Commit graph

234 commits

Author SHA1 Message Date
Jeff Mitchell 3edb337a00 Add option to set cluster TLS cipher suites. (#3228)
* Add option to set cluster TLS cipher suites.

Fixes #3227
2017-08-30 16:28:23 -04:00
Doyoon Kim 3ffebb7780 Moved PROXY protocol wrap to execute before the TLS wrap (#3195) 2017-08-23 12:00:09 -04:00
Gobin Sougrakpam 8e01c994bf tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Jeff Mitchell 7e3ff5e56c Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Jeff Mitchell 1bfc6d4fe7 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Jeff Mitchell d55d75a79f Convert listener arguments to map[string]interface{} (#2905)
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
2017-06-22 20:29:53 +01:00
Jeff Mitchell 33ca94773f Add DogStatsD metrics output. (#2883)
Fixes #2490
2017-06-16 23:51:46 -04:00
Brian Kassouf 8a3ef906d5 Update the plugin directory logic 2017-04-13 11:22:53 -07:00
Brian Kassouf 8ccf10641b Merge branch 'master' into database-refactor 2017-04-12 14:29:10 -07:00
Brian Kassouf e8781b6a2b Plugin catalog 2017-04-03 17:52:29 -07:00
Jeff Mitchell 5d760d4090 Add option to require valid client certificates (#2457) 2017-03-08 10:21:31 -05:00
Jeff Mitchell b11f92ba5a Rename physical backend to storage and alias old value (#2456) 2017-03-08 09:17:00 -05:00
Jeff Mitchell 5119b173c4 Rename helper 'duration' to 'parseutil'. (#2449)
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell b29861f7bb Do some porting to make diffing easier 2017-02-24 10:45:29 -05:00
Jeff Mitchell c81582fea0 More porting from rep (#2388)
* More porting from rep

* Address review feedback
2017-02-16 16:29:30 -05:00
Roman Vynar 1615280efa Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
Chris Lundquist 9b5ee87929 prevent binding 0.0.0.0 -> ::0 (#2094) 2016-11-15 12:00:57 -05:00
matt maier 57925ee863 Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
Jeff Mitchell 2c85fdfeb9 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
Jeff Mitchell 85315ff188 Rejig where the reload functions live 2016-09-30 00:07:22 -04:00
Jeff Mitchell f0203741ff Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Evan Phoenix 4214a0199d Advertise the cluster_(id|name) in the Scada handshake (#1906) 2016-09-23 10:55:51 -04:00
Jeff Mitchell bbe87db913 Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways 2016-09-20 14:56:16 -04:00
vishalnayak 5bd665a842 Update atlas listener factory to use version with pre-release info. 2016-09-01 17:21:11 -04:00
Jeff Mitchell 2ce4397deb Plumb through the ability to set the storage read cache size. (#1784)
Plumb through the ability to set the storage read cache size.

Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell 58b32e5432 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell 37320f8798 Request forwarding (#1721)
Add request forwarding.
2016-08-15 09:42:42 -04:00
Vishal Nayak c7bcaa5bb6 Merge pull request #1655 from hashicorp/cluster-id
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
Evan Phoenix 41ed3de3b1 Report the simple version string 2016-07-26 10:21:24 -07:00
vishalnayak 6e1d020c3a Added cluster_name for existing config tests 2016-07-26 11:38:24 -04:00
vishalnayak 7daa92f42c Update cluster name during config merge 2016-07-26 11:11:12 -04:00
vishalnayak a3e6400697 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak c7dabe4def Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
matt maier 6519c224ac Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
Jeff Mitchell 3ec81debe7 Trim leading/trailing space around PEM bundles.
Fixes #1634
2016-07-20 13:57:49 -04:00
vishalnayak f34f0ef503 Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
Jeff Mitchell 61250157d7 Don't panic on an empty configuration during merge 2016-07-05 16:49:15 -04:00
Jeff Mitchell 6ff0742aa6 Remove unneeded else 2016-06-08 13:55:31 -04:00
Jeff Mitchell 64c180510e Add a metadata node_id field for Atlas usage and fix tests 2016-06-02 18:19:51 -04:00
Jeff Mitchell 0d9ea2a1a1 Initial Atlas listener implementation 2016-06-02 14:05:47 -04:00
Sean Chittenden 0c23acb818 Comment nits 2016-04-25 18:00:54 -07:00
Jeff Mitchell 528b25c5f4 Merge HA Backend objects 2016-03-21 16:56:13 -04:00
Jeff Mitchell 0e3764832a Add test for listener reloading, and update website docs. 2016-03-14 14:05:47 -04:00
Jeff Mitchell 84af6ec8ac Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config 2016-03-11 17:28:03 -05:00
Jeff Mitchell 996c584192 Don't inline factory 2016-03-11 17:02:44 -05:00
Jeff Mitchell d75ce9de9b Retool to have reloading logic run in command/server 2016-03-11 16:47:03 -05:00
Jeff Mitchell c6066af4c1 Add tests. This actually adds the initial tests for the TLS listener,
then layers reloading tests on top.
2016-03-11 14:05:52 -05:00
Jeff Mitchell baf0763b3c Add reload capability for Vault listener certs. No tests (other than
manual) yet, and no documentation yet.
2016-03-11 14:05:52 -05:00
Seth Vargo b207fc403c Fix failing config test 2016-03-10 17:36:10 -05:00
Seth Vargo 0adab4182f Fix test fixtures 2016-03-10 16:51:08 -05:00
Seth Vargo f916ed349d Print errors on extra keys in server config
This does NOT apply to the backend config, since each backend config
could have a variation of options that differ based off of the
configured backend itself. This may be an optimization that can be made
in the future, but I think each backend should be responsible for
performing its own configuration validation instead of overloading the
config itself with this functionality.
2016-03-10 15:25:25 -05:00
Jeff Mitchell 0998e1cdf9 Update help text exporting dev mode listen address.
Ping #1160
2016-03-03 18:10:14 -05:00
Jeff Mitchell 6cdb8aeb4f Merge branch 'master' into f-disable-tls 2015-12-29 12:59:02 -05:00
Jeff Mitchell ced0835574 Allow separate HA physical backend.
With no separate backend specified, HA will be attempted on the normal
physical backend.

