82
- https://github.com/hashicorp/consul/issues/3975
- https://github.com/hashicorp/consul-template/issues/1131
2018-08-23 12:06:39 -04:00
26a21df014
Merge branch 'master' into ca-snapshot-fix
2018-08-16 13:00:54 -07:00
af4b037c52
fsm: add connect service config to snapshot/restore test
2018-08-16 12:58:54 -07:00
43a68822e3
Added code to allow snapshot inclusion of NodeMeta ( #4527 )
2018-08-16 15:33:35 -04:00
880eccb502
fsm: add missing CA config to snapshot/restore logic
2018-08-16 11:58:50 -07:00
fd83063686
autopilot: don't follow the normal server removal rules for nonvoters
2018-08-14 14:24:51 -07:00
aa19559cc7
Fix stats fetcher healthcheck RPCs not being independent
2018-08-14 14:23:52 -07:00
a16f34058b
Display more information about check being not properly added when it fails ( #4405 )
...
* Display more information about check being not properly added when it fails
It follows an incident where we add lots of error messages:
[WARN] consul.fsm: EnsureRegistration failed: failed inserting check: Missing service registration
That seems related to Consul failing to restart on respective agents.
Having Node information as well as service information would help diagnose the issue.
* Renamed ensureCheckIfNodeMatches() as requested by @banks
2018-08-14 17:45:33 +01:00
821a91ca31
Allow to rename nodes with IDs, will fix #3974 and #4413 ( #4415 )
...
* Allow to rename nodes with IDs, will fix #3974 and #4413
This change allow to rename any well behaving recent agent with an
ID to be renamed safely, ie: without taking the name of another one
with case insensitive comparison.
Deprecated behaviour warning
----------------------------
Due to asceding compatibility, it is still possible however to
"take" the name of another name by not providing any ID.
Note that when not providing any ID, it is possible to have 2 nodes
having similar names with case differences, ie: myNode and mynode
which might lead to DB corruption on Consul server side and
lead to server not properly restarting.
See #3983 and #4399 for Context about this change.
Disabling registration of nodes without IDs as specified in #4414
should probably be the way to go eventually.
* Removed the case-insensitive search when adding a node within the else
block since it breaks the test TestAgentAntiEntropy_Services
While the else case is probably legit, it will be fixed with #4414 in
a later release.
* Added again the test in the else to avoid duplicated names, but
enforce this test only for nodes having IDs.
Thus most tests without any ID will work, and allows us fixing
* Added more tests regarding request with/without IDs.
`TestStateStore_EnsureNode` now test registration and renaming with IDs
`TestStateStore_EnsureNodeDeprecated` tests registration without IDs
and tests removing an ID from a node as well as updated a node
without its ID (deprecated behaviour kept for backwards compatibility)
* Do not allow renaming in case of conflict, including when other node has no ID
* Fixed function GetNodeID that was not working due to wrong type when searching node from its ID
Thus, all tests about renaming were not working properly.
Added the full test cas that allowed me to detect it.
* Better error messages, more tests when nodeID is not a valid UUID in GetNodeID()
* Added separate TestStateStore_GetNodeID to test GetNodeID.
More complete test coverage for GetNodeID
* Added new unit test `TestStateStore_ensureNoNodeWithSimilarNameTxn`
Also fixed comments to be clearer after remarks from @banks
* Fixed error message in unit test to match test case
* Use uuid.ParseUUID to parse Node.ID as requested by @mkeeler
2018-08-10 11:30:45 -04:00
d98d02777f
PR to fix TestAgent_IndexChurn and TestPreparedQuery_Wrapper. ( #4512 )
...
* Fixes TestAgent_IndexChurn
* Fixes TestPreparedQuery_Wrapper
* Increased sleep in agent_test for IndexChurn to 500ms
* Made the comment about joinWAN operation much less of a cliffhanger
2018-08-09 12:40:07 -04:00
a343392f63
consul: Update buffer sizes
2018-08-08 10:26:58 -07:00
cfa436dc16
Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix." ( #4497 )
...
