Commit graph

61 commits

Author SHA1 Message Date
Alex Dadgar a1faab0e58 Server TLS 2018-02-15 15:03:12 -08:00
Alex Dadgar 5b9806590b add logging 2018-02-15 13:59:03 -08:00
Alex Dadgar 64ad3119d0 Implement MultiplexV2 RPC handling
Implements and tests the V2 multiplexer. This will not be used until
several versions of Nomad have been released to mitigate upgrade
concerns.
2018-02-15 13:59:02 -08:00
Alex Dadgar cea77df6a7 Add Streaming RPC ack
This PR introduces an ack allowing the receiving end of the streaming
RPC to return any error that may have occured during the establishment
of the streaming RPC.
2018-02-15 13:59:02 -08:00
Alex Dadgar 6c1fa878ea Forwarding 2018-02-15 13:59:02 -08:00
Alex Dadgar 2c0ad26374 New RPC Modes and basic setup for streaming RPC handlers 2018-02-15 13:59:01 -08:00
Alex Dadgar b5037f20db Remove circular dependency 2018-02-15 13:59:01 -08:00
Alex Dadgar 3f786b904b use server manager 2018-02-15 13:59:01 -08:00
Alex Dadgar 46770d57e5 Forwarding 2018-02-15 13:59:01 -08:00
Alex Dadgar 6dd1c9f49d Refactor 2018-02-15 13:59:00 -08:00
Alex Dadgar 8058ab039f Store the whole verified certificate chain 2018-02-15 13:59:00 -08:00
Alex Dadgar 13bbf3fbbb Track client connections 2018-02-15 13:59:00 -08:00
Alex Dadgar 4243438661 Improve TLS cluster testing 2018-02-15 13:59:00 -08:00
Alex Dadgar ba5ecb8c1a Dynamic RPC servers with context 2018-02-15 13:59:00 -08:00
Chelsea Holland Komlo 3f34b59ee6 remove unnecessary nil checks; default case
add tests for TLSConfig object
2018-01-08 09:24:28 -05:00
Chelsea Holland Komlo d9ec538d6a don't ignore error in http reloading
code review feedback
2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo 6a2432659a code review fixups 2018-01-08 09:21:06 -05:00
Chelsea Holland Komlo c0ad9a4627 add ability to upgrade/downgrade nomad agents tls configurations via sighup 2018-01-08 09:21:06 -05:00
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
Chelsea Holland Komlo e348deecf5 fixups from code review 2017-11-01 15:21:05 -05:00
Chelsea Holland Komlo afe9f9a714 add rpc_upgrade_mode as config option for tls upgrades 2017-11-01 15:19:52 -05:00
Alex Dadgar abfc56a871 WatchCtx propogates context error 2017-09-06 17:37:40 -07:00
Alex Dadgar 26e66ed1c5 fix checking of context error 2017-09-01 09:53:09 -07:00
Alex Dadgar 590ff91bf3 Deployment watcher takes state store 2017-08-30 18:51:59 -07:00
Alex Dadgar 7af65aa3d7 Add watcher to server 2017-07-07 12:03:11 -07:00
Michael Schurter a81c387adf Require TLS for server RPC when enabled
Fixes #2525

We used to be checking a RequireTLS field that was never set. Instead we
can just check the TLSConfig.EnableRPC field and require TLS if it's
enabled.

Added a few unfortunately slow integration tests to assert the intended
behavior of misconfigured RPC TLS.

Also disable a lot of noisy test logging when -v isn't specified.
2017-04-06 09:34:36 -07:00
Alex Dadgar 5d293c0f1e Add abandon tests and use snapshot for blocking queries 2017-02-08 11:18:03 -08:00
Alex Dadgar d182aac7a7 Fix nomad tests 2017-02-07 22:10:33 -08:00
Alex Dadgar b69b357c7f Nomad builds 2017-02-07 20:31:23 -08:00
Alex Dadgar 570efcaebd Update state store and blocking query helper 2017-02-05 12:03:11 -08:00
Armon Dadgar 75abbc74a5 nomad: modify forward RPC to hold when no known leader 2016-07-10 13:36:55 -04:00
Sean Chittenden bff57a0dce
Reconcile, clean up, and centralize API version numbers (major and minor).
Reduce future confusion by introducing a minor version that is gossiped out
via the `mvn` Serf tag (Minor Version Number, `vsn` is already being used for
to communicate `Major Version Number`).

Background: hashicorp/consul/issues/1346#issuecomment-151663152
2016-06-10 15:50:11 -04:00
Sean Chittenden 1aefdb1e15
Use the correctly typed rand.Int* variant 2016-06-10 15:50:11 -04:00
Sean Chittenden 3a1dc9a194
Use rand.Int*n() where appropriate 2016-06-10 15:50:11 -04:00
Sean Chittenden 4e2835d5ff
Use the correctly typed rand.Int* variant 2016-06-10 15:48:36 -04:00
Sean Chittenden 66b4b2a99f
Use rand.Int*n() where appropriate 2016-06-10 15:48:36 -04:00
Sean Chittenden e36686a17d
Use consul/lib's RandomStagger
Removes four redundant copies of the method in the process.
2016-06-10 15:48:36 -04:00
Alex Dadgar 2a19e179bc Switch to using go/codec and use code generation 2016-02-20 18:05:17 -08:00
Armon Dadgar 623b473ee6 Revert "Lzw compress raft entries"
This reverts commit a687ee6df316ffadac5305f4be9cf9a5642cd6af.

The LZW compression reduces the file size by ~60%, but increases
our encode and decode costs by 2x in a CPU bottlenecked path.
2016-02-20 17:36:39 -08:00
Alex Dadgar 6e8a57ba1a Lzw compress raft entries 2016-02-20 13:21:38 -08:00
Alex Dadgar 4d817f5cbc Revert "Revert "Make drivers take arguments as a list and not as a string"" 2015-11-18 15:16:42 -08:00
Alex Dadgar 0e51375285 Revert "Make drivers take arguments as a list and not as a string" 2015-11-18 13:46:43 -08:00
Alex Dadgar 07a5ceed9c Use one msgpack codec and have it decode []string in nil interfaces 2015-11-18 13:15:13 -08:00
Alex Dadgar a56c808ff8 Update Nomad Client/Server RPC codecs to use custom msgpackHandle 2015-11-15 18:27:02 -08:00
Ryan Uber 6b7ca19a76 nomad: export watcher to share between rpc and state store 2015-10-29 14:47:39 -07:00
Ryan Uber a4ee8929e3 nomad: unify watcher inputs for reusability 2015-10-29 11:59:15 -07:00
Ryan Uber 04dcd3f440 nomad: use a generic full-table watcher 2015-10-28 11:15:54 -07:00
Ryan Uber 2e20f9e89a nomad: allow blocking on empty data views 2015-10-27 17:58:04 -07:00
Ryan Uber ee44b43f33 nomad: initial pass at blocking queries for jobs 2015-10-27 17:58:04 -07:00
Armon Dadgar ff27572e1f nomad: raftApplyFuture does not block for error 2015-10-11 18:47:08 -04:00