Go to file
R.B. Boyer d860384731
server: partly fix config entry replication issue that prevents replication in some circumstances (#12307)
There are some cross-config-entry relationships that are enforced during
"graph validation" at persistence time that are required to be
maintained. This means that config entries may form a digraph at times.

Config entry replication procedes in a particular sorted order by kind
and name.

Occasionally there are some fixups to these digraphs that end up
replicating in the wrong order and replicating the leaves
(ingress-gateway) before the roots (service-defaults) leading to
replication halting due to a graph validation error related to things
like mismatched service protocol requirements.

This PR changes replication to give each computed change (upsert/delete)
a fair shot at being applied before deciding to terminate that round of
replication in error. In the case where we've simply tried to do the
operations in the wrong order at least ONE of the outstanding requests
will complete in the right order, leading the subsequent round to have
fewer operations to do, with a smaller likelihood of graph validation
errors.

This does not address all scenarios, but for scenarios where the edits
are being applied in the wrong order this should avoid replication
halting.

Fixes #9319

The scenario that is NOT ADDRESSED by this PR is as follows:

1. create: service-defaults: name=new-web, protocol=http
2. create: service-defaults: name=old-web, protocol=http
3. create: service-resolver: name=old-web, redirect-to=new-web
4. delete: service-resolver: name=old-web
5. update: service-defaults: name=old-web, protocol=grpc
6. update: service-defaults: name=new-web, protocol=grpc
7. create: service-resolver: name=old-web, redirect-to=new-web

If you shutdown dc2 just before (4) and turn it back on after (7)
replication is impossible as there is no single edit you can make to
make forward progress.
2022-02-23 17:27:48 -06:00
.changelog server: partly fix config entry replication issue that prevents replication in some circumstances (#12307) 2022-02-23 17:27:48 -06:00
.circleci ci: Fix merge conflicts cleanly (#12249) 2022-02-14 23:12:36 -05:00
.github ci: fix stalebot config (#12346) 2022-02-15 11:13:32 -08:00
.release Update security scanner (#12281) 2022-02-07 12:53:46 -08:00
acl Refactor to make ACL errors more structured. (#12308) 2022-02-11 12:53:23 -08:00
agent server: partly fix config entry replication issue that prevents replication in some circumstances (#12307) 2022-02-23 17:27:48 -06:00
api fix godoc comment for Namespaces client method 2022-02-18 04:15:55 +00:00
bench
build-support Fix build script (#12367) 2022-02-16 11:52:44 -08:00
command debug: update CLI docs 2022-02-15 18:16:12 -05:00
connect bulk rewrite using this script 2022-01-20 10:46:23 -06:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
docs Add 7th check registration flow to docs 2022-02-11 15:11:22 -05:00
grafana
internal testing: remove unnecessary calls to freeport 2021-11-29 12:19:43 -05:00
ipaddr
lib Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
logging bulk rewrite using this script 2022-01-20 10:46:23 -06:00
proto streaming: split event buffer by key (#12080) 2022-01-28 12:27:00 +00:00
sdk raft: update to v1.3.5 (#12325) 2022-02-14 13:48:52 -06:00
sentinel re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
service_os re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
terraform
test connect: Upgrade Envoy 1.20 to 1.20.1 (#11895) 2022-01-18 14:35:27 -05:00
testrpc ca: remove unused provider.ActiveRoot call 2022-01-06 16:56:48 -05:00
tlsutil regenerate expired certs (#11462) 2021-11-01 11:40:16 -04:00
types ingress: allow setting TLS min version and cipher suites in ingress gateway config entries (#11576) 2022-01-11 11:46:42 -05:00
ui ui: Transition App Chrome to use new Disclosure Menus (#12334) 2022-02-21 12:22:59 +00:00
version update main to reflect it is v1.12.0-dev (#12157) 2022-01-21 15:03:11 -06:00
website Adding documentation to store Enterprise License in Vault (#12375) 2022-02-23 14:20:45 -07:00
.dockerignore
.gitattributes
.gitignore website: remove netlify artifacts and port missing redirects over to new format (#9601) 2021-01-21 10:16:17 -05:00
.golangci.yml ci: Add explanation in forbidigo (#12140) 2022-01-20 13:07:10 -05:00
CHANGELOG.md Add missing enhancement entries to appropriate spot in CHANGELOG (#12380) 2022-02-17 19:22:03 -08:00
Dockerfile Update docker image base to alpine:3.15 (#12276) 2022-02-04 13:56:39 -08:00
GNUmakefile ensure make dev target puts the newly constructed binary onto the PATH (#12318) 2022-02-11 10:45:37 -06:00
INTERNALS.md Move contributing to docs 2021-08-30 16:17:09 -04:00
LICENSE
NOTICE.md
README.md Adjust README header to work in light and dark modes 2022-02-07 16:46:46 -08:00
Vagrantfile
codecov.yml
go.mod file watcher to be used for configuration auto-reload feature (#12301) 2022-02-21 11:36:52 -05:00
go.sum file watcher to be used for configuration auto-reload feature (#12301) 2022-02-21 11:36:52 -05:00
main.go cmd: introduce a shim to expose Stdout/Stderr writers 2021-06-02 16:51:34 -04:00
main_test.go
package-lock.json Adding UI screenshots to L7 overview 2022-01-10 14:34:00 -05:00

README.md

Consul logo Consul

Docker Pulls Go Report Card

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh/Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.