Commit Graph

97 Commits

Author SHA1 Message Date
Frank Schröder 69a088ca85 New config parser, HCL support, multiple bind addrs (#3480)
* new config parser for agent

This patch implements a new config parser for the consul agent which
makes the following changes to the previous implementation:

 * add HCL support
 * all configuration fragments in tests and for default config are
   expressed as HCL fragments
 * HCL fragments can be provided on the command line so that they
   can eventually replace the command line flags.
 * HCL/JSON fragments are parsed into a temporary Config structure
   which can be merged using reflection (all values are pointers).
   The existing merge logic of overwrite for values and append
   for slices has been preserved.
 * A single builder process generates a typed runtime configuration
   for the agent.

The new implementation is more strict and fails in the builder process
if no valid runtime configuration can be generated. Therefore,
additional validations in other parts of the code should be removed.

The builder also pre-computes all required network addresses so that no
address/port magic should be required where the configuration is used
and should therefore be removed.

* Upgrade github.com/hashicorp/hcl to support int64

* improve error messages

* fix directory permission test

* Fix rtt test

* Fix ForceLeave test

* Skip performance test for now until we know what to do

* Update github.com/hashicorp/memberlist to update log prefix

* Make memberlist use the default logger

* improve config error handling

* do not fail on non-existing data-dir

* experiment with non-uniform timeouts to get a handle on stalled leader elections

* Run tests for packages separately to eliminate the spurious port conflicts

* refactor private address detection and unify approach for ipv4 and ipv6.

Fixes #2825

* do not allow unix sockets for DNS

* improve bind and advertise addr error handling

* go through builder using test coverage

* minimal update to the docs

* more coverage tests fixed

* more tests

* fix makefile

* cleanup

* fix port conflicts with external port server 'porter'

* stop test server on error

* do not run api test that change global ENV concurrently with the other tests

* Run remaining api tests concurrently

* no need for retry with the port number service

* monkey patch race condition in go-sockaddr until we understand why that fails

* monkey patch hcl decoder race condidtion until we understand why that fails

* monkey patch spurious errors in strings.EqualFold from here

* add test for hcl decoder race condition. Run with go test -parallel 128

* Increase timeout again

* cleanup

* don't log port allocations by default

* use base command arg parsing to format help output properly

* handle -dc deprecation case in Build

* switch autopilot.max_trailing_logs to int

* remove duplicate test case

* remove unused methods

* remove comments about flag/config value inconsistencies

* switch got and want around since the error message was misleading.

* Removes a stray debug log.

* Removes a stray newline in imports.

* Fixes TestACL_Version8.

* Runs go fmt.

* Adds a default case for unknown address types.

* Reoders and reformats some imports.

* Adds some comments and fixes typos.

* Reorders imports.

* add unix socket support for dns later

* drop all deprecated flags and arguments

* fix wrong field name

* remove stray node-id file

* drop unnecessary patch section in test

* drop duplicate test

* add test for LeaveOnTerm and SkipLeaveOnInt in client mode

* drop "bla" and add clarifying comment for the test

* split up tests to support enterprise/non-enterprise tests

* drop raft multiplier and derive values during build phase

* sanitize runtime config reflectively and add test

* detect invalid config fields

* fix tests with invalid config fields

* use different values for wan sanitiziation test

* drop recursor in favor of recursors

* allow dns_config.udp_answer_limit to be zero

* make sure tests run on machines with multiple ips

* Fix failing tests in a few more places by providing a bind address in the test

* Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder.

* Add porter to server_test.go to make tests there less flaky

* go fmt
2017-09-25 11:40:42 -07:00
Kyle Havlovitz 107d7f6c5a
Add rpc_listener option to segment config 2017-08-30 11:58:29 -07:00
Illirgway 46915108e7 Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places
example: https://github.com/hashicorp/consul/blob/master/watch/plan.go#L26

	conf := consulapi.DefaultConfig()
	conf.Address = address
	conf.Datacenter = p.Datacenter
	conf.Token = p.Token                             # <-- replace Token from DefaultConfig/CONSUL_HTTP_AUTH with ""
	client, err := consulapi.NewClient(conf)

how to reproduce bug:
0. consul -> localhost:8500 with more than 0 service checks
1. deny all for anonymous token
2. create appropriate acl <token> for watch checks (agent:read + node:read,service:read)
3. bash:
CONSUL_HTTP_AUTH=<token> consul watch -http-addr=localhost:8500 -type=checks # --> return []
consul watch -http-addr=localhost:8500 -type=checks -token=<token> # -> return { .... right json result .... }
2017-08-16 01:51:18 +03:00
James Phillips f5188dfe8c Expands and rework context support in the API client. (#3273) 2017-07-14 17:30:08 -07:00
Preetha Appan 82bf05c888 Fix socket file handle leaks from old blocking queries upon consul reload. This fixes issue #3018 2017-06-26 15:52:03 -05:00
James Phillips 6239c4aa50 Merge pull request #3077 from jwasinger/issue-2850
Prevent Session.Destroy from leaving open TCP connections
2017-06-02 21:43:55 -07:00
Jared Wasinger 7d006ba4ed Prevent Session.Destroy from leaving open TCP connections 2017-05-25 20:51:27 -07:00
Kyle Havlovitz 6092d2c2cc
Don't overwrite Transport's TLS config if it's been set 2017-05-24 13:45:19 -07:00
Kyle Havlovitz 32068f7025 Remove superfluous default HttpClient check in NewClient 2017-05-24 11:40:21 -07:00
Frank Schroeder 9de4555c0c golint: Untangle if blocks with return in else 2017-04-25 09:26:13 -07:00
Kyle Havlovitz bd9b0b34b2 Make the API client's httpClient more pluggable (#2926) 2017-04-18 16:39:23 -07:00
Kyle Havlovitz cdd8b5b880
Add tls client options to api/cli 2017-04-14 13:37:29 -07:00
Jeff Mitchell 726590367f Update unix dial functions to use DialContext with new go-cleanhttp 2017-02-10 21:11:21 -05:00
Kyle Havlovitz 35d99a81ac
Update docs and give better error for unknown client scheme 2017-02-10 19:55:54 -05:00
Kyle Havlovitz 91e960832f
Allow prefixing -http-addr with http/https schemes 2017-02-10 18:25:46 -05:00
Kyle Havlovitz a64c5e69a3
Cleanup and formatting adjustments 2017-02-09 20:49:17 -05:00
Kyle Havlovitz d3b24d2d12
Convert keyring command to use base.Command 2017-02-08 18:25:47 -05:00
Kyle Havlovitz 15f008b3e3
Update client api and docs for node metadata 2017-01-11 19:28:58 -05:00
James Phillips b672fea37b Merge pull request #2238 from hasyimibhar/master
Remove duplicated environment variables
2016-11-17 16:18:02 -08:00
James Phillips bc333335be
Adds an `X-Consul-Translate-Addresses` to signal translation is enabled. 2016-08-16 11:31:41 -07:00
Hasyimi Bahrudin 818d2f1d64 Add api environment variables as constants for consistency 2016-08-03 14:40:31 +08:00
Hasyimi Bahrudin b2ad8114fe Remove redundant hardcoded environment variables
The following hardcoded environment variables are removed:

* CONSUL_RPC_ADDR
* CONSUL_HTTP_ADDR
2016-08-03 14:40:26 +08:00
Jeff Mitchell c878aba90c Use header to send Consul token rather than query param. 2016-08-02 16:54:59 -04:00
James Phillips c64f9c13d9 Improves the comment for the Address field. 2016-03-24 11:33:44 -07:00
James Phillips 512cb6ebf7 Adds TLS config helper to API client. 2016-03-24 11:24:18 -07:00
James Phillips 1cf1664392 Switches default for API client to pooled connections. 2016-03-10 12:29:50 -08:00
James Phillips dd4610e917 Factors server error checking into a new function. 2016-01-06 11:35:16 -08:00
James Phillips cab27440e1 Makes the API behave better with small wait values. 2016-01-06 11:05:11 -08:00
James Phillips 09478b68ed Builds the insecure SSL transport off the clean default transport. 2015-12-17 12:15:18 -08:00
Jeff Mitchell e363c023d7 Revert "Adds client and transport pooling in the API so we don't leak connections." 2015-12-17 10:56:50 -05:00
James Phillips 79aabd0b9e Makes the insecure transport work like the default one. 2015-12-17 06:48:18 -08:00
James Phillips c981bdef8c Adds client and transport pooling in the API so we don't leak connections. 2015-12-16 22:27:07 -08:00
James Phillips dc1c22f895 Adds support for coordinates to client API. 2015-10-23 15:23:01 -07:00
Jeff Mitchell 9267f956a2 Update cleanhttp repo location 2015-10-22 14:14:22 -04:00
Jeff Mitchell 06bb9d5f36 Use cleanhttp to get rid of DefaultTransport 2015-10-22 10:47:50 -04:00
Jeff Mitchell 9cddc187b5 Don't use http.DefaultClient
Two of the changes are in tests; the one of consequence is in the API.
As explained in #1308 this can cause conflicts with downstream programs.

Fixes #1308.
2015-10-15 17:49:35 -04:00
Dale Wijnand c5168e1263 Fix a bunch of typos. 2015-09-15 13:22:08 +01:00
Seth Vargo 51a6ecd826 Read select environment variables when generating the default configuration 2015-03-18 11:12:10 -04:00
Armon Dadgar 6f48e58014 api: Refactoring into shared write logic 2015-02-18 15:15:02 -08:00
Armon Dadgar 69d8b46fa5 api: Refactoring into shared query logic 2015-02-18 15:15:02 -08:00
Ryan Uber 5137388d43 Merge pull request #608 from imkira/fixBodyLeak
fixed: body not closed for non HTTP 200 responses
2015-01-19 09:33:06 -08:00
Mário Freitas 90b74ee4e2 fixed: requireOK should close Body on error 2015-01-19 11:53:21 +09:00
Ryan Uber ad19c0afc2 agent: beginning refactor 2015-01-16 00:45:03 -08:00
Jeff Mitchell 9bd66c70e5 Ensure a socket is created for permissions adjustment tests and fix some
items pointed out in the code review

This code is copyright 2014 Akamai Technologies, Inc. <opensource@akamai.com>
2015-01-15 14:33:44 +00:00
Jeff Mitchell 400eadd671 RPC and HTTP interfaces fully generically-sockified so Unix is supported.
Client works for RPC; will honor CONSUL_RPC_ADDR. HTTP works via consul/api;
honors CONSUL_HTTP_ADDR.

The format of a Unix socket in configuration data is:
"unix://[/path/to/socket];[username or uid];[gid];[mode]"

Obviously, the user must have appropriate permissions to create the socket
file in the given path and assign the requested uid/gid. Also note that Go does
not support gid lookups from group name, so gid must be numeric. See
https://codereview.appspot.com/101310044

When connecting from the client, the format is just the first part of the
above line:
"unix://[/path/to/socket]"

This code is copyright 2014 Akamai Technologies, Inc. <opensource@akamai.com>
2015-01-14 19:31:21 +00:00
Ryan Uber c9b230d25f Import HTTP basic auth patch from armon/consul-api#16 2015-01-07 13:01:44 -08:00
Ryan Uber 5172b21ee8 api: initial import from armon/consul-api 2015-01-06 10:40:00 -08:00