luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent
History
Matt Keeler a7c4b7af7c
Fix CA Replication when ACLs are enabled (#6201) 
Secondary CA initialization steps are:

• Wait until the primary will be capable of signing intermediate certs. We use serf metadata to check the versions of servers in the primary which avoids needing a token like the previous implementation that used RPCs. We require at least one alive server in the primary and the all alive servers meet the version requirement.
• Initialize the secondary CA by getting the primary to sign an intermediate

When a primary dc is configured, if no existing CA is initialized and for whatever reason we cannot initialize a secondary CA the secondary DC will remain without a CA. As soon as it can it will initialize the secondary CA by pulling the primaries roots and getting the primary to sign an intermediate.

This also fixes a segfault that can happen during leadership revocation. There was a spot in the secondaryCARootsWatch that was getting the CA Provider and executing methods on it without nil checking. Under normal circumstances it wont be nil but during leadership revocation it gets nil'ed out. Therefore there is a period of time between closing the stop chan and when the go routine is actually stopped where it could read a nil provider and cause a segfault.
 		2019-07-26 15:57:57 -04:00
..
ae
cache Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
cache-types add test for discovery chain agent cache-type (#6130) 2019-07-15 10:09:52 -05:00
checks Merge Consul OSS branch 'master' at commit ef257b084d2e2a474889518440515e360d0cd990 2019-07-20 02:00:29 +00:00
config Merge Consul OSS branch master at commit b3541c4f34d43ab92fe52256420759f17ea0ed73 2019-07-26 10:34:24 -05:00
connect Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
consul Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
debug
exec
local Flaky test overhaul (#6100) 2019-07-12 09:52:26 -06:00
metadata
mock
pool tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
proxycfg connect: rework how the service resolver subset OnlyPassing flag works (#6173) 2019-07-23 20:20:24 -05:00
proxyprocess Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
router Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
structs Merge Consul OSS branch master at commit b3541c4f34d43ab92fe52256420759f17ea0ed73 2019-07-26 10:34:24 -05:00
systemd
token ACL Token Persistence and Reloading (#5328) 2019-02-27 14:28:31 -05:00
xds connect: allow L7 routers to match on http methods (#6164) 2019-07-23 20:56:39 -05:00
acl.go
acl_endpoint.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
acl_endpoint_test.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
agent.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_endpoint_test.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_test.go Allow raft TrailingLogs to be configured. (#6186) 2019-07-23 15:19:57 +01:00
bindata_assetfs.go update bindata_assetfs.go 2019-07-25 23:41:16 +00:00
blacklist.go
blacklist_test.go
catalog_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
catalog_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
check.go
config.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
config_endpoint.go Centralized Config CLI (#5731) 2019-04-30 16:27:16 -07:00
config_endpoint_test.go handle structs.ConfigEntry decoding similarly to api.ConfigEntry decoding (#6106) 2019-07-12 12:20:30 -05:00
connect_auth.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
connect_ca_endpoint.go
connect_ca_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
coordinate_endpoint.go
coordinate_endpoint_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
dns.go Merge Consul OSS branch 'master' at commit e91f73f59249f5756896b10890e9298e7c1fbacc 2019-06-30 02:00:31 +00:00
dns_test.go Merge Consul OSS branch 'master' at commit e91f73f59249f5756896b10890e9298e7c1fbacc 2019-06-30 02:00:31 +00:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go
event_endpoint_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
health_endpoint.go Filter non-passing nodes without modifying cache 2019-04-16 10:29:34 -06:00
health_endpoint_test.go Merge branch 'master' into release/1-6 2019-07-12 14:51:25 -07:00
http.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
http_oss.go Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122) 2019-07-12 12:21:25 -05:00
http_oss_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
http_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
intentions_endpoint.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intentions_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
internal_endpoint.go Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122) 2019-07-12 12:21:25 -05:00
keyring.go
keyring_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
kvs_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
kvs_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
notify.go
notify_test.go
operator_endpoint.go
operator_endpoint_test.go Merge pull request #5376 from hashicorp/fix-tests 2019-04-04 17:09:32 -04:00
prepared_query_endpoint.go
prepared_query_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
remote_exec.go
remote_exec_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
retry_join.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
retry_join_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
service_manager.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
service_manager_test.go Add integration test for central config; fix central config WIP (#5752) 2019-05-01 16:39:31 -07:00
session_endpoint.go
session_endpoint_test.go tests: actually have TestSessionTTLRenew sleep during execution (#5669) 2019-04-17 15:52:23 -05:00
sidecar_service.go Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
sidecar_service_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go
snapshot_endpoint_test.go add wait to TestSnapshot 2019-02-22 17:34:45 -05:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
testagent.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
testagent_test.go
translate_addr.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
txn_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
txn_endpoint_test.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
ui_endpoint.go Implement Kind based ServiceDump and caching of the ServiceDump RPC 2019-07-01 16:28:30 -04:00
ui_endpoint_test.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
user_event.go
user_event_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
util.go
util_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
watch_handler.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00
watch_handler_test.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00