Commit graph

65 commits

Author SHA1 Message Date
Alex Dadgar 586895965c Unit test for dev agent 2018-05-22 14:45:34 -07:00
Chelsea Holland Komlo d3d686b58a fix up test for file content changes 2018-03-28 13:18:13 -04:00
Chelsea Holland Komlo 6e6d6b7e33 check file contents when determining if agent should reload TLS configuration 2018-03-27 15:42:20 -04:00
Chelsea Holland Komlo 96df419fff code review feedback 2018-03-26 10:55:22 -04:00
Chelsea Holland Komlo 66e44cdb73 Allow TLS configurations for HTTP and RPC connections to be reloaded separately 2018-03-21 17:51:08 -04:00
Alex Dadgar 9ef23ff277 enable server in test 2018-03-16 16:52:37 -07:00
Michael Schurter 0971114f0c Replace Consul TLSSkipVerify handling
Instead of checking Consul's version on startup to see if it supports
TLSSkipVerify, assume that it does and only log in the job service
handler if we discover Consul does not support TLSSkipVerify.

The old code would break TLSSkipVerify support if Nomad started before
Consul (such as on system boot) as TLSSkipVerify would default to false
if Consul wasn't running. Since TLSSkipVerify has been supported since
Consul 0.7.2, it's safe to relax our handling.
2018-03-14 17:43:06 -07:00
Josh Soref 1d58ae8899 spelling: bootstrap 2018-03-11 17:43:19 +00:00
Chelsea Holland Komlo 6c9f9c8ac3 adding additional test assertions; differentiate reloading agent and http server 2018-01-16 07:34:39 -05:00
Chelsea Holland Komlo 6a2432659a code review fixups 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo c0ad9a4627 add ability to upgrade/downgrade nomad agents tls configurations via sighup 2018-01-08 09:21:06 -05:00
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
Alex Dadgar dbc014b360 Standardize retrieving a free port into a helper package 2017-10-23 16:48:20 -07:00
Michael Schurter c53aac9eea Agent Health Endpoint 2017-10-13 15:37:44 -07:00
Chelsea Holland Komlo 1238efc2a8 improve documentation
move metrics to telemetry; copy to client config
2017-09-06 21:38:06 +00:00
Chelsea Holland Komlo ba4abbe09c remove prints during test 2017-09-05 14:13:34 +00:00
Armon Dadgar 7d4aa1975f agent: thread through ACL config to Server 2017-09-04 13:04:45 -07:00
Alex Dadgar 4e90d56098 More parallel 2017-07-20 09:36:34 -07:00
Michael Schurter c9e4c041b3 Too lazy to remember the right formatter for floats 2017-07-19 11:53:18 -07:00
Alex Dadgar 747d67eb3f Allow tuning of heartbeat ttls
This PR allows tuning of heartbeat TTLs. An example of very aggressive
settings is as follows:

```
server {
  heartbeat_grace = "1s"
  min_heartbeat_ttl = "1s"
  max_heartbeats_per_second = 200.0
}
```
2017-07-19 09:38:35 -07:00
Michael Schurter 95a00cbef1 Fix path used by Nomad Server HTTP Check
Fixes #2701
2017-06-21 10:41:28 -07:00
Michael Schurter c4ab8211b6 Skip https health check if verify_https_client is true 2017-05-03 12:19:02 -07:00
Michael Schurter 947e31e9c2 Only register HTTPS agent check when Consul>=0.7.2
Support for TLSSkipVerify in other checks coming soon!
2017-04-19 12:42:48 -07:00
Alex Dadgar 8d5f0fea69 Merge pull request #2128 from hashicorp/f-dispatch
Nomad Constructor Jobs and Dispatch
2017-01-06 05:22:49 +08:00
Michael Schurter 407657519f Don't require serf advertise address for clients 2016-12-02 11:07:00 -08:00
Alex Dadgar 244c95b1ce agent tests 2016-12-01 16:27:22 -08:00
Alex Dadgar cb187ffce6 Fix TestRktDriver_PortsMapping and TestAgent_LoadKeyrings 2016-11-15 15:49:05 -08:00
Michael Schurter c301e696cf Fix typo in test 2016-11-09 13:16:56 -08:00
Michael Schurter a75e5b5803 Addresses are just addresses - no ports
Store address+port in an unexported field for ease-of-use
2016-11-09 11:49:55 -08:00
Michael Schurter 23de99b1df Enable dev mode to allow using localhost in tests 2016-11-08 16:35:11 -08:00
Michael Schurter 293c596411 Normalize configs for agent tests 2016-11-08 16:13:09 -08:00
Michael Schurter 6d83a192cf Fix int pointer formatting and server config test 2016-11-08 16:02:20 -08:00
Alex Dadgar 75696f4c70 Resolve 2016-11-01 13:23:44 -07:00
Alex Dadgar d037c4ffe9 Check that advertise without ports works in test 2016-10-31 18:08:49 -07:00
Alex Dadgar 376651bcb2 Allow advertise to not specify port 2016-10-31 17:12:29 -07:00
Evan Gilman 59489e4e4f Never return 0.0.0.0 as a non-bind address 2016-10-27 10:51:11 -07:00
Evan Gilman 7511490c12 Add more address selector tests 2016-10-27 10:51:11 -07:00
Evan Gilman af3de22d4f Remove old address advertise config code 2016-10-27 10:51:11 -07:00
Evan Gilman de33949df8 Add address selector methods to the agent 2016-10-27 10:51:11 -07:00
Alex Dadgar 751aa114bf Fix Vault parsing of booleans 2016-10-10 18:04:39 -07:00
Alex Dadgar 4bfdd40948 test fixes 2016-08-18 10:30:47 -07:00
Diptanu Choudhury f72ad34540 get a free port from the kernel 2016-08-16 16:05:37 -07:00
Sean Chittenden 438c1e149b
Fix tests 2016-06-16 22:26:45 -07:00
Sean Chittenden 59c54e9aeb
Fix tests, don't take the address of DefaultConsulCommand() 2016-06-16 21:21:39 -07:00
Sean Chittenden d17af396ca
Create config.DefaultConsulConfig() 2016-06-16 20:41:05 -07:00
Sean Chittenden bbd8dfa798
goling(1) compliance pass (e.g. Rpc* -> RPC) 2016-06-10 23:38:28 -04:00
Sean Chittenden 7fe1944bc5
Fix tests for client.TestAgent_ServerConfig
Add similar logic in Agent `serverConfig()` to set up the
`serverSerfAddr` the same as `serverHttpAddr` and `serverRpcAddr`.
2016-06-10 15:50:11 -04:00
Sean Chittenden ac7881226c
Advertise the server's RPC endpoint, not its HTTP endpoint.
Rename c.serverRpcAddr to serverRpcAddr.  This will be broken out
into in additional set of services in a subsequent commit.
2016-06-10 15:50:11 -04:00
Sean Chittenden 410d85cc78
Rename the package from client/rpc_proxy to client/rpcproxy
Also rename `NewRpcProxy()` to just `New()` to avoid package stutter.
2016-06-10 15:50:11 -04:00
Sean Chittenden b509da2d0c
Create a nomad/structs/config to break an import cycle.
Flattening and normalizing the various Consul config structures and
services has led to an import cycle.  Break this by creating a new package
that is intended to be terminal in the import DAG.
2016-06-10 15:48:36 -04:00