2ccf565bf6
Refactor redundancy_zone/upgrade_version out of client meta
2018-01-29 20:03:38 -08:00
d09cc2a69f
Merge pull request #3492 from hashicorp/f-client-tls-reload
...
Client/Server TLS dynamic reload
2018-01-23 05:51:32 -05:00
bc385bcc93
Fix comments/text referring to consul
2018-01-17 00:20:13 -08:00
0708d34135
call reload on agent, client, and server separately
2018-01-08 09:56:31 -05:00
3f34b59ee6
remove unnecessary nil checks; default case
...
add tests for TLSConfig object
2018-01-08 09:24:28 -05:00
6a2432659a
code review fixups
2018-01-08 09:21:06 -05:00
c0ad9a4627
add ability to upgrade/downgrade nomad agents tls configurations via sighup
2018-01-08 09:21:06 -05:00
1c07066064
Add autopilot functionality based on Consul's autopilot
2017-12-18 14:29:41 -08:00
5951222ccb
fix for rpc_upgrade_mode
2017-12-11 19:23:45 -05:00
2dfda33703
Nomad agent reload TLS configuration on SIGHUP ( #3479 )
...
* Allow server TLS configuration to be reloaded via SIGHUP
* dynamic tls reloading for nomad agents
* code cleanup and refactoring
* ensure keyloader is initialized, add comments
* allow downgrading from TLS
* initalize keyloader if necessary
* integration test for tls reload
* fix up test to assert success on reloaded TLS configuration
* failure in loading a new TLS config should remain at current
Reload only the config if agent is already using TLS
* reload agent configuration before specific server/client
lock keyloader before loading/caching a new certificate
* introduce a get-or-set method for keyloader
* fixups from code review
* fix up linting errors
* fixups from code review
* add lock for config updates; improve copy of tls config
* GetCertificate only reloads certificates dynamically for the server
* config updates/copies should be on agent
* improve http integration test
* simplify agent reloading storing a local copy of config
* reuse the same keyloader when reloading
* Test that server and client get reloaded but keep keyloader
* Keyloader exposes GetClientCertificate as well for outgoing connections
* Fix spelling
* correct changelog style
2017-11-14 17:53:23 -08:00
e348deecf5
fixups from code review
2017-11-01 15:21:05 -05:00
afe9f9a714
add rpc_upgrade_mode as config option for tls upgrades
2017-11-01 15:19:52 -05:00
e5ec915ac3
sync
2017-09-19 10:08:23 -05:00
bbcea0dff9
Update consul/api and comment to custom http.Client
2017-05-30 15:11:32 -07:00
6f2ecdec27
Update consul/api and fix tls handling
...
Since I was already fixing consul's tls handling in #2645 I decided to
update consul/api and pre-emptively fix our tls handling against the
newest consul/api behavior. consul/api's handling of http.Transports has
improved but would have broken how we handled tls (again).
This would have made for a nasty surprise the next time we updated
consul/api.
2017-05-30 15:11:32 -07:00
a4e2463477
Fix consul.verify_ssl
...
Was getting ignored and would have defaulted to false if it wasn't
ignored.
Now defaults to true as per docs and isn't ignored.
2017-05-15 15:32:32 -07:00
85210eb92f
Update consul/api to support unix socket addrs
...
Fixes #2594
2017-05-08 11:57:04 -07:00
1b8a1614ca
reduce to one configuration option
...
There should be just one option, verify_https_client, which
controls incoming and outgoing validation for the HTTPS wrapper
2017-04-28 10:45:09 +01:00
c948d2ee27
apply gofmt
2017-04-26 18:58:19 +01:00
56b122c501
Add verification options to TLS config struct
2017-04-25 23:29:43 +01:00
7fae2d2cea
Fix Consul Config Merging/Copying
...
This PR fixes config merging/copying code.
Fixes https://github.com/hashicorp/nomad/issues/2264
2017-02-02 11:12:07 -08:00
9c75ec7f57
Add role to merge test
2017-02-01 16:37:08 -08:00
fd34c03d47
TWEAK: remove else block in tls handling
2017-01-26 14:03:32 -08:00
4453a292a2
BUGFIX: fix consul verify_ssl merging
2017-01-25 16:19:39 -08:00
606bb30863
Merge pull request #2226 from hashicorp/b-vault
...
Improve Vault integration and validation
2017-01-23 14:59:41 -08:00
fb86904902
Check capabilities, allow creation against role
...
Check the capabilities of the Vault token to ensure it is valid and also
allow targetting of a role that the token is not from.
2017-01-19 13:40:32 -08:00
e927de02d2
Moved functions to helper from structs
2017-01-18 15:55:14 -08:00
c253f5b17d
Fixed merging consul config
2017-01-05 15:15:43 -08:00
15f085a4d7
Merge pull request #1931 from hashicorp/rename-vault-config
...
Rename vault config
2016-11-06 10:14:25 -08:00
40b9d3bb2d
Fixed comment
2016-11-03 14:45:03 -07:00
22681bd8ce
Making AllowUnauthenticated true by default
2016-11-03 14:38:34 -07:00
b6f9df5415
Renaming TLS related vault config
2016-11-03 14:24:39 -07:00
ddf5fb82b5
Small cleanups
2016-10-27 10:51:11 -07:00
cf35aeac84
Moving the TLSConfig to structs
2016-10-25 15:57:38 -07:00
751aa114bf
Fix Vault parsing of booleans
2016-10-10 18:04:39 -07:00
f8cd51b6e9
Enabling vault if token is present
2016-08-18 12:03:50 -07:00
a8efce874f
Token renewal and beginning of tests
2016-08-17 16:25:38 -07:00
713e310670
Renew loop
2016-08-17 16:25:38 -07:00
750a44b2c0
Create a Vault interface for the server
2016-08-17 16:25:38 -07:00
6e2f0a2776
Server has Vault API client
2016-08-17 16:25:38 -07:00
4135b4ece7
Address field name feedback
2016-08-17 16:23:29 -07:00
7d899b6c60
Pass Vault config to client
2016-08-17 16:23:29 -07:00
eac2675faf
Add enabled field
2016-08-17 16:23:29 -07:00
1584cfe93e
small fixes
2016-08-17 16:23:29 -07:00
0ca4a9fa4f
Change token/role names
2016-08-17 16:23:29 -07:00
adb3ce847f
change config variable names to match vault
2016-08-17 16:23:29 -07:00
fab7893774
vendor + api
2016-08-17 16:23:29 -07:00
b32128aa23
Initial config block
2016-08-17 16:23:29 -07:00
871a31a8ec
Teach config.ConsulConfig how to construct a consulapi TLS client.
...
Said differently, centralize the creation of consul's client config
in one place and use it everywhere.
2016-06-16 22:51:06 -07:00
d17af396ca
Create config.DefaultConsulConfig()
2016-06-16 20:41:05 -07:00
Kyle Havlovitz