Commit Graph

1521 Commits

Author SHA1 Message Date
Frank Schroeder 3e4dc6e133 agent: use bind address as src unless INADDR_ANY
Use the bind address as source address for outgoing
RPC connections unless it is INADDR_ANY.

The current code uses the advertise address which will
not work in certain environments where the advertise
address is not routable in the network of the agent,
e.g. NAT environment, container... After all, that is
the purpose of the advertise address.

See #2822
2017-05-11 00:34:14 +02:00
Frank Schroeder 27e951d213 agent: use helper for INADDR_ANY 2017-05-11 00:34:14 +02:00
Kyle Havlovitz e4af6583f5 Add a path for transitioning to TLS on an existing cluster (#3001)
Fixes #1705
2017-05-10 14:25:48 -07:00
Frank Schroeder e13f3446ac agent: drop atlas/scada code 2017-05-10 23:06:36 +02:00
Frank Schroeder 091bea4922 test: refactor TestAgent_Leave_ACLDeny to use only one server 2017-05-10 17:42:38 +02:00
Frank Schroeder 9b161bdee3 test: use isPermissionDenied 2017-05-10 17:42:38 +02:00
Frank Schroeder 66c6362a70 test: replace blocks and comments with sub-tests 2017-05-10 17:42:38 +02:00
Frank Schroeder b6eccb51c7 test: inline request body encoding 2017-05-10 17:42:38 +02:00
Frank Schroeder 4174cc283b test: add helper for permission denied check 2017-05-10 17:42:38 +02:00
Frank Schroeder 6073c53089 test: drop error check on http.NewRequest
Most URLs are static so the error check is redundant.
The subsequent test wouldn't work if the url is wrong.
2017-05-10 17:42:38 +02:00
Frank Schroeder c1cbecfe18
agent: Disallow :: or [::] as advertise or advertise-wan address 2017-05-09 17:56:16 +02:00
Frank Schroeder 8821793358
agent: Disallow :: and [::] as service address 2017-05-09 17:56:15 +02:00
Frank Schroeder 66e7b414b0
agent: Disallow 0.0.0.0 as advertise or advertise-wan address
Fixes #2961
2017-05-09 17:56:15 +02:00
Frank Schroeder 5b48fec0dd
agent: Disallow 0.0.0.0 as service address
Fixes #2961
2017-05-09 17:56:15 +02:00
James Phillips 6103198732
Tweaks some tests that were having a hard time in Travis CI and
bumps up the default retry time.
2017-05-09 06:48:26 -07:00
James Phillips 518fae04e4
Updates built-in static assets for web UI. 2017-05-08 19:50:54 -07:00
Frank Schroeder 5c6be1cc7a
test: Fix badly formatted retry.Run tests 2017-05-05 17:07:03 +02:00
Frank Schroeder 17f6ecdd12
test: convert remaining WaitForResult tests 2017-05-05 17:07:03 +02:00
James Phillips 7007c89870
retry: Removes the description parameter. 2017-05-05 17:07:03 +02:00
James Phillips b9fb20d0cf
test: Turns off ACLs for catalog and health WAN translation tests.
Since this was doing registration to a foreign DC, it needs extra time
for the route to the ACL datacenter to be set up. ACLs aren't part of
this test, so by disabling them we make this more reliable and converge
faster than if we had added a retry.
2017-05-05 17:07:03 +02:00
James Phillips c77663fe65
test: Moves a variable closer to where it's used. 2017-05-05 17:07:03 +02:00
James Phillips 2e512d6e6d
test: Turns down server health interval for faster convergence.
This fixes the autopilot tests.
2017-05-05 17:07:02 +02:00
Frank Schroeder 9435cadeee
test: Refactor WaitForResult tests with retry
Refactor tests that use testutil.WaitForResult to use retry.