Fixes #395.
2015-12-14 07:59:58 -05:00
Armon Dadgar 985717b428 server: sanity check value for 'tls_disable' 2015-11-25 11:37:57 -08:00
Jeff Mitchell 9f0b1547bb Allow disabling the physical storage cache with 'disable_cache'.
Fixes #674.
2015-10-12 13:00:32 -04:00
Jeff Mitchell 3f45f3f41b Rename config lease_duration parameters to lease_ttl in line with current standardization efforts 2015-08-27 07:50:24 -07:00
vishalnayak e5080a7f32 Merging with master 2015-08-06 18:44:40 -04:00
vishalnayak c7ef0b95c2 Vault SSH: CRUD test case for OTP Role 2015-07-31 13:24:23 -04:00
Karl Gutwin 4bad987e58 PR review updates 2015-07-30 13:21:41 -04:00
Karl Gutwin 151ec72d00 Add configuration options for default lease duration and max lease duration. 2015-07-30 09:42:49 -04:00
Armon Dadgar ae28087f67 server: import sha512. Fixes #448 2015-07-23 13:51:45 -07:00
Karl Gutwin 1096f5a53e Avoid unnecessary abbreviation 2015-07-22 23:28:46 -04:00
Karl Gutwin 2e81d9047d Allow specifying a TLS minimum version 2015-07-22 23:19:41 -04:00
Nate Brown dec99f2bf6 Git ignore getting in the way 2015-07-14 15:57:06 -07:00
Nate Brown 5804c4a872 Fix travis build 2015-07-14 15:50:29 -07:00
Nate Brown 0ec0b41aa3 Telemetry object in config 2015-07-14 15:36:28 -07:00
Armon Dadgar 268db24819 command/listener: Request TLS client cert. Fixes #214 2015-05-20 16:01:40 -07:00
Mitchell Hashimoto 3d3274a66b command/server: fix one race condition 2015-04-28 19:11:46 -07:00
Mitchell Hashimoto d29ada47eb command/server: disable mlock in dev mode 2015-04-28 15:11:39 -07:00
Mitchell Hashimoto 006d4fccfd command/server: allow disabling mlock 2015-04-28 15:09:30 -07:00
Mitchell Hashimoto ee254a332e command/server: can set advertise addr 2015-04-17 12:56:31 -07:00
Mitchell Hashimoto 415e7cef22 command/server: config for setting stats addresses 2015-04-17 12:56:31 -07:00
Armon Dadgar f04d33b170 command/server: Enable telemetry. cc: @mitchellh 2015-04-14 18:44:09 -07:00
Armon Dadgar 770116b8e9 command: Set minimum TLS version to 1.2 2015-04-13 19:09:44 -07:00
Mitchell Hashimoto b0da4056a0 command/server: tests 2015-04-04 17:43:20 -07:00
Mitchell Hashimoto afc71d2a7b command/server: cleaner output 2015-04-04 12:06:41 -07:00
Mitchell Hashimoto 19283eb5f7 command/server: dev mode 2015-03-31 16:44:47 -07:00
Mitchell Hashimoto f71f29b801 command/server: initial working 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto cb3e91b338 command/sever: copy the TCP keep alive listener 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto 393c6c6c20 command/server: support TLS 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto 61224ce312 command/server: tcp listener 2015-03-13 12:53:08 -07:00
Mitchell Hashimoto 86c7a4c155 command/server: load config from flags 2015-03-12 15:30:07 -07:00
Mitchell Hashimoto d88c20e293 command/server: add config loading 2015-03-12 15:21:11 -07:00