* Revert "BUGFIX: Unit test relying on WaitForLeader() did not work due to wrong test (#4472 )"
This reverts commit cec5d7239621e0732b3f70158addb1899442acb3.
* Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix. (#4493 )"
This reverts commit 589b589b53e56af38de25db9b56967bdf1f2c069.
2018-08-07 08:29:48 -04:00
fd927ea110
BUGFIX: Unit test relying on WaitForLeader() did not work due to wrong test ( #4472 )
...
- Improve resilience of testrpc.WaitForLeader()
- Add additionall retry to CI
- Increase "go test" timeout to 8m
- Add wait for cluster leader to several tests in the agent package
- Add retry to some tests in the api and command packages
2018-08-06 19:46:09 -04:00
29c181f5fa
CA initialization while boostrapping and TestLeader_ChangeServerID fix. ( #4493 )
...
* connect: fix an issue with Consul CA bootstrapping being interrupted
* streamline change server id test
2018-08-06 16:15:24 -04:00
42ab07b398
fix inconsistency in TestConnectCAConfig_GetSet
2018-07-26 07:46:47 -07:00
ecc02c6aee
Merge pull request #4400 from hashicorp/leaf-cert-ttl
...
Add configurable leaf cert TTL to Connect CA
2018-07-25 17:53:25 -07:00
217137b775
Fixes #4421 : General solution to stop blocking queries with index 0 ( #4437 )
...
* Fix theoretical cache collision bug if/when we use more cache types with same result type
* Generalized fix for blocking query handling when state store methods return zero index
* Refactor test retry to only affect CI
* Undo make file merge
* Add hint to error message returned to end-user requests if Connect is not enabled when they try to request cert
* Explicit error for Roots endpoint if connect is disabled
* Fix tests that were asserting old behaviour
2018-07-25 20:26:27 +01:00
a125735d76
connect/ca: check LeafCertTTL when rotating expired roots
2018-07-20 16:04:04 -07:00
45ec8849f3
connect/ca: add configurable leaf cert TTL
2018-07-16 13:33:37 -07:00
cc46d59269
Merge pull request #4379 from hashicorp/persist-intermediates
...
connect: persist intermediate CAs on leader change
2018-07-12 12:09:13 -04:00
965fc9cf62
Revert "Allow changing Node names since Node now have IDs"
2018-07-12 11:19:21 -04:00
d8a4d9137b
Fixup formatting
2018-07-12 10:14:26 -04:00
d63c5807cf
Revert PR 4294 - Catalog Register: Generate UUID for services registered without one
...
UUID auto-generation here causes trouble in a few cases. The biggest being older
nodes reregistering will fail when the UUIDs are different and the names match
This reverts commit 0f700340828f464449c2e0d5a82db0bc5456d385.
This reverts commit d1a8f9cb3f6f48dd9c8d0bc858031ff6ccff51d0.
This reverts commit cf69ec42a418ab6594a6654e9545e12160f30970.
2018-07-12 10:06:50 -04:00
2a40f93ac8
connect: use reflect.DeepEqual instead for test
2018-07-11 13:10:58 -07:00
42729d5aff
Merge pull request #3983 from pierresouchay/node_renaming
...
Allow changing Node names since Node now have IDs
2018-07-11 16:03:02 -04:00
f9a35a9338
connect: add provider state to snapshots
2018-07-11 11:34:49 -07:00
9c21cc7ac9
connect: update leader initializeCA comment
2018-07-11 10:00:42 -07:00
db254f0991
connect: persist intermediate CAs on leader change
2018-07-11 09:44:30 -07:00
3d0a960470
When renaming a node, ensure the name is not taken by another node.
...
Since DNS is case insensitive and DB as issues when similar names with different
cases are added, check for unicity based on case insensitivity.
Following another big incident we had in our cluster, we also validate
that adding/renaming a not does not conflicts with case insensitive
matches.
We had the following error once:
- one node called: mymachine.MYDC.mydomain was shut off
- another node (different ID) was added with name: mymachine.mydc.mydomain before
72 hours
When restarting the consul server of domain, the consul server restarted failed
to start since it detected an issue in RAFT database because
mymachine.MYDC.mydomain and mymachine.mydc.mydomain had the same names.
