Commit graph

35 commits

Author SHA1 Message Date
Ryan Uber 2e92e19760 agent: refactor keyring loader 2014-11-19 16:31:06 -08:00
Ryan Uber 8a4ed84711 consul: first pass at keyring integration 2014-11-19 16:30:20 -08:00
Atin Malaviya 2bd0e8c745 consul.Config() helper to generate the tlsutil.Config{} struct, 30 second keepalive, use keepalive for HTTP and HTTPS 2014-11-18 17:56:48 -05:00
Atin Malaviya b4424a1a50 Moved TLS Config stuff to tlsutil package 2014-11-18 11:03:36 -05:00
Armon Dadgar 3a1d686444 consul: Adding user event handler for callbacks 2014-08-26 19:04:07 -07:00
Armon Dadgar ca6a8aef55 agent: Adding ACL master token 2014-08-18 15:46:20 -07:00
Armon Dadgar ebae394863 consul: ACL setting passthrough 2014-08-18 15:46:20 -07:00
Armon Dadgar 020802f7a5 Merge pull request #233 from nelhage/tls-no-subjname
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage 627b2e455f Add some basic smoke tests for wrapTLSclient.
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage 0a2476b20e Restore the 0.2 TLS verification behavior.
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.

As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.

If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.

No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar 80b86c9ee9 Rename Expect to BootstrapExpect. Fixes #223. 2014-06-19 17:08:55 -07:00
Robert Xu 31c392813c Add expect bootstrap '-expect=n' mode.
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.

If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.

Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar 91373968a8 Adding server_name configuration for TLS 2014-06-13 11:10:27 -07:00
Armon Dadgar b5bd20634a consul: Gossip the build using Serf 2014-06-06 15:36:40 -07:00
Armon Dadgar 74452a5ae0 consul: Add new protocol version for yamux 2014-05-28 16:32:24 -07:00
Armon Dadgar c98736b8ae Merge pull request #174 from nelhage/multi-ca-cert
Allow multiple PEM-encoded certificates in the ca_file.
2014-05-27 10:47:41 -07:00
William Tisäter 405dfd99c1 Fix tests on Go 1.3 and greater
Go 1.3 and greater require ServerName or InsecureSkipVerify to be set.

https://codereview.appspot.com/67010043/
2014-05-27 00:47:47 +02:00
Nelson Elhage 7d4824ade7 Allow multiple PEM-encoded certificates in the ca_file.
fixes #167
2014-05-26 10:58:57 -07:00
Armon Dadgar 5fa10c912e Support rejoin after leave. Fixes #110. 2014-05-21 12:32:24 -07:00
Armon Dadgar c77666669b consul: Fix decoding of certificate 2014-04-07 15:07:00 -07:00
Armon Dadgar 80de0f8789 consul: Adding basic TLS configuraiton 2014-04-07 15:06:59 -07:00
Armon Dadgar fad79e1f8e consul: Increase default reap time to 3 days 2014-03-20 12:39:06 -07:00
Armon Dadgar 6fba03db8f consul: Adding protocol version numbers 2014-03-09 15:18:36 -07:00
Armon Dadgar 7534346103 agent: Adding server up callback to make state sync faster 2014-02-07 12:11:34 -08:00
Armon Dadgar e1692fb0a0 Adding a ReconcileInterval config 2014-01-09 15:44:25 -08:00
Armon Dadgar ce79f27364 Adding support for advertise address 2013-12-31 16:45:13 -08:00
Armon Dadgar 7f2feeb7eb Testing Raft advertise addr 2013-12-31 15:44:27 -08:00
Armon Dadgar a88bef821a Guard against a bad advertise address 2013-12-31 14:00:25 -08:00
Armon Dadgar 3c00ba3864 Update for the new Serf config 2013-12-27 12:51:15 -08:00
Armon Dadgar 69ed0ec184 Adding a bootstrap flag to allow single server raft 2013-12-24 16:48:07 -08:00
Armon Dadgar 0e4b5720d9 Filling in Agent basics 2013-12-20 15:33:13 -08:00
Armon Dadgar 5ab00f34ee consul: Remove the RaftBindAddr 2013-12-09 14:22:23 -08:00
Armon Dadgar af9176bca0 consul: Add+test JoinLAN/JoinWAN 2013-12-06 17:18:09 -08:00
Armon Dadgar 0bf9a8fb1c consul: Basic RPC framework 2013-12-06 16:35:13 -08:00
Armon Dadgar 94ff23d2a4 consul: adding basic skeleton 2013-12-06 15:43:07 -08:00