Siva Prasad
ca35d04472
Adds a new command line flag -log-file for file based logging. ( #4581 )
...
* Added log-file flag to capture Consul logs in a user specified file
* Refactored code.
* Refactored code. Added flags to rotate logs based on bytes and duration
* Added the flags for log file and log rotation on the webpage
* Fixed TestSantize from failing due to the addition of 3 flags
* Introduced changes : mutex, data-dir log writes, rotation logic
* Added test for logfile and updated the default log destination for docs
* Log name now uses UnixNano
* TestLogFile is now uses t.Parallel()
* Removed unnecessary int64Val function
* Updated docs to reflect default log name for log-file
* No longer writes to data-dir and adds .log if the filename has no extension
2018-08-29 16:56:58 -04:00
Matt Keeler
0e0227792b
Gossip tuneables ( #4444 )
...
Expose a few gossip tuneables for both lan and wan interfaces
gossip_nodes
gossip_interval
probe_timeout
probe_interval
retransmit_mult
suspicion_mult
2018-07-26 11:39:49 -04:00
Paul Banks
8dd50d5b2d
Add config option to disable HTTP printable char path check ( #4442 )
2018-07-26 13:53:39 +01:00
Paul Banks
d5e934f9ff
Ooops that was meant to be to a branch no master... EMORECOFFEE
...
Revert "Add config option to disable HTTP printable char path check"
This reverts commit eebe45a47b
.
2018-07-25 15:54:11 +01:00
Paul Banks
eebe45a47b
Add config option to disable HTTP printable char path check
2018-07-25 15:52:37 +01:00
Matt Keeler
c891e264ca
Fix issue with choosing a client addr that is 0.0.0.0 or ::
2018-07-16 16:30:15 -04:00
Matt Keeler
7572ca0f37
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
...
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
Matt Keeler
0f56ed2d01
Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing
2018-07-12 07:49:23 -04:00
Matt Keeler
22e4058893
Use type switch instead of .Network for more reliably detecting UnixAddrs
2018-07-12 07:30:17 -04:00
Matt Keeler
700a275ddf
Look specifically for tcp instead of unix
...
Add runtime -> api.Config tests
2018-07-11 17:25:36 -04:00
Matt Keeler
c54b43bef3
PR Updates
...
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
Matt Keeler
3b6eef8ec6
Pass around an API Config object and convert to env vars for the managed proxy
2018-07-10 12:13:51 -04:00
Pierre Souchay
abde81a3e7
Added async-cache with similar behaviour as extend-cache but asynchronously
2018-07-01 23:50:30 +02:00
mkeeler
6813a99081
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Paul Banks
c6ef6a61c9
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
9f559da913
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
Paul Banks
d83f2e8e21
Expose telemetry config from RuntimeConfig to proxy config endpoint
2018-06-25 12:25:38 -07:00
Paul Banks
8aeb7bd206
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
Mitchell Hashimoto
f7fc026e18
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
4897ca6545
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
Paul Banks
0824d1df5f
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Paul Banks
cdc7cfaa36
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
8cf4b3a6eb
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
Mitchell Hashimoto
aaa2431350
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks
e0e12e165b
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz
daa8dd1779
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Paul Banks
3e3f0e1f31
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
e6071051cf
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Matt Keeler
6cc0422408
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Preetha Appan
d721da7b67
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
66f31cd25a
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Pierre Souchay
a680c8e91b
Clearer documentation and comments for enabling Prometheus support
2018-04-09 13:16:45 +02:00
Pierre Souchay
93a01b0949
Now use prometheus_retention_time > 0 to enable prometheus support
2018-04-06 14:21:05 +02:00
Pierre Souchay
fd98fb1449
Added support exposing metrics in Prometheus format
2018-04-06 09:18:06 +02:00
Preetha
a67d27c756
Adds discovery_max_stale ( #4004 )
...
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
Josh Soref
94835a2715
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
Devin Canterberry
c901307a47
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
Pierre Souchay
0b7f620dc6
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
James Phillips
93f68555d0
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
Frank Schroeder
21a7d399bd
config: address review comments
2017-10-23 08:05:47 +02:00
Frank Schroeder
cf0a571a76
config: document remaining config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
149ab13a13
config: document more config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
a8f709a875
config: document more config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
6c64cf9b5d
config: document more acl options
2017-10-23 08:04:03 +02:00
Frank Schroeder
ffb0f6ec8b
config: document config options
2017-10-23 08:04:03 +02:00
Frank Schroeder
70270d6d98
config: document acl options
2017-10-23 08:04:03 +02:00
Frank Schroeder
7f214b1e1c
config: document autopilot options
2017-10-23 08:04:03 +02:00
Frank Schroeder
cfc891fc25
config: document dns options
2017-10-23 08:04:03 +02:00
Frank Schroeder
d27617c60b
config: document http options
2017-10-23 08:04:03 +02:00
Frank Schroeder
625713dd72
config: document telemetry options
2017-10-23 08:04:03 +02:00