Checking at registration time with case insensitivity should definitly fix
those issues and avoid Consul DB corruption.
2018-07-11 14:42:54 +02:00
22c5951ec4
Merge pull request #4303 from pierresouchay/non_blocking_acl
...
Only send one single ACL cache refresh across network when TTL is over
2018-07-10 08:57:33 -04:00
0b50b84429
Agent/Proxy: Formatting and test cases fix
2018-07-09 12:46:10 -04:00
883b2a518a
Store the time CARoot is rotated out instead of when to prune
2018-07-06 16:05:25 -07:00
3c520019e9
connect/ca: add logic for pruning old stale RootCA entries
2018-07-02 10:35:05 -07:00
95a0ab9f99
Updated swith case to use same branch for async-cache and extend-cache
2018-07-02 17:39:34 +02:00
6dfbbf1350
Updated documentation and adding more test case for async-cache
2018-07-01 23:50:30 +02:00
382bec0897
Added async-cache with similar behaviour as extend-cache but asynchronously
2018-07-01 23:50:30 +02:00
da9c91fd3d
Only send one single ACL cache refresh across network when TTL is over
...
It will allow the following:
* when connectivity is limited (saturated linnks between DCs), only one
single request to refresh an ACL will be sent to ACL master DC instead
of statcking ACL refresh queries
* when extend-cache is used for ACL, do not wait for result, but refresh
the ACL asynchronously, so no delay is not impacting slave DC
* When extend-cache is not used, keep the existing blocking mechanism,
but only send a single refresh request.
This will fix https://github.com/hashicorp/consul/issues/3524
2018-07-01 23:50:30 +02:00
02719c52ff
Move starting enterprise functionality
2018-06-29 17:38:29 -04:00
66af873639
Move default uuid test into the consul package
2018-06-27 09:21:58 -04:00
dbc407cec9
go fmt changes
2018-06-27 09:07:22 -04:00
95291ec5ed
Make sure to generate UUIDs when services are registered without one
...
This makes the behavior line up with the docs and expected behavior
2018-06-26 17:04:08 -04:00
1da3c42867
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
859eaea5c4
connect/ca: pull the cluster ID from config during a rotation
2018-06-25 12:25:42 -07:00
fcc5dc6110
connect/ca: leave blank root key/cert out of the default config (unnecessary)
2018-06-25 12:25:42 -07:00
f3089a6647
connect/ca: undo the interface changes and use sign-self-issued in Vault
2018-06-25 12:25:42 -07:00
cea94d0bcf
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
7b0845ccde
connect/ca: fix vault provider URI SANs and test
2018-06-25 12:25:41 -07:00
a98b85b25c
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
b4fbeb0453
Note leadership issues in comments
2018-06-25 12:25:41 -07:00
824a9b4943
Actually return Intermediate certificates bundled with a leaf!
2018-06-25 12:25:40 -07:00
81bd1b43a3
Fix hot loop in cache for RPC returning zero index.
2018-06-25 12:25:37 -07:00
d6b13463ed
Fix misc test failures (some from other PRs)
2018-06-25 12:25:13 -07:00
1283373a64
Only set precedence on write path
2018-06-25 12:25:13 -07:00
22b95283e9
Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
2018-06-25 12:25:13 -07:00
e2938138f6
Sort intention list by precedence
2018-06-25 12:25:13 -07:00
a242e5b130
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
4ebddd6adb
agent/consul: set precedence value on struct itself
2018-06-25 12:24:16 -07:00
52c10d2208
agent/consul: support a Connect option on prepared query request
2018-06-25 12:24:12 -07:00
e8c899b1b8
agent/consul: prepared query supports "Connect" field
2018-06-25 12:24:11 -07:00
ad382d7351
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
a3e0ac1ee3
agent/consul/state: support querying by Connect native
2018-06-25 12:24:08 -07:00
8e02bbc897
agent/consul: support catalog registration with Connect native
2018-06-25 12:24:07 -07:00
6ccc4f39db
Merge pull request #4216 from hashicorp/rpc-limiting
...