Since this requires refactoring the test functions in general this patch
also shows the use of the github.com/pascaldekloe/goe/verify library
which provides a good mechanism for comparing nested data structures.
Instead of just converting the tests from testutil.WaitForResult to
retry the tests that performing a nested comparison of data structures
are converted to the verify library at the same time.
2017-05-05 17:07:02 +02:00
Frank Schroeder b1e97baacb
Fix imports 2017-05-05 17:07:00 +02:00
Frank Schroeder f894a4cb7d Use bind address as source for outgoing connections (#2822)
This patch configures consul to use the bind address as the
source address for outgoing connections.

Fixes #2822
2017-05-04 01:41:47 +02:00
Frank Schroeder c772cecaab Do not modify config after creation II
Move code for finding the advertise address via a
template into consulConfig() so that the config
object is not modified after creation.
2017-05-04 01:41:47 +02:00
Frank Schroeder 6b96c9ff91 Do not modify config after creation
Make sure the RPCAdvertise address is always set
so that the configuration does not have to be modified
after creation.
2017-05-04 01:41:47 +02:00
Frank Schroeder 8213222931 Move GCE discovery code to command/agent/config_gce.go 2017-05-04 01:41:47 +02:00
Frank Schroeder 39fae5eac2 Move AWS discovery code to command/agent/config_aws.go 2017-05-04 01:41:47 +02:00
Frank Schroeder 3ea54c48a8 Move verifyUniqueListeners to command/agent/config.go 2017-05-04 01:41:47 +02:00
Frank Schroeder a0b98948d8 Cleanup agent config 2017-05-04 01:41:47 +02:00
Damon Buckwalter e9d6f5b3d0 Itty bitty typo 2017-05-02 16:08:07 -07:00
James Phillips a3e1e8e7e5
Updates static assets to pick up #2712. 2017-05-02 10:52:06 -07:00
Kyle Havlovitz b5ed2ba536 Add separate option for verifying incoming HTTPS traffic (#2974)
* Add separate option for verifying incoming HTTPS traffic
2017-04-28 16:15:55 -07:00
Frank Schroeder 1973e66c07 api: Return empty list instead of nil 2017-04-28 15:00:08 -07:00
Frank Schroeder 2bf668b658 api: Add ServiceTags to Health state endpoint (#153)
This patch adds the ServiceTags to the /v1/health/state/<state>
endpoint.

Fixes #153
2017-04-28 15:00:08 -07:00
Frank Schroeder 7f64689828 Faster dev server startup
This patch reduces the timeouts for the development
server so that it starts up almost instantly.
2017-04-28 14:43:44 -07:00
Frank Schroeder 5bbef3b47e Revert "test: Run command/agent tests in parallel"
This reverts commit 17be40a73310e1a0d2461b175f6214381ac41039.
2017-04-27 14:39:04 -07:00
Frank Schroeder 9305c706e0 test: Do not run RetryJoin tests in parallel
I am suspecting port conflicts with the agents
that are started. This needs further investigation.
2017-04-27 14:39:04 -07:00
Frank Schroeder 9a2063bf6f test: Speedup session renew tests 2017-04-27 10:34:30 -07:00
Frank Schroeder 9db74f5a0e test: Speedup Retry*Join tests 2017-04-27 10:34:30 -07:00
Frank Schroeder 58e0b5cb70 test: Run command/agent tests in parallel 2017-04-27 10:34:30 -07:00
Kyle Havlovitz 42cf797ad9 Add TLS cipher suite options and CA path support (#2963)
This patch adds options to configure the available
TLS cipher suites and adds support for a path
for multiple CA certificates.

