Commit Graph

908 Commits (199f6cc41d54f7f6dd9b66475727f98ba406f682)

Author SHA1 Message Date
Paul Banks f38da47c55
Allow raft TrailingLogs to be configured. (#6186)
This fixes pathological cases where the write throughput and snapshot size are both so large that more than 10k log entries are written in the time it takes to restore the snapshot from disk. In this case followers that restart can never catch up with leader replication again and enter a loop of constantly downloading a full snapshot and restoring it only to find that snapshot is already out of date and the leader has truncated its logs so a new snapshot is sent etc.

In general if you need to adjust this, you are probably abusing Consul for purposes outside its design envelope and should reconsider your usage to reduce data size and/or write volume.
2019-07-23 15:19:57 +01:00
javicrespo b006060d4c log rotation: limit count of rotated log files (#5831) 2019-07-19 15:36:34 -06:00
Luke Kysow 42dae36923
Merge pull request #6141 from hashicorp/hcl-multi-service-docs
Document multiple services config in hcl
2019-07-18 12:15:22 +01:00
kaitlincarter-hc 2679315177 [docs] Encryption docs update (#6082)
* Bad link in encryption docs

* clarifying the guide link

* Update website/source/docs/agent/encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/agent/encryption.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-07-17 20:36:36 -07:00
Luke Kysow c31cb95da3
Document multiple services config in hcl
Also change ttl => timeout since ttl doesn't work anymore.
2019-07-17 15:26:08 +01:00
Judith Malnick c2c154eaf4
[docs] Link to TLS guide in Encryption doc (#6071)
Fixes issue #6067
2019-07-07 16:55:03 +02:00
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
Akshay Ganeshen 98a35fbe69 dns: support alt domains for dns resolution (#5940)
this adds an option for an alt domain to be used with dns while migrating to a new consul domain.
2019-06-27 12:00:37 +02:00
Sarah Christoff d3d92d76f3
ui: modify content path (#5950)
* Add ui-content-path flag

* tests complete, regex validator on string, index.html updated

* cleaning up debugging stuff

* ui: Enable ember environment configuration to be set via the go binary at runtime (#5934)

* ui: Only inject {{.ContentPath}} if we are makeing a prod build...

...otherwise we just use the current rootURL

This gets injected into a <base /> node which solves the assets path
problem but not the ember problem

* ui: Pull out the <base href=""> value and inject it into ember env

See previous commit:

The <base href=""> value is 'sometimes' injected from go at index
serve time. We pass this value down to ember by overwriting the ember
config that is injected via a <meta> tag. This has to be done before
ember bootup.

Sometimes (during testing and development, basically not production)
this is injected with the already existing value, in which case this
essentially changes nothing.

The code here is slightly abstracted away from our specific usage to
make it easier for anyone else to use, and also make sure we can cope
with using this same method to pass variables down from the CLI through
to ember in the future.

* ui: We can't use <base /> move everything to javascript (#5941)

Unfortuantely we can't seem to be able to use <base> and rootURL
together as URL paths will get doubled up (`ui/ui/`).

This moves all the things that we need to interpolate with .ContentPath
to the `startup` javascript so we can conditionally print out
`{{.ContentPath}}` in lots of places (now we can't use base)

* fixed when we serve index.html

* ui: For writing a ContentPath, we also need to cope with testing... (#5945)

...and potentially more environments

Testing has more additional things in a separate index.html in `tests/`

This make the entire thing a little saner and uses just javascriopt
template literals instead of a pseudo handbrake synatx for our
templating of these files.

Intead of just templating the entire file this way, we still only
template `{{content-for 'head'}}` and `{{content-for 'body'}}`
in this way to ensure we support other plugins/addons

* build: Loosen up the regex for retrieving the CONSUL_VERSION (#5946)

* build: Loosen up the regex for retrieving the CONSUL_VERSION

1. Previously the `sed` replacement was searching for the CONSUL_VERSION
comment at the start of a line, it no longer does this to allow for
indentation.
2. Both `grep` and `sed` where looking for the omment at the end of the
line. We've removed this restriction here. We don't need to remove it
right now, but if we ever put the comment followed by something here the
searching would break.
3. Added `xargs` for trimming the resulting version string. We aren't
using this already in the rest of the scripts, but we are pretty sure
this is available on most systems.

* ui: Fix erroneous variable, and also force an ember cache clean on build

1. We referenced a variable incorrectly here, this fixes that.
2. We also made sure that every `make` target clears ember's `tmp` cache
to ensure that its not using any caches that have since been edited
everytime we call a `make` target.

* added docs, fixed encoding

* fixed go fmt

* Update agent/config/config.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

* Completed Suggestions

* run gofmt on http.go

* fix testsanitize

* fix fullconfig/hcl by setting correct 'want'

* ran gofmt on agent/config/runtime_test.go

* Update website/source/docs/agent/options.html.md

Co-Authored-By: Hans Hasselberg <me@hans.io>

* Update website/source/docs/agent/options.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* remove contentpath from redirectFS struct
2019-06-26 11:43:30 -05:00
Pierre Souchay 0e907f5aa8 Support for maximum size for Output of checks (#5233)
* Support for maximum size for Output of checks

This PR allows users to limit the size of output produced by checks at the agent 
and check level.