Make RPC limits reloadable
2018-06-20 09:05:28 -04:00
787ce3b269
agent: address feedback
2018-06-14 09:42:20 -07:00
b5b29cd6af
agent: rename test to check
2018-06-14 09:42:18 -07:00
a48ff54318
agent/consul: forward request if necessary
2018-06-14 09:42:17 -07:00
b02502be73
agent: comments to point to differing logic
2018-06-14 09:42:17 -07:00
526cfc34bd
agent/consul: implement Intention.Test endpoint
2018-06-14 09:42:17 -07:00
bd5eb8b749
Add default CA config back - I didn't add it and causes nil panics
2018-06-14 09:42:17 -07:00
dbcf286d4c
Ooops remove the CA stuff from actual server defaults and make it test server only
2018-06-14 09:42:16 -07:00
834ed1d25f
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
30d90b3be4
Generate CSR using real trust-domain
2018-06-14 09:42:16 -07:00
5a1408f186
Add CSR signing verification of service ACL, trust domain and datacenter.
2018-06-14 09:42:16 -07:00
c808833a78
Return TrustDomain from CARoots RPC
2018-06-14 09:42:15 -07:00
d1265bc38b
Rename some of the CA structs/files
2018-06-14 09:42:15 -07:00
1660f9ebab
Add more metadata to structs.CARoot
2018-06-14 09:42:15 -07:00
baf4db1c72
Use provider state table for a global serial index
2018-06-14 09:42:15 -07:00
c90b353eea
Move connect CA provider to separate package
2018-06-14 09:42:15 -07:00
54a1662da8
agent/consul: change provider wait from goto to a loop
2018-06-14 09:42:14 -07:00
749f81373f
agent/consul: check nil on getCAProvider result
2018-06-14 09:42:14 -07:00
c57405b323
agent/consul: retry reading provider a few times
2018-06-14 09:42:14 -07:00
dcd277de8a
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
b28e11fdd3
Fill out connect CA rpc endpoint tests
2018-06-14 09:42:06 -07:00
7c0976208d
Add tests for the built in CA's state store table
2018-06-14 09:42:06 -07:00
19b9399f2f
Add more tests for built-in provider
2018-06-14 09:42:06 -07:00
a29f3c6b96
Fix some inconsistencies around the CA provider code
2018-06-14 09:42:06 -07:00
2167713226
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
02fef5f9a2
Move ConsulCAProviderConfig into structs package
2018-06-14 09:42:04 -07:00
887cc98d7e
Simplify the CAProvider.Sign method
2018-06-14 09:42:04 -07:00
44b30476cb
Simplify the CA provider interface by moving some logic out
2018-06-14 09:42:04 -07:00
aa10fb2f48
Clarify some comments and names around CA bootstrapping
2018-06-14 09:42:04 -07:00
43f13d5a0b
Add cross-signing mechanism to root rotation
2018-06-14 09:42:00 -07:00
bbfcb278e1
Add the root rotation mechanism to the CA config endpoint
2018-06-14 09:41:59 -07:00
a585a0ba10
Have the built in CA store its state in raft
2018-06-14 09:41:59 -07:00
80eddb0bfb
Fix the testing endpoint's root set op
2018-06-14 09:41:59 -07:00
fc9ef9741b
Hook the CA RPC endpoint into the provider interface
2018-06-14 09:41:59 -07:00
a40db26ffe
Add CA bootstrapping on establishing leadership
2018-06-14 09:41:59 -07:00
e26819ed9c
Add the bootstrap config for the CA
2018-06-14 09:41:59 -07:00
ebdda17a30
Add CA config set to fsm operations
2018-06-14 09:41:58 -07:00
f7ff16669f
Add the Connect CA config to the state store
2018-06-14 09:41:58 -07:00
9d11cd9bf4
Fix various test failures and vet warnings.
...
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
2018-06-14 09:41:58 -07:00
280382c25f
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
adc5589329
Allow duplicate source or destination, but enforce uniqueness across all four.