Fixes #2959
2017-04-27 01:29:39 -07:00
James Phillips 47640538d4
Updates compiled static assets. 2017-04-25 13:54:03 -07:00
Frank Schroeder 9e2332f6a1 golint: Fix existing comments
This needs more work.
2017-04-25 09:26:13 -07:00
Frank Schroeder 9de4555c0c golint: Untangle if blocks with return in else 2017-04-25 09:26:13 -07:00
Frank Schroeder f50d6871f9 golint: No stutter 2017-04-25 09:26:13 -07:00
Frank Schroeder 8c7bb7b65a golint: Rename fields and structs 2017-04-25 09:26:13 -07:00
Frank Schroeder f4a56d8a44 golint: Replace a += 1 with a++ 2017-04-25 09:26:13 -07:00
Frank Schroeder c7f367af56 golint: Consistent receiver name
Ensure the receiver name is consistent
2017-04-25 09:26:13 -07:00
Frank Schroeder ebdb73d8f2 golint: Drop the unused value from range
for i, _ := range foo -> for i := range foo
2017-04-25 09:26:13 -07:00
Frank Schroeder 9f8f258d4d Remove duplicate constants
This patch removes duplicate internal copies of constants in the structs
package which are also defined in the api package. The api.KVOp type
with all its values for the TXN endpoint and the api.HealthXXX constants
are now used throughout the codebase.

This resulted in some circular dependencies in the testutil package
which have been resolved by copying code and constants and moving the
WaitForLeader function into a separate testrpc package.
2017-04-20 09:54:49 -07:00
Frank Schroeder 58c3b1ff38 Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:

gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)'  *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 09:02:59 -07:00
Kyle Havlovitz 72ee7c2501 Show raft protocol in list-peers command (#2929) 2017-04-19 15:01:40 -07:00
Kyle Havlovitz e97574fc4c
Fix help text on client cert/key options 2017-04-18 16:30:20 -07:00
mckennajones 1695506b1d
Added check to see if ui and ui-dir flags are both specified 2017-04-17 17:25:57 -07:00
Kyle Havlovitz 095b441ed4
Fix help text for -ca-path 2017-04-14 14:44:45 -07:00
Kyle Havlovitz cdd8b5b880
Add tls client options to api/cli 2017-04-14 13:37:29 -07:00
James Phillips 1129827f91 Merge pull request #2842 from vaLski/supress_sigpipe_logging
Supress signal logging on SIGPIPE. Should address #2768
2017-04-13 16:52:29 -07:00
James Phillips 1f40dc83e3
Updates static assets to pick up #2899. 2017-04-13 14:40:16 -07:00
James Phillips 86a69e8207 Merge pull request #2904 from hashicorp/non-host-id
Adds a new -disable-host-node-id option to help when testing with containers.
2017-04-13 10:49:05 -07:00
James Phillips 20bf47d2b4
Adds a new -disable-host-node-id option to help when testing with containers.
Fixes #2877.
2017-04-12 22:07:18 -07:00
Ralph Caraveo 8295809d79 Ensure to exit with a non-zero status code when a timeout occurs and we don't complete all the jobs. 2017-04-12 17:51:16 -07:00
Ralph Caraveo c06b72ba17 Fixed spelling for consul kv get command --help comments. 2017-04-12 17:31:57 -07:00
Alex Dadgar 13f026dec4 Hash host ID so its stable and well distributed
This PR takes the host ID and runs it through a hash so that it is well
distributed. This makes it so that machines that report similar host IDs
are easily distinguished.

Instances of similar IDs occur on EC2 where the ID is prefixed and on
motherboards created in the same batch.
2017-04-10 11:57:24 -07:00
James Phillips c7f7e969d7 Merge pull request #2854 from hashicorp/remote-exec
Changes `disable_remote_exec` default to true so remote exec is opt-in.
2017-03-30 10:29:09 -07:00
Kyle Havlovitz a2058d23ef
Add CLI/API endpoints for removing peer by ID 2017-03-30 10:13:32 -07:00
James Phillips ac90110396
Changes `disable_remote_exec` default to true so remote exec is opt-in. 2017-03-30 09:43:32 -07:00
James Phillips 4259ecd8bc
Disables agent-level enforcement on Consul agents unless acl_datacenter is set. 2017-03-29 12:24:42 -07:00
vaLentin chernoZemski 8aee2b805a Supress signal logging on SIGPIPE. Should address #2768
When consul-template is communicating with consul and the job is done, consul thread receives SIGPIPE.

This cause the logs to be filled "Caught signal: broken pipe" and they does not bring any usefull info with them.

