Chelsea Holland Komlo
afe9f9a714
add rpc_upgrade_mode as config option for tls upgrades
2017-11-01 15:19:52 -05:00
Alex Dadgar
e5ec915ac3
sync
2017-09-19 10:08:23 -05:00
Michael Schurter
bbcea0dff9
Update consul/api and comment to custom http.Client
2017-05-30 15:11:32 -07:00
Michael Schurter
6f2ecdec27
Update consul/api and fix tls handling
...
Since I was already fixing consul's tls handling in #2645 I decided to
update consul/api and pre-emptively fix our tls handling against the
newest consul/api behavior. consul/api's handling of http.Transports has
improved but would have broken how we handled tls (again).
This would have made for a nasty surprise the next time we updated
consul/api.
2017-05-30 15:11:32 -07:00
Michael Schurter
a4e2463477
Fix consul.verify_ssl
...
Was getting ignored and would have defaulted to false if it wasn't
ignored.
Now defaults to true as per docs and isn't ignored.
2017-05-15 15:32:32 -07:00
Michael Schurter
85210eb92f
Update consul/api to support unix socket addrs
...
Fixes #2594
2017-05-08 11:57:04 -07:00
Pete Wildsmith
1b8a1614ca
reduce to one configuration option
...
There should be just one option, verify_https_client, which
controls incoming and outgoing validation for the HTTPS wrapper
2017-04-28 10:45:09 +01:00
Pete Wildsmith
c948d2ee27
apply gofmt
2017-04-26 18:58:19 +01:00
Pete Wildsmith
56b122c501
Add verification options to TLS config struct
2017-04-25 23:29:43 +01:00
Alex Dadgar
7fae2d2cea
Fix Consul Config Merging/Copying
...
This PR fixes config merging/copying code.
Fixes https://github.com/hashicorp/nomad/issues/2264
2017-02-02 11:12:07 -08:00
Alex Dadgar
9c75ec7f57
Add role to merge test
2017-02-01 16:37:08 -08:00
taylorchu
fd34c03d47
TWEAK: remove else block in tls handling
2017-01-26 14:03:32 -08:00
taylorchu
4453a292a2
BUGFIX: fix consul verify_ssl merging
2017-01-25 16:19:39 -08:00
Alex Dadgar
606bb30863
Merge pull request #2226 from hashicorp/b-vault
...
Improve Vault integration and validation
2017-01-23 14:59:41 -08:00
Alex Dadgar
fb86904902
Check capabilities, allow creation against role
...
Check the capabilities of the Vault token to ensure it is valid and also
allow targetting of a role that the token is not from.
2017-01-19 13:40:32 -08:00
Diptanu Choudhury
e927de02d2
Moved functions to helper from structs
2017-01-18 15:55:14 -08:00
Diptanu Choudhury
c253f5b17d
Fixed merging consul config
2017-01-05 15:15:43 -08:00
Diptanu Choudhury
15f085a4d7
Merge pull request #1931 from hashicorp/rename-vault-config
...
Rename vault config
2016-11-06 10:14:25 -08:00
Diptanu Choudhury
40b9d3bb2d
Fixed comment
2016-11-03 14:45:03 -07:00
Diptanu Choudhury
22681bd8ce
Making AllowUnauthenticated true by default
2016-11-03 14:38:34 -07:00
Diptanu Choudhury
b6f9df5415
Renaming TLS related vault config
2016-11-03 14:24:39 -07:00
Alex Dadgar
ddf5fb82b5
Small cleanups
2016-10-27 10:51:11 -07:00
Diptanu Choudhury
cf35aeac84
Moving the TLSConfig to structs
2016-10-25 15:57:38 -07:00
Alex Dadgar
751aa114bf
Fix Vault parsing of booleans
2016-10-10 18:04:39 -07:00
Diptanu Choudhury
f8cd51b6e9
Enabling vault if token is present
2016-08-18 12:03:50 -07:00
Alex Dadgar
a8efce874f
Token renewal and beginning of tests
2016-08-17 16:25:38 -07:00
Alex Dadgar
713e310670
Renew loop
2016-08-17 16:25:38 -07:00
Alex Dadgar
750a44b2c0
Create a Vault interface for the server
2016-08-17 16:25:38 -07:00
Alex Dadgar
6e2f0a2776
Server has Vault API client
2016-08-17 16:25:38 -07:00
Alex Dadgar
4135b4ece7
Address field name feedback
2016-08-17 16:23:29 -07:00
Alex Dadgar
7d899b6c60
Pass Vault config to client
2016-08-17 16:23:29 -07:00
Alex Dadgar
eac2675faf
Add enabled field
2016-08-17 16:23:29 -07:00
Alex Dadgar
1584cfe93e
small fixes
2016-08-17 16:23:29 -07:00
Alex Dadgar
0ca4a9fa4f
Change token/role names
2016-08-17 16:23:29 -07:00
Alex Dadgar
adb3ce847f
change config variable names to match vault
2016-08-17 16:23:29 -07:00
Alex Dadgar
fab7893774
vendor + api
2016-08-17 16:23:29 -07:00
Alex Dadgar
b32128aa23
Initial config block
2016-08-17 16:23:29 -07:00
Sean Chittenden
871a31a8ec
Teach config.ConsulConfig how to construct a consulapi TLS client.
...
Said differently, centralize the creation of consul's client config
in one place and use it everywhere.
2016-06-16 22:51:06 -07:00
Sean Chittenden
d17af396ca
Create config.DefaultConsulConfig()
2016-06-16 20:41:05 -07:00
Alex Dadgar
aea21affdb
Document consul configuration
2016-06-14 15:21:57 -07:00
Sean Chittenden
6e22b680ce
Disambiguate `auto_join` from `auto_register`, rename reg to `auto_advertise`.
...
Provide an option that describes the value to the user vs the
operation performed by the software. Momentarily introducing
`auto_join`
2016-06-14 12:11:38 -07:00
Sean Chittenden
197feae679
Sync services with Consul by comparing the AgentServiceReg w/ ConsulService
...
The source of truth is the local Nomad Agent. Any services not local that
have a matching prefix are removed. Changed services are re-registered
and missing services are re-added.
2016-06-10 15:54:39 -04:00
Sean Chittenden
e727fd8c3c
Centralize the creation of a consul/api.Config struct.
...
While documented, the consul.timeout parameter wasn't ever set
except one-off in the Consul fingerprinter.
2016-06-10 15:50:11 -04:00
Sean Chittenden
f695d6d70d
Reconcile consul's address configuration section.
...
There were conflicting directives previously, both consul.addr and
consul.address were required to achieve the desired behavior. The
documentation said `consul.address` was the canonical name for the
parameter, so consolidate configuration parameters to `consul.address`.
2016-06-10 15:50:11 -04:00
Sean Chittenden
17116fc5a7
Rebalance Nomad client RPCs among different Nomad servers.
...
Implement client/rpc_proxy.RpcProxy.
2016-06-10 15:50:11 -04:00
Sean Chittenden
b509da2d0c
Create a `nomad/structs/config` to break an import cycle.
...
Flattening and normalizing the various Consul config structures and
services has led to an import cycle. Break this by creating a new package
that is intended to be terminal in the import DAG.
2016-06-10 15:48:36 -04:00