2018-06-14 09:41:57 -07:00
1985655dff
agent/consul/state: ensure exactly one active CA exists when setting
2018-06-14 09:41:54 -07:00
da1bc48372
agent/connect: rename SpiffeID to CertURI
2018-06-14 09:41:53 -07:00
b0315811b9
agent/connect: use proper keyusage fields for CA and leaf
2018-06-14 09:41:53 -07:00
2026cf3753
agent/consul: encode issued cert serial number as hex encoded
2018-06-14 09:41:53 -07:00
746f80639a
agent: /v1/connect/ca/configuration PUT for setting configuration
2018-06-14 09:41:52 -07:00
2dfca5dbc2
agent/consul/fsm,state: snapshot/restore for CA roots
2018-06-14 09:41:52 -07:00
17d6b437d2
agent/consul/fsm,state: tests for CA root related changes
2018-06-14 09:41:52 -07:00
a8510f8224
agent/consul: set more fields on the issued cert
2018-06-14 09:41:52 -07:00
58b6f476e8
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
80a058a573
agent/consul: CAS operations for setting the CA root
2018-06-14 09:41:51 -07:00
712888258b
agent/consul: tests for CA endpoints
2018-06-14 09:41:51 -07:00
1928c07d0c
agent/consul: key the public key of the CSR, verify in test
2018-06-14 09:41:51 -07:00
9a8653f45e
agent/consul: test for ConnectCA.Sign
2018-06-14 09:41:51 -07:00
a360c5cca4
agent/consul: basic sign endpoint not tested yet
2018-06-14 09:41:51 -07:00
24830f4cfa
agent/consul: RPC endpoints to list roots
2018-06-14 09:41:50 -07:00
cfb62677c0
agent/consul/state: CARoot structs and initial state store
2018-06-14 09:41:49 -07:00
7e8d606717
agent: address PR feedback
2018-06-14 09:41:49 -07:00
f9a55aa7e0
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
62cbb892e3
agent/consul: Health.ServiceNodes ACL check for Connect
2018-06-14 09:41:49 -07:00
641c982480
agent/consul: Catalog endpoint ACL requirements for Connect proxies
2018-06-14 09:41:49 -07:00
566c98b2fc
agent/consul: require name for proxies
2018-06-14 09:41:48 -07:00
daaa6e2403
agent: clean up connect/non-connect duplication by using shared methods
2018-06-14 09:41:48 -07:00
119ffe3ed9
agent/consul: implement Health.ServiceNodes for Connect, DNS works
2018-06-14 09:41:47 -07:00
253256352c
agent/consul: Catalog.ServiceNodes supports Connect filtering
2018-06-14 09:41:47 -07:00
06957f6d7f
agent/consul/state: ConnectServiceNodes
2018-06-14 09:41:47 -07:00
200100d3f4
agent/consul: enforce ACL on ProxyDestination
2018-06-14 09:41:47 -07:00
8a72826483
agent/consul: proxy registration and tests
2018-06-14 09:41:46 -07:00
8777ff139c
agent: test /v1/catalog/node/:node to list connect proxies
2018-06-14 09:41:46 -07:00
761b561946
agent: /v1/catalog/service/:service works with proxies
2018-06-14 09:41:46 -07:00
58bff8dd05
agent/consul/state: convert proxy test to testify/assert
2018-06-14 09:41:46 -07:00
09568ce7b5
agent/consul/state: service registration with proxy works
2018-06-14 09:41:46 -07:00
23ee0888ec
agent/consul: convert intention ACLs to testify/assert
2018-06-14 09:41:46 -07:00
6a8bba7d48
agent/consul,structs: add tests for ACL filter and prefix for intentions
2018-06-14 09:41:45 -07:00
3e10a1ae7a
agent/consul: Intention.Match ACLs
2018-06-14 09:41:45 -07:00
db44a98a2d
agent/consul: Intention.Get ACLs
2018-06-14 09:41:45 -07:00
fd840da97a
agent/consul: Intention.Apply ACL on rename
2018-06-14 09:41:45 -07:00
14ca93e09c
agent/consul: tests for ACLs on Intention.Apply update/delete
2018-06-14 09:41:45 -07:00
c54be9bc09
agent/consul: Basic ACL on Intention.Apply
2018-06-14 09:41:44 -07:00
1d0b4ceedb
agent: convert all intention tests to testify/assert
2018-06-14 09:41:44 -07:00
f07340e94f
agent/consul/fsm,state: snapshot/restore for intentions
2018-06-14 09:41:44 -07:00
6f33b2d070
agent: use UTC time for intention times, move empty list check to
...
