Go to file
Hans Hasselberg 315ba7d6ad
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates.
This PR adds a check that renews the cert if it is half way through its validity period.

In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.
2020-01-17 23:27:13 +01:00
.circleci CI: Extract remaining values of /tmp/test-results into yaml reference (#6964) 2019-12-17 15:18:10 -08:00
.github Add contributing dir with Config file checklist (#7017) 2020-01-14 12:24:03 +00:00
acl Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
agent connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
api connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support ui: Upgrade tooling to node 10 now we are on a more recent ember (#6610) 2019-12-18 12:26:40 +00:00
command connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
connect Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
contributing Add contributing dir with Config file checklist (#7017) 2020-01-14 12:24:03 +00:00
demo demo: Added udp port forwarding 2018-05-30 13:56:56 +09:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib agent: fewer file local differences between enterprise and oss (#6820) (#6898) 2019-12-06 21:35:58 +01:00
logger log: handle discard all logfiles properly (#6945) 2019-12-18 22:31:22 +01:00
sdk connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
sentinel Miscellaneous Fixes (#6896) 2019-12-06 14:01:34 -05:00
service_os Changes made : 2018-06-28 21:18:14 -04:00
snapshot Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
terraform terraform: remove modules in repo (#5085) 2019-04-04 16:31:43 -07:00
test Allow configuration of upstream connection limits in Envoy (#6829) 2019-12-03 14:13:33 -06:00
testrpc connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
tlsutil tests: switch to WithinDuration to improve test (#6860) 2019-12-13 17:42:42 +01:00
types Removes remoteConsuls in favor of the new router. 2017-03-16 16:42:19 -07:00
ui-v2 ui: Make sure that the namespace is passed when changing a token via [Use] (#6973) 2019-12-20 14:57:10 +00:00
vendor dns: fix memoryleak by upgrading outdated miekg/dns (#6748) 2019-12-16 22:31:27 +01:00
version Release v1.7.0-beta2 2019-12-20 17:16:53 +00:00
website connect: check if intermediate cert needs to be renewed. (#6835) 2020-01-17 23:27:13 +01:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore .gitignore: cut IDE-specific entries, cleanup (#7083) 2020-01-17 11:06:33 -08:00
CHANGELOG.md Update CHANGELOG.md 2020-01-17 09:55:59 -05:00
GNUmakefile Add CI test-integrations job for connect Vault CA provider (#6949) 2019-12-17 13:22:32 -08:00
INTERNALS.md Add contributing dir with Config file checklist (#7017) 2020-01-14 12:24:03 +00:00
LICENSE Initial commit 2013-11-04 14:15:27 -08:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md fix dead link in INTERNALS.md 2019-11-08 09:35:53 -08:00
Vagrantfile Adds a basic Linux Vagrant setup, stolen from Nomad. 2017-10-06 08:10:12 -07:00
codecov.yml coverage: disable comment and project status, set informational mode (#6954) 2019-12-17 11:51:52 -05:00
go.mod dns: fix memoryleak by upgrading outdated miekg/dns (#6748) 2019-12-16 22:31:27 +01:00
go.sum dns: fix memoryleak by upgrading outdated miekg/dns (#6748) 2019-12-16 22:31:27 +01:00
main.go Added Side Effect import for Windows Service 2018-06-18 14:55:11 -04:00
main_test.go Adding basic CLI infrastructure 2013-12-19 11:22:08 -08:00

README.md

Consul CircleCI Discuss

Consul is a tool for service discovery and configuration. Consul is distributed, highly available, and extremely scalable.

Consul provides several key features:

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization.

Consul runs on Linux, Mac OS X, FreeBSD, Solaris, and Windows. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

An extensive quick start is viewable on the Consul website:

https://www.consul.io/intro/getting-started/install.html

Documentation

Full, comprehensive documentation is viewable on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.