Skipping those.
2017-03-29 09:46:58 +03:00
James Phillips 424d70ba5d
Cleans up a stray mark and fixes unit tests.
Ended up removing the leader_test.go server address change test as part
of this. The join was failing becase we were using a new node name with
the new logic here, but realized this was hitting some of the memberlist
conflict logic and not working as we expected. We need some additional
work to fully support address changes, so removed the test for now.
2017-03-27 01:28:54 -07:00
James Phillips dce84379b7
Fixes up some broken unit tests. 2017-03-24 17:35:07 -07:00
James Phillips f2211d2489
Keeps the service and check tokens around for deregistration.
We fixed a few related issues while we were in here. We now only let
services register checks with a matching token, and we also close out
service and check delete operations if the catalog deregister claims
it doesn't know about the ID of the service or check being deleted.
2017-03-24 17:15:20 -07:00
James Phillips c553e1d93a
Changes verson 8 ACLs to opt-out. 2017-03-24 12:12:24 -07:00
Seth Vargo 2efa3bdff8
Use new APIs 2017-03-23 18:48:13 -04:00
Seth Vargo 78bd562f41
Re-add RPC parsing
This makes the upgrade path a bit nicer, since people will likely have
older configurations. This prints out a warning instead of just failing
if the old rpc addr or ports definition is in the config.
2017-03-23 17:10:14 -04:00
James Phillips ab2b615265
Renames some operator unit tests. 2017-03-22 19:26:43 -07:00
Kyle Havlovitz 37ea20cb44
Add advanced autopilot features 2017-03-22 15:25:16 -07:00
James Phillips 36a0abe10f Merge pull request #2801 from hashicorp/spoken-hub-oss
Adds support for WAN soft fail and join flooding.
2017-03-20 16:24:07 -07:00
James Phillips 964a5e2b28
Updates to latest built-in static assets. 2017-03-20 10:18:47 -07:00
James Phillips 43d24b3ba0
Fixes RTT command to only compare coordinates in the same area. 2017-03-16 16:42:19 -07:00
James Phillips 28f8aa5559
Removes remoteConsuls in favor of the new router.
This has the next wave of RTT integration with the router and also
factors some common RTT-related helpers out to lib. While we were
in here we also got rid of the coordinate disable config so we don't
need to deal with the complexity in the router (there was never a
user-visible way to disable coordinates).
2017-03-16 16:42:19 -07:00
Kyle Havlovitz 006c6b93b3 Merge pull request #2802 from hashicorp/f-autopilot-improvements
Fix an issue with changing server ID when re-joining
2017-03-15 20:26:16 -07:00
Kyle Havlovitz bc0494e396
Reorganized cluster health check loop and logic 2017-03-15 18:27:17 -07:00
Kyle Havlovitz c40279e012
Fix an issue with changing server IDs and add a few UX enhancements around autopilot features 2017-03-15 16:09:55 -07:00
James Phillips 9b43b31900
Forces user-supplied node IDs to lower case for consistency. 2017-03-13 19:51:56 -07:00
Kyle Havlovitz b15d67bfac
Use defers for WaitGroup and Ticker stop 2017-03-10 12:29:03 -08:00
Kyle Havlovitz 8130f9b1c1
Cleaned up and reorganized some autopilot-related code 2017-03-09 18:21:40 -08:00
Kyle Havlovitz a7de1e2a3b
Move RaftStats to Status endpoint 2017-03-07 13:58:06 -08:00
Kyle Havlovitz 0606133b75
Merge branch 'master' into f-autopilot-2 2017-03-06 16:02:19 -08:00
