Commit Graph

60 Commits

Author SHA1 Message Date
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
Alex Dadgar 701f462d33 remove atlas 2017-11-02 11:27:21 -07:00
Chelsea Holland Komlo afe9f9a714 add rpc_upgrade_mode as config option for tls upgrades 2017-11-01 15:19:52 -05:00
Alex Dadgar c1cc51dbee sync 2017-10-13 14:36:02 -07:00
Alex Dadgar e5ec915ac3 sync 2017-09-19 10:08:23 -05:00
Chelsea Holland Komlo 035fab0c8d enabling prometheus metrics should be a config option 2017-09-13 19:21:21 +00:00
Chelsea Holland Komlo 66fa05405a tagged metrics config options should be on telemetry config
better api example, add telemetry documentation
2017-09-06 15:25:36 +00:00
Chelsea Holland Komlo 5c10a9325e parse config for metrics fields 2017-09-05 14:13:34 +00:00
Armon Dadgar 3e46094cee Passthrough replication token for token/policy replication 2017-09-04 13:05:53 -07:00
Armon Dadgar 9cd8ac832f agent: Adding ACL block configuration 2017-09-04 13:04:45 -07:00
Alex Dadgar 747d67eb3f Allow tuning of heartbeat ttls
This PR allows tuning of heartbeat TTLs. An example of very aggressive
settings is as follows:

```
server {
  heartbeat_grace = "1s"
  min_heartbeat_ttl = "1s"
  max_heartbeats_per_second = 200.0
}
```
2017-07-19 09:38:35 -07:00
Alex Dadgar c643e6b0d1 Add config options 2017-07-07 12:05:56 -07:00
Michael Schurter 0453c2709c Add new gc_max_allocs tuneable
More than gc_max_allocs may be running on a node, but terminal allocs
will be garbage collected to try to keep the total number below the
limit.
2017-05-11 17:18:02 -07:00
Pete Wildsmith 1b8a1614ca reduce to one configuration option
There should be just one option, verify_https_client, which
controls incoming and outgoing validation for the HTTPS wrapper
2017-04-28 10:45:09 +01:00
Pete Wildsmith 1e6694c5c1 Verification options allowed in TLS config 2017-04-25 23:35:47 +01:00
Alex Dadgar 177bd14718 rename cpu_total_compute and docs 2017-03-14 14:15:49 -07:00
Alex Dadgar a1a7941dec Various fixes
This PR:
* Uses Go 1.8 executable lookup
* Stores any err message from stats init method
* Allows overriding of Cpu Compute for hosts where it can't be detected
2017-03-14 12:56:31 -07:00
Alex Dadgar 70e4feb045 Limit parallelism during garbage collection
This PR introduces a parallelism limit during garbage collection. This
is used to avoid large resource usage spikes if garbage collecting many
allocations at once.
2017-03-10 16:27:00 -08:00
Alex Dadgar 6910678c21 Allow random UUID 2017-02-27 13:42:37 -08:00
Alex Dadgar 6afcba9e22 Allow specification of eval/job gc threshold 2017-02-27 11:58:10 -08:00
Diptanu Choudhury 11d7cb1230 Making the GC related fields tunable 2017-01-31 15:51:20 -08:00
Alex Dadgar fb86904902 Check capabilities, allow creation against role
Check the capabilities of the Vault token to ensure it is valid and also
allow targetting of a role that the token is not from.
2017-01-19 13:40:32 -08:00
Jorge Marey 189a49b74d Add option to set nodename instead of hostname on telemetry values 2016-12-21 09:53:29 +01:00
matt maier c6504f3418 Update Circonus integration expose Check Display Name and Check Tags
configuration options.
2016-11-09 15:12:30 -05:00
Diptanu Choudhury b6f9df5415 Renaming TLS related vault config 2016-11-03 14:24:39 -07:00
Alex Dadgar c4d8d744c7 Add to valid configs fields 2016-10-27 11:29:12 -07:00
Diptanu Choudhury df53a3bb92 Added datadog_address to valid keys 2016-10-26 13:28:28 -07:00
Diptanu Choudhury cf35aeac84 Moving the TLSConfig to structs 2016-10-25 15:57:38 -07:00
Diptanu Choudhury eefc8db3b3 Enabling TLS on cli 2016-10-25 10:39:17 -07:00
Diptanu Choudhury eb813a660f Updated the spec definition for tls config 2016-10-24 15:36:26 -07:00
Diptanu Choudhury e03927bb5c Changed the way TLS config is parsed 2016-10-24 13:56:19 -07:00
Diptanu Choudhury 2e3118e69c Implemented TLS support for http and rpc 2016-10-23 22:22:00 -07:00
Diptanu Choudhury 0f6e0d10b6 Enable serf encryption (#1791)
* Added the keygen command

