3cbdade3b8
agent/config: support configuring alias check
2018-07-12 09:36:10 -07:00
0a365b1a4f
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
...
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
eccadda019
Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing
2018-07-12 07:49:23 -04:00
240e2affcd
Use type switch instead of .Network for more reliably detecting UnixAddrs
2018-07-12 07:30:17 -04:00
09ff064bc7
Look specifically for tcp instead of unix
...
Add runtime -> api.Config tests
2018-07-11 17:25:36 -04:00
1e5e9fd8cd
PR Updates
...
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
a124512ce3
Merge pull request #4365 from pierresouchay/fix_test_warning
...
Fixed compilation warning about wrong type
2018-07-10 16:53:29 -04:00
358e6c8f6a
Pass around an API Config object and convert to env vars for the managed proxy
2018-07-10 12:13:51 -04:00
988acfdc67
Use %q, not %s as it used to
2018-07-10 16:52:08 +02:00
455d8fbea6
Fixed compilation warning about wrong type
...
It fixes the following warnings:
agent/config/builder.go:1201: Errorf format %q has arg s of wrong type *string
agent/config/builder.go:1240: Errorf format %q has arg s of wrong type *string
2018-07-09 23:43:56 +02:00
382bec0897
Added async-cache with similar behaviour as extend-cache but asynchronously
2018-07-01 23:50:30 +02:00
f213c55723
agent/config: parse upstreams with multiple service definitions
2018-06-28 15:13:33 -05:00
1da3c42867
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
cea94d0bcf
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
a97c44c1ba
connect/ca: add URI SAN support to the Vault provider
2018-06-25 12:25:41 -07:00
a98b85b25c
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
ba6e909ed7
Misc test fixes
2018-06-25 12:25:39 -07:00
ca68136ac7
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
6deadef6bd
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
ced9b2bee4
Expose telemetry config from RuntimeConfig to proxy config endpoint
2018-06-25 12:25:38 -07:00
2df422e1e5
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
a8ec3064f5
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
a7690301f9
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
a242e5b130
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
6c77f7883e
Misc comment cleanups
2018-06-25 12:24:16 -07:00
61c7e33a22
agent/config: move ports to `ports` structure, update docs
2018-06-25 12:24:15 -07:00
ad382d7351
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
3bac52480e
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
9cea27c66e
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
bfe2fcbdf1
Update the runtime tests
2018-06-19 13:59:26 -04:00
b9d1e7042a
Make filtering out TXT RRs only apply when they would end up in Additional section
...
ANY queries are no longer affected.
2018-06-19 10:08:16 -04:00
f69c8b85ef
agent/config: add managed proxy upstreams config to skip
...
agent/config will turn [{}] into {} (single element maps into a single
map) to work around HCL issues. These are resolved in HCL2 which I'm
sure Consul will switch to eventually.
This breaks the connect proxy configuration in service definition FILES
since we call this patch function. For now, let's just special-case skip
this. In the future we maybe Consul will adopt HCL2 and fix it, or we
can do something else if we want. This works and is tested.
2018-06-14 09:42:13 -07:00
662f38c625
agent/structs: validate service definitions, port required for proxy
2018-06-14 09:42:13 -07:00
498c63a6f1
agent/config: default connect enabled in dev mode
...
This enables `consul agent -dev` to begin using Connect features with
the built-in CA. I think this is expected behavior since you can imagine
that new users would want to try.
There is no real downside since we're just using the built-in CA.
2018-06-14 09:42:13 -07:00
536f31571b
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
02ab461dae
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
0e184f3f5b
Fix config tests
2018-06-14 09:42:06 -07:00
2167713226
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
c2266b134a
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
78e48fd547
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
6604828009
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
5d3b267787
More docs and removed SnapShotInterval from raft timing struct stanza
2018-05-11 10:43:24 -05:00
e28c5fbb4e
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
9d2dac9db8
fix spacing
2018-05-11 10:43:24 -05:00
eb4bc79118
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
e611b1728a
Merge pull request #4097 from hashicorp/remove-deprecated
...
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
79a3cee3d1
Make it work for WAN join too and add tests
2018-05-10 14:30:24 +01:00
88dc90ecfc
Added support for sockaddr templates in start-join and retry-join configuration
2018-05-10 14:08:41 +01:00
c19b43bf86
Remove unused retry join structs from config
2018-05-08 16:25:34 -07:00
60307ef328
Remove deprecated metric names
2018-05-08 16:23:15 -07:00
a480434517
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
36c5e59465
Remove support for EnableTagOverride in config files
2018-05-07 16:19:13 -07:00
fb3cd87c91
Remove support for CheckID field in service check definitions
2018-05-07 16:15:08 -07:00
27d0b9ce27
Fix telemetry default prefix filter
...
If telemetry metrics contain a hostname starting with
'consul', the metrics will be filtered out the same way
as the deprecated metrics.
2018-05-02 16:56:29 +02:00
ea731031d5
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition
...
[BUGFIX] Added Service Meta support in configuration files
2018-04-25 13:08:53 +01:00
7b752604d5
Improved unit test (example close to actual value)
2018-04-24 23:15:27 +02:00
24185ada0d
Fixed Meta name for JSON + Added unit tests for HCL/JSON
2018-04-24 16:39:43 +02:00
5d0060a9c3
Use safer stringVal()
2018-04-18 23:18:16 +02:00
6e71d8bb44
Added unit test on key length
2018-04-18 23:07:25 +02:00
ef7a35b203
Added unit tests for bad meta values
2018-04-18 22:57:33 +02:00
5c4d8940ea
[BUGFIX] Added Service Meta support in configuration files
...