Kyle Havlovitz 8bcab6c6d7
Add autopilot server health tracking
This adds two goroutines to perform autopilot tasks on the leader - one
to monitor the health of servers and another to periodically clean up
dead servers with a limit on removal count. Also adds a new http endpoint,
`/v1/operator/autopilot/health`, for querying this information through an
operator RPC endpoint.
2017-03-06 16:00:10 -08:00
Sean Chittenden c6feba6ab7 Revert "Change `ClientAddr` to default to `BindAddr` when not present." 2017-03-06 13:32:43 -08:00
Sean Chittenden e1ced1de30
Change `ClientAddr` to default to `BindAddr` when not present.
With this change, it is now possible to only specify the `-bind` or
`bind_addr` attributes and get a functioning consul agent.
2017-03-04 20:52:52 -08:00
James Phillips aba567273e Merge pull request #2690 from zeroae/f-simple-rfc2782
RFC 2782 support with optional .service tag
2017-03-02 14:49:36 -08:00
Kyle Havlovitz 44f0b08db7 Merge pull request #2771 from hashicorp/f-autopilot
Autopilot dead server cleanup, config, and raft version compatibility
2017-02-28 15:04:16 -08:00
Kyle Havlovitz 77785778bf Merge pull request #2774 from hashicorp/f-cli-deprecation-docs
Add CLI RPC deprecation section to docs
2017-02-28 14:59:48 -08:00
Kyle Havlovitz 23c492a74e
Rename DeadServerCleanup and make wording adjustments 2017-02-28 14:45:21 -08:00
Kyle Havlovitz 01fe3fb399
Fix up command and api tests 2017-02-28 14:12:55 -08:00
Kyle Havlovitz 3b67c50c1d
Remove the RPC client interface and update docs 2017-02-28 13:41:09 -08:00
Sean Chittenden 63402c6eaa
Follow the lead in 6fc901a8f3 and set the default `DisplayName` to `Consul` 2017-02-26 12:26:14 -08:00
Kyle Havlovitz 953baed324
Convert agent command to use base.Command 2017-02-24 18:11:05 -08:00
Kyle Havlovitz f7b6d776f4
Add cli docs and minor test/comment tweaks 2017-02-24 16:55:44 -08:00
Kyle Havlovitz 1e24ec51a7
Use BoolValue for flag type 2017-02-24 16:00:39 -08:00
Kyle Havlovitz 459e72b011
Merge branch 'master' into f-autopilot 2017-02-24 15:55:18 -08:00
Kyle Havlovitz 6168911200
Added operator autopilot subcommands 2017-02-24 15:54:49 -08:00
Kyle Havlovitz c9ddee1a79
Add CAS capability to autopilot config endpoint 2017-02-24 13:08:49 -08:00
James Phillips e92def21e1
Exports config functions from base. 2017-02-23 21:08:43 -08:00
James Phillips b59d136820
Exports visit function from base. 2017-02-23 21:01:06 -08:00
Kyle Havlovitz 56e22a719f
Add state store table and endpoints for autopilot 2017-02-23 20:32:13 -08:00
Kyle Havlovitz ae9fce0ae0
Move raft_protocol out of autopilot config 2017-02-23 13:08:40 -08:00
Kyle Havlovitz f9588b8d7f
Add raft version 2/3 compatibility 2017-02-22 12:53:32 -08:00
Kyle Havlovitz 3f05576cc8
Condense raft subcommand into one doc page 2017-02-16 11:44:14 -08:00
Kyle Havlovitz 2b12a43840
Split operator raft command into subcommands 2017-02-15 13:53:34 -08:00
Jeff Mitchell 15314c96d0 Update TestHTTPServer_UnixSocket with DialContext 2017-02-10 21:29:42 -05:00
Kyle Havlovitz 0262f009dd Merge pull request #2732 from hashicorp/f-validate-command
Deprecate configtest and add validate command
2017-02-10 20:34:09 -05:00
Kyle Havlovitz 9fc55909dc
Add -quiet flag to validate 2017-02-10 20:14:22 -05:00
Kyle Havlovitz 35d99a81ac