* Added support for gossip encryption

* Changed the URL for keyring management

* Fixed the cli

* Added some tests

* Added tests for keyring operations

* Added a test for removal of keys

* Added some docs

* Fixed some docs

* Added general options
2016-10-17 10:48:04 -07:00
Alex Dadgar 4135b4ece7 Address field name feedback 2016-08-17 16:23:29 -07:00
Alex Dadgar eac2675faf Add enabled field 2016-08-17 16:23:29 -07:00
Alex Dadgar 0ca4a9fa4f Change token/role names 2016-08-17 16:23:29 -07:00
Alex Dadgar adb3ce847f change config variable names to match vault 2016-08-17 16:23:29 -07:00
Alex Dadgar 93b5fab63b Parse Vault Config 2016-08-17 16:23:29 -07:00
Diptanu Choudhury 9a75052d2c Merge pull request #1518 from pubnub/feature/chroot-map-rebase
Add config field to specify chroot mapping for exec driver
2016-08-10 17:00:03 -07:00
Jay Oster 7df692226a Add config field to specify chroot mapping for exec driver
- Same format as used by the internal chroot mapping
- Map: source_path -> dest_path
- Example HCL:

client {
  chroot_env {
    "/etc" = "/etc"
    "/lib" = "/lib"
    "/opt/projects/foo/bin" = "/usr/bin"
  }
}
2016-08-03 17:17:17 -07:00
Diptanu Choudhury 41b540fbc8 Allow operators to opt into publishing node and alloc metrics 2016-08-01 19:52:20 -07:00
matt maier 7f2af04bcd Change circonus_broker_search_tag to circonus_broker_select_tag to match option in consul 2016-07-22 15:16:14 -04:00
matt maier 02d71eb6d3 Circonus integration for telemetry metrics 2016-07-22 12:33:10 -04:00
Sean Chittenden d17af396ca
Create config.DefaultConsulConfig() 2016-06-16 20:41:05 -07:00
Diptanu Choudhury 14747848f7 Removed the stats block from client configuration 2016-06-16 21:30:29 +01:00
Sean Chittenden 6e22b680ce
Disambiguate `auto_join` from `auto_register`, rename reg to `auto_advertise`.
Provide an option that describes the value to the user vs the
operation performed by the software.  Momentarily introducing
`auto_join`
2016-06-14 12:11:38 -07:00
Sean Chittenden 7c3838373b
Create a weak decoder to parse time.Duration.
Hat tip to Alex for pointing this out (vs patching mapstructure)
2016-06-10 15:50:11 -04:00
Sean Chittenden e727fd8c3c
Centralize the creation of a consul/api.Config struct.
While documented, the consul.timeout parameter wasn't ever set
except one-off in the Consul fingerprinter.
2016-06-10 15:50:11 -04:00
Sean Chittenden f695d6d70d
Reconcile consul's address configuration section.
There were conflicting directives previously, both consul.addr and
consul.address were required to achieve the desired behavior.  The
documentation said `consul.address` was the canonical name for the
parameter, so consolidate configuration parameters to `consul.address`.
2016-06-10 15:50:11 -04:00
Sean Chittenden b5c70f3729
Alpha sort config keys for Consul 2016-06-10 15:50:11 -04:00