agent/consul
2018-06-14 09:41:43 -07:00
67b017c95c
agent/consul/fsm: switch tests to use structs.TestIntention
2018-06-14 09:41:43 -07:00
3a00564411
agent/consul/state: need to set Meta for intentions for tests
2018-06-14 09:41:43 -07:00
027dad8672
agent/consul/state: remove TODO
2018-06-14 09:41:43 -07:00
37f66e47ed
agent: use testing intention to get valid intentions
2018-06-14 09:41:43 -07:00
04bd4af99c
agent/consul: set default intention SourceType, validate it
2018-06-14 09:41:43 -07:00
8e2462e301
agent/structs: Intention validation
2018-06-14 09:41:42 -07:00
d34ee200de
agent/consul: support intention description, meta is non-nil
2018-06-14 09:41:42 -07:00
e81d1c88b7
agent/consul/fsm: add tests for intention requests
2018-06-14 09:41:42 -07:00
2b047fb09b
agent,agent/consul: set default namespaces
2018-06-14 09:41:42 -07:00
e630d65d9d
agent/consul: set CreatedAt, UpdatedAt on intentions
2018-06-14 09:41:42 -07:00
e9d208bcb6
agent/consul: RPC endpoint for Intention.Match
2018-06-14 09:41:42 -07:00
987b7ce0a2
agent/consul/state: IntentionMatch for performing match resolution
2018-06-14 09:41:41 -07:00
bebe6870ff
agent/consul: test that Apply works to delete an intention
2018-06-14 09:41:41 -07:00
95e1c92edf
agent/consul/state,fsm: support for deleting intentions
2018-06-14 09:41:41 -07:00
32ad54369c
agent/consul: creating intention must not have ID set
2018-06-14 09:41:40 -07:00
f219c766cb
agent/consul: support updating intentions
2018-06-14 09:41:40 -07:00
37572829ab
agent: GET /v1/connect/intentions/:id
2018-06-14 09:41:40 -07:00
2a8a2f8167
agent/consul: Intention.Get endpoint
2018-06-14 09:41:40 -07:00
48b9a43f1d
agent/consul: Intention.Apply, FSM methods, very little validation
2018-06-14 09:41:39 -07:00
b19a289596
agent/consul: start Intention RPC endpoints, starting with List
2018-06-14 09:41:39 -07:00
8b0ac7d9c5
agent/consul/state: list intentions
2018-06-14 09:41:39 -07:00
c05bed86e1
agent/consul/state: initial work on intentions memdb table
2018-06-14 09:41:39 -07:00
3ed73961b3
Attach server.Name label to client.rpc.failed
2018-06-13 14:56:14 +01:00
bda575074e
Attach server.ID label to client.rpc.failed
2018-06-13 14:53:44 +01:00
edd6a69541
Client: add metric for failed RPC calls to server
2018-06-13 12:35:45 +01:00
c41fa6c010
Add a Client ReloadConfig test
2018-06-11 16:23:51 -04:00
c5d9c2362f
Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
...
# Conflicts:
# agent/agent.go
# agent/consul/client.go
2018-06-11 16:11:36 -04:00
c589991452
Apply the limits to the clients rpcLimiter
2018-06-11 15:51:17 -04:00
14661a417b
Allow for easy enterprise/oss coexistence
...
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
88514d6a82
Add support for reverse lookup of services
2018-05-19 19:39:02 +02:00
7400a78f8a
Change default raft threshold config values and add a section to upgrade notes
2018-05-11 10:45:41 -05:00
e28c5fbb4e
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
eb4bc79118
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
e611b1728a
Merge pull request #4097 from hashicorp/remove-deprecated
...