Fixes https://github.com/hashicorp/consul/issues/4045
Was not added by mistake in https://github.com/hashicorp/consul/pull/3881
2018-04-18 22:18:58 +02:00
e342ced97b
Clearer documentation and comments for enabling Prometheus support
2018-04-09 13:16:45 +02:00
2e495ec8a6
Now use prometheus_retention_time > 0 to enable prometheus support
2018-04-06 14:21:05 +02:00
583744d8c5
Added support exposing metrics in Prometheus format
2018-04-06 09:18:06 +02:00
8fbe3dfceb
Adds discovery_max_stale ( #4004 )
...
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
d9d9944179
Renames agent API layer for service metadata to "meta" for consistency
2018-03-28 09:04:50 -05:00
8dacb12c79
Merge pull request #3881 from pierresouchay/service_metadata
...
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
c21c2da690
Fix test and remove unused method
2018-03-27 09:44:41 -05:00
512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs
2018-03-15 10:30:38 -07:00
2001b9f35f
✅ Match expectation of TLSCipherSuites to values of tls_cipher_suites
2018-03-15 10:19:46 -07:00
ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
e99bf584c9
Fixed TestSanitize unit test
2018-02-11 12:11:11 +01:00
46745eb89b
Add enterprise default config section
2018-02-05 13:33:59 -08:00
0aa05cc5f0
Merge pull request #3855 from hashicorp/pr-3782-slackpad
...
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00
1a08e8c0f1
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00
f191eb2df3
Enforce a valid port for the Serf WAN since it can't be disabled.
...
Fixes #3817
2018-01-19 14:22:23 -08:00
81d0ffc959
Resolve symlinks in config directory
...
Docker/Openshift/Kubernetes mount the config file as a symbolic link and
IsDir returns true if the file is a symlink. Before calling IsDir, the
symlink should be resolved to determine if it points at a file or
directory.
Fixes #3753
2018-01-12 15:43:38 -05:00
ff2aae98f4
Adds more info about how to fix the private IP error.
...
Closes #3790
2018-01-10 09:53:41 -08:00
a45f6ad740
Add gRPC health-check #3073
2018-01-04 16:42:30 -05:00
68c94a5047
Changes maps to merge vs. overwrite when processing configs.
...
Fixes #3716
2017-12-13 16:06:01 -08:00
984de6e2e0
Adds TODOs referencing #3744 .
2017-12-13 10:52:06 -08:00
63011dd393
Copies the autopilot settings from the runtime config.
...
Fixes #3730
2017-12-13 10:32:05 -08:00
6234f0bd46
Renames "segments" to "segment" to be consistent with other files.
2017-11-29 18:36:52 -08:00
ae85cc4070
Skips files with unknown extensions when not forcing a format.
...
Fixes #3685
2017-11-10 18:06:07 -08:00
d5bf4e9c6e
Adds a snapshot agent stub to the config structure.
...
Fixes #3678
2017-11-10 13:50:45 -08:00
532cafe0af
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
3cb1cd3723
config: add -config-format option ( #3626 )
...
* config: refactor ReadPath(s) methods without side-effects
Return the sources instead of modifying the state.
* config: clean data dir before every test
* config: add tests for config-file and config-dir
* config: add -config-format option
Starting with Consul 1.0 all config files must have a '.json' or '.hcl'
extension to make it unambigous how the data should be parsed. Some
automation tools generate temporary files by appending a random string
to the generated file which obfuscates the extension and prevents the
file type detection.
This patch adds a -config-format option which can be used to override
the auto-detection behavior by forcing all config files or all files
within a config directory independent of their extension to be
interpreted as of this format.
Fixes #3620
2017-10-31 17:30:01 -05:00
c2a3f5e007
Merge pull request #3585 from hashicorp/document-runtime-config
...
Moving the previous `agent/config.go` documentation to
`agent/config/runtime.go`.
2017-10-23 10:51:22 +02:00
f3ecef290c
Merge pull request #3598 from hashicorp/issue-3397-error-with-extra-flags
...
The `consul agent` command was ignoring extra command line arguments
which can lead to confusion when the user has for example forgotten to
add a dash in front of an argument or is not using an `=` when setting
boolean flags to `true`. `-bootstrap true` is not the same as
`-bootstrap=true`, for example.
Since all command line flags are known and we don't expect unparsed
arguments we can return an error. However, this may make it slightly
more difficult in the future if we ever wanted to have these kinds of
arguments.
Fixes #3397
2017-10-23 10:47:04 +02:00
c624c72d5c
config: return error on extra command line arguments ( #3397 )
...
The `consul agent` command was ignoring extra command line arguments
which can lead to confusion when the user has for example forgotten to
add a dash in front of an argument or is not using an `=` when setting
boolean flags to `true`. `-bootstrap true` is not the same as
`-bootstrap=true`, for example.
Since all command line flags are known and we don't expect unparsed
arguments we can return an error. However, this may make it slightly
more difficult in the future if we ever wanted to have these kinds of
arguments.
Fixes #3397
2017-10-23 08:07:48 +02:00
c1d249c681
config: rename test struct field to args
2017-10-23 08:07:48 +02:00
88a1f3aa53
config: address review comments
2017-10-23 08:06:26 +02:00
97277de196
config: document remaining config options
2017-10-23 08:06:26 +02:00
638bc0e0ac
config: document more config options
2017-10-23 08:06:26 +02:00
f326eae23e
config: document more config options
2017-10-23 08:06:26 +02:00
6332f4d6a7
config: document more acl options
2017-10-23 08:06:26 +02:00
61c8ee564a
config: document config options
2017-10-23 08:06:26 +02:00
Mitchell Hashimoto