Update docs and give better error for unknown client scheme 2017-02-10 19:55:54 -05:00
Kyle Havlovitz 27ee6f974d
Update website docs for validate command 2017-02-10 19:38:38 -05:00
Kyle Havlovitz fcb2594fda
Deprecate the configtest command and add the validate command 2017-02-10 19:21:51 -05:00
Kyle Havlovitz bdb58adb80
Allow internal watches to use https and unix sockets 2017-02-10 18:38:39 -05:00
Kyle Havlovitz 91e960832f
Allow prefixing -http-addr with http/https schemes 2017-02-10 18:25:46 -05:00
Kyle Havlovitz 6692061761
Remove cli rpc functions 2017-02-10 13:57:02 -05:00
Kyle Havlovitz 854c09021e
Formatting fix in members output 2017-02-10 13:02:37 -05:00
Kyle Havlovitz 955d1b983d
Merge branch 'master' into f-cli-rework-3 2017-02-09 21:24:27 -05:00
Kyle Havlovitz a64c5e69a3
Cleanup and formatting adjustments 2017-02-09 20:49:17 -05:00
Kyle Havlovitz 65ad17a27d
Convert watch command to use base.Command 2017-02-09 20:36:01 -05:00
Kyle Havlovitz 1767a4dcb0
Add missing doc page for version command 2017-02-09 20:08:25 -05:00
Kyle Havlovitz 50f6c6a2bb
Convert snapshot command to use base.Command 2017-02-09 20:00:38 -05:00
Kyle Havlovitz bcdbc9175c
Convert rtt command to use base.Command 2017-02-09 19:38:06 -05:00
Kyle Havlovitz 520edc2e49
Convert reload command to use base.Command 2017-02-09 19:32:22 -05:00
Kyle Havlovitz 1a26907d01
Convert operator command to use base.Command 2017-02-09 18:19:34 -05:00
Kyle Havlovitz c78f62b83d
Convert monitor command to use base.Command 2017-02-09 17:31:52 -05:00
Kyle Havlovitz 7d72864531
Convert members command to use base.Command 2017-02-09 17:12:47 -05:00
Kyle Havlovitz 4be635d3a1
Convert maint command to use base.Command 2017-02-09 17:06:19 -05:00
Kyle Havlovitz e385af8eeb
Convert leave command to use base.Command 2017-02-09 16:48:12 -05:00
Kyle Havlovitz 2a82804c0c
Make join exit non-zero if no nodes were joined 2017-02-08 19:45:13 -05:00
Kyle Havlovitz b35acaac33
Convert kv commands to use base.Command 2017-02-08 19:26:24 -05:00
Kyle Havlovitz d3b24d2d12
Convert keyring command to use base.Command 2017-02-08 18:25:47 -05:00
Kyle Havlovitz 3a18373db7
Convert keygen command to use base.Command 2017-02-08 17:19:17 -05:00
Kyle Havlovitz 9e156286c7
Convert join command to use base.Command 2017-02-08 17:14:02 -05:00
Kyle Havlovitz a69f2a0faf
Convert info command to use base.Command 2017-02-08 16:58:04 -05:00
Kyle Havlovitz 89771b6075
Convert exec command to use base.Command 2017-02-08 16:57:46 -05:00
Kyle Havlovitz 6cc2299123
Convert event command to use base.Command 2017-02-08 16:56:58 -05:00
Kyle Havlovitz 0f20f06021
Small tweaks to base command 2017-02-07 20:56:49 -05:00
Kyle Havlovitz 2b02fb575b
Add utility types to enable checking for unset flags 2017-02-07 20:14:41 -05:00
Kyle Havlovitz 9e38fc1c84
Move command Meta to base.Command and split http options 2017-02-07 19:16:41 -05:00
Kyle Havlovitz e30b9ae5ba
Fix the check for displaying the command options 2017-02-06 23:45:58 -05:00
Kyle Havlovitz 0f796f0cba
Convert configtest and force-leave commands to use Meta 2017-02-06 20:50:51 -05:00
Kyle Havlovitz d6a5b7e63c
Merge branch 'master' into f-cli-rework 2017-02-06 13:46:44 -05:00
Kyle Havlovitz 4fc3bd3abf
Added -relay-factor param to keyring operations 2017-02-01 21:53:29 -05:00