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
60307ef328
Remove deprecated metric names
2018-05-08 16:23:15 -07:00
c55885efd8
Merge pull request #3970 from pierresouchay/node_health_should_change_service_index
...
[BUGFIX] When a node level check is removed, ensure all services of node are notified
2018-05-08 16:44:50 +01:00
ee47eb7d7d
Added Missing Service Meta synchronization and field
2018-04-21 17:34:29 +02:00
1b55e3559b
Allow renaming nodes when ID is unchanged
2018-04-18 15:39:38 +02:00
be10300d06
Update make static-assets goal and run format
2018-04-13 09:57:25 -07:00
ed94d356e0
Merge pull request #4023 from hashicorp/f-near-ip
...
Add near=_ip support for prepared queries
2018-04-12 12:10:48 -04:00
aa9151738a
GH-3798: A couple more PR updates
...
Test HTTP/DNS source IP without header/extra EDNS data.
Add WARN log for when prepared query with near=_ip is executed without specifying the source ip
2018-04-12 10:10:37 -04:00
3a0f7789ec
GH-3798: A few more PR updates
2018-04-11 20:32:35 -04:00
de3a9be3d0
GH-3798: Updates for PR
...
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
2018-04-11 17:02:04 -04:00
89cd24aeca
GH-3798: Add near=_ip support for prepared queries
2018-04-10 14:50:50 -04:00
2ed0d2afcd
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727 .
2018-04-10 14:04:16 +01:00
d9d9944179
Renames agent API layer for service metadata to "meta" for consistency
2018-03-28 09:04:50 -05:00
8dacb12c79
Merge pull request #3881 from pierresouchay/service_metadata
...
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
b9ae4e647f
Added validation of ServiceMeta in Catalog
...
Fixed Error Message when ServiceMeta is not valid
Added Unit test for adding a Service with badly formatted ServiceMeta
2018-03-27 22:22:42 +02:00
17a011b9bd
fix typo and remove comment
2018-03-27 14:28:05 -05:00
6d16afc65c
Remove unnecessary nil checks
2018-03-27 10:59:42 -05:00
c21c2da690
Fix test and remove unused method
2018-03-27 09:44:41 -05:00
512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
eccb56ade0
Added support for renaming nodes when their IP does not change
2018-03-26 16:44:13 +02:00
90d2f7bca1
Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index
2018-03-22 13:07:11 +01:00
9cc9dce848
More test cases
2018-03-22 12:41:06 +01:00
7e8e4e014b
Added new test regarding checks index
2018-03-22 12:20:25 +01:00
a8b66fb7aa
Fixed minor typo in comments
...
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
3eb287f57d
Fixed typo in comments
2018-03-19 17:12:08 +01:00
eb2a4eaea3
Refactoring to have clearer code without weird bool
2018-03-19 16:12:54 +01:00
a5f6ac0df4
[BUGFIX] When a node level check is removed, ensure all services of node are notified
...
Bugfix for https://github.com/hashicorp/consul/pull/3899
When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.
If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
881d20c606
🐛 Formatting changes only; add missing trailing commas
2018-03-15 10:19:46 -07:00
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
...
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
85b73f8163
Simplified error handling for maxIndexForService
...
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
77d35f1829
Remove extra newline
2018-02-21 13:21:47 -06:00
573500dc51
Unit test that calls revokeLeadership twice to make sure its idempotent
2018-02-21 12:48:53 -06:00
bd270b02ba
Make sure revokeLeadership is called if establishLeadership errors
2018-02-21 12:33:22 -06:00
535842004c
Test autopilots start/stop idempotency
2018-02-21 10:19:30 -08:00
4d99696f02
Improve autopilot shutdown to be idempotent
2018-02-20 15:51:59 -08:00
e6d85cb36a
Fixed comments for function maxIndexForService
2018-02-20 23:57:28 +01:00
b26ea3c230
[Revert] Only update services if tags are different
...
