9f8991e0cc
Fix issue with choosing a client addr that is 0.0.0.0 or ::
2018-07-16 16:30:15 -04:00
0a365b1a4f
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
...
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
eccadda019
Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing
2018-07-12 07:49:23 -04:00
240e2affcd
Use type switch instead of .Network for more reliably detecting UnixAddrs
2018-07-12 07:30:17 -04:00
09ff064bc7
Look specifically for tcp instead of unix
...
Add runtime -> api.Config tests
2018-07-11 17:25:36 -04:00
1e5e9fd8cd
PR Updates
...
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
358e6c8f6a
Pass around an API Config object and convert to env vars for the managed proxy
2018-07-10 12:13:51 -04:00
382bec0897
Added async-cache with similar behaviour as extend-cache but asynchronously
2018-07-01 23:50:30 +02:00
1da3c42867
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
ca68136ac7
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
6deadef6bd
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
ced9b2bee4
Expose telemetry config from RuntimeConfig to proxy config endpoint
2018-06-25 12:25:38 -07:00
2df422e1e5
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
a8ec3064f5
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
a7690301f9
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
6c77f7883e
Misc comment cleanups
2018-06-25 12:24:16 -07:00
3bac52480e
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
9cea27c66e
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
536f31571b
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
02ab461dae
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
2167713226
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
c2266b134a
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
78e48fd547
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
6604828009
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
e28c5fbb4e
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
eb4bc79118
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
e342ced97b
Clearer documentation and comments for enabling Prometheus support
2018-04-09 13:16:45 +02:00
2e495ec8a6
Now use prometheus_retention_time > 0 to enable prometheus support
2018-04-06 14:21:05 +02:00
583744d8c5
Added support exposing metrics in Prometheus format
2018-04-06 09:18:06 +02:00
8fbe3dfceb
Adds discovery_max_stale ( #4004 )
...
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
532cafe0af
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
44cc334fc4
config: address review comments
2017-10-23 08:05:47 +02:00
28083cb330
config: document remaining config options
2017-10-23 08:04:03 +02:00
b2c2386d75
config: document more config options
2017-10-23 08:04:03 +02:00
7b1f4d5838
config: document more config options
2017-10-23 08:04:03 +02:00
b01702f129
config: document more acl options
2017-10-23 08:04:03 +02:00
32ed645df5
config: document config options
2017-10-23 08:04:03 +02:00
3d68185206
config: document acl options
2017-10-23 08:04:03 +02:00
4fc973a256
config: document autopilot options
2017-10-23 08:04:03 +02:00
66e1b9fb64
config: document dns options
2017-10-23 08:04:03 +02:00
dc4e90e6c0
config: document http options
2017-10-23 08:04:03 +02:00
018b8d66d6
config: document telemetry options
2017-10-23 08:04:03 +02:00
9b2e3c2091
agent: add option to discard health output ( #3562 )
...
* agent: add option to discard health output
In high volatile environments consul will have checks with "noisy"
output which changes every time even though the status does not change.
Since the output is stored in the raft log every health check update
unblocks a blocking call on health checks since the raft index has
changed even though the status of the health checks may not have changed
at all. By discarding the output of the health checks the users can
choose a different tradeoff. Less visibility on why a check failed in
exchange for a reduced change rate on the raft log.
* agent: discard output also when adding a check
* agent: add test for discard check output
* agent: update docs
* go vet
* Adds discard_check_output to reloadable config table.
* Updates the change log.
2017-10-10 17:04:52 -07:00
d1ad538345
Makes RPC handling more robust when rolling servers. ( #3561 )
...
* Adds client-side retry for no leader errors.
This paves over the case where the client was connected to the leader
when it loses leadership.
* Adds a configurable server RPC drain time and a fail-fast path for RPCs.
When a server leaves it gets removed from the Raft configuration, so it will
never know who the new leader server ends up being. Without this we'd be
doomed to wait out the RPC hold timeout and then fail. This makes things fail
a little quicker while a sever is draining, and since we added a client retry
AND since the server doing this has already shut down and left the Serf LAN,
clients should retry against some other server.
* Makes the RPC hold timeout configurable.
* Reorders struct members.
* Sets the RPC hold timeout default for test servers.
* Bumps the leave drain time up to 5 seconds.
* Robustifies retries with a simpler client-side RPC hold.
* Reverts untended delete.
2017-10-10 15:19:50 -07:00
0063516e5e
Update metric names and add a legacy config flag
2017-10-04 16:43:27 -07:00
d5acfc3982
Introduces new 'list' permission that applies to KV store recursive reads, and enforced only when opted in.
2017-10-02 17:10:21 -05:00
d677999258
Adds a comment about Datacenter and NodeName being stable interfaces
...
in the runtime config strucutre.
2017-09-27 11:59:22 -07:00
Matt Keeler