This patch did give some better results, but break watches on
the services of a node.
It is possible to apply the same optimization for nodes than
to services (one index per instance), but it would complicate
further the patch.
Let's do it in another PR.
2018-02-20 23:34:42 +01:00
903e866835
Only update services if tags are different
2018-02-20 23:08:04 +01:00
56d5c0bf22
Enable Raft index optimization per service name on health endpoint
...
Had to fix unit test in order to check properly indexes.
2018-02-20 01:35:50 +01:00
ec1b278595
Get only first service to test whether we have to cleanup index of a service
2018-02-19 22:44:49 +01:00
523feb0be4
Fixed comment about raftIndex + use test.Helper()
2018-02-19 19:30:25 +01:00
4c188c1d08
Services Indexes modified per service instead of using a global Index
...
This patch improves the watches for services on large cluster:
each service has now its own index, such watches on a specific service
are not modified by changes in the global catalog.
It should improve a lot the performance of tools such as consul-template
or libraries performing watches on very large clusters with many
services/watches.
2018-02-19 18:29:22 +01:00
05666113a4
remove golint warnings
2018-01-28 22:40:13 +04:00
0e76d62846
Reset clusterHealth when autopilot starts
2018-01-23 12:52:28 -08:00
6d1dbe6cc4
Move autopilot health loop into leader operations
2018-01-23 11:17:41 -08:00
62e97a6602
Fixes a `go fmt` cleanup.
2017-12-20 13:43:38 -08:00
74b0c58831
Fix vet error
2017-12-18 18:04:42 -08:00
dfc165a47b
Move autopilot initializing to oss file
2017-12-18 18:02:44 -08:00
044c38aa7b
Move autopilot setup to a separate file
2017-12-18 16:55:51 -08:00
9e1ba6fb4e
Make some final tweaks to autopilot package
2017-12-18 12:26:47 -08:00
6b58df5898
Merge pull request #3737 from hashicorp/autopilot-refactor
...
Move autopilot to a standalone package
2017-12-15 14:09:40 -08:00
262cbbd9ca
Merge pull request #3728 from weiwei04/fix_globalRPC_goroutine_leak
...
fix globalRPC goroutine leak
2017-12-14 17:54:19 -08:00
798aca92c5
Expose IsPotentialVoter for advanced autopilot logic
2017-12-13 17:53:51 -08:00
a4ac148077
Merge branch 'master' into autopilot-refactor
2017-12-13 11:54:32 -08:00
6c985132de
A few last autopilot adjustments
2017-12-13 11:19:17 -08:00
77d92bf15c
More autopilot reorganizing
2017-12-13 10:57:37 -08:00
984de6e2e0
Adds TODOs referencing #3744 .
2017-12-13 10:52:06 -08:00
f347c8a531
More refactoring to make autopilot consul-agnostic
2017-12-12 17:46:28 -08:00
8546a1d3c6
Move autopilot to a standalone package
2017-12-11 16:45:33 -08:00
32b64575d1
Moves Serf helper into lib to fix import cycle in consul-enterprise.
2017-12-07 16:57:58 -08:00
c16cce80bb
Turns of intent queue warnings and enables dynamic queue sizing.
2017-12-07 16:27:06 -08:00
04531ff0fb
fix globalRPC goroutine leak
...
Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-12-05 11:53:30 +08:00
c4bc89a187
Creates a registration mechanism for snapshot and restore.
2017-11-29 18:36:53 -08:00
8571555703
Begins split out of snapshots from the main FSM class.
2017-11-29 18:36:53 -08:00
4eaee8e0ba
Creates a registration mechanism for FSM commands.
2017-11-29 18:36:53 -08:00
3e7ea1931c
Moves the FSM into its own package.
...
This will help make it clearer what happens when we add some registration
plumbing for the different operations and snapshots.
2017-11-29 18:36:53 -08:00
7f3783f4be
Resolves an FSM snapshot TODO.
...
This adds checks for sink write calls before we continue the refactor, which
will resolve the other TODO comment we deleted as part of this change.
2017-11-29 18:36:53 -08:00
Pierre Souchay