When set at the agent level, it will limit the output for all checks monitored
by the agent.

When set at the check level, it can override the agent max for a specific check but
only if it is lower than the agent max.

Default value is 4k, and input must be at least 1.
2019-06-26 09:43:25 -06:00
Justin Weissig 88b15d84f9 docs: fixed typos on a few doc pages (#5870) 2019-06-24 15:25:57 -06:00
Judith Malnick 9915e22bc2
[docs] Reorganize connect documentation for clarity (#5864)
* clarify possibilities for centralized proxy configuration

* add line breaks to config entries file

* add info about centralized config to built in proxy doc

* mondify connect landing page to help with navigation

* move internals details to its own page

* link fixes and shortening text on main page

* put built-in proxy options on its own page

* add configuration details for connect

* clarify security title and add observability page

* reorganize menu

* remove observability from configuration section

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* rename connect section to include service mesh

* reorganize sections per suggestions from paul

* add configuration edits from paul

* add internals edits from paul

* add observability edits from paul

* reorganize pages and menu

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* menu corrections and edits

* incorporate some of pauls comments

* incorporate more of pauls comments

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* incorporate kaitlin and pavanni feedback

* add redirect

* fix conflicts in index file

* Resolve conflicts in index file

* correct links for new organization

* Update website/source/docs/connect/proxies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* add title to service registration page
2019-06-13 22:52:50 -07:00
Chris Marchesi b7b1d77139 website: fix Sentinel time-of-day policy (#5930)
The policy in the time-of-day Sentinel example incorrectly references
the top-level time.hour constant. This is actually the same as the
time.Hour Go value, so in other words, 3600000000000 (the int64 value
representing the time in nanoseconds).

This is corrected by just using time.now.hour instead.
2019-06-06 14:31:54 -06:00
Matt Keeler 57e1136b7e
Fix acl.enable_key_list to be acl.enable_key_list_policy in docs (#5907) 2019-06-03 09:31:02 -05:00
kaitlincarter-hc c2c22a35fb
[docs] Updating links to guides (#5795)
* fixing links in the docs post guide migartion.

* fixed one more

* Update website/source/docs/acl/acl-legacy.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/enterprise/connect-multi-datacenter/index.html.md

* Updating based on comments and fixing word wrap

* Update website/source/api/acl-legacy.html.md

* Update website/source/api/acl/acl.html.md

* Update website/source/docs/agent/options.html.md

* Update website/source/docs/faq.html.md

* Update website/source/docs/internals/architecture.html.md

* Update website/source/docs/agent/encryption.html.md
2019-05-15 10:49:41 -05:00
Justin Weissig 02be3d9c6b docs: spelling and wording (#5830)
Fixed spelling and wording: avaliable/available, upto/up to, an other/another, recieved/received, transfered/transferred (x2)
2019-05-13 16:39:25 +01:00
Justin Weissig 8d62353d00 docs: fixed typos (#5832)
Fixed typos: persmissions/permissions + regardles/regardless
2019-05-13 10:22:17 -05:00
Brian Flad 1fbe44d2c5 docs/agent/options: Add go-sockaddr template examples for -bind (#5701)
Reference: https://github.com/hashicorp/consul/issues/4090

Examples covering a variety of potential use cases. Verified via `sockaddr eval` and `console agent -bind` on a test machine:

```console
# Baseline
$ sockaddr eval 'GetAllInterfaces'
[127.0.0.1/8 {1 65536 lo  up|loopback} ::1 {1 65536 lo  up|loopback} 10.0.0.10/8 {2 1500 eth0 b8:27:eb:7b:36:95 up|broadcast|multicast} fe80::12dc:5e4d:8ff8:2d96/64 {2 1500 eth0 b8:27:eb:7b:36:95 up|broadcast|multicast} 192.168.1.10/24 {3 1500 wlan0 b8:27:eb:2e:63:c0 up|broadcast|multicast} fe80::b6dc:5758:c306:b15b/64 {3 1500 wlan0 b8:27:eb:2e:63:c0 up|broadcast|multicast}]

# Using address within a specific CIDR
$ sockaddr eval 'GetPrivateInterfaces | include "network" "10.0.0.0/8" | attr "address"'
10.0.0.10

# Using a static network interface name
$ sockaddr eval 'GetInterfaceIP "eth0"'
10.0.0.10

# Using regular expression matching for network interface name that is forwardable and up
$ sockaddr eval 'GetAllInterfaces | include "name" "^eth" | include "flags" "forwardable|up" | attr "address"'
10.0.0.10
```
2019-05-13 14:08:05 +01:00
Aidan Daniels-Soles 2c4dd43692 Clarify mutual exclusivity of Azure scale set auto-join parameters (#5750) 2019-05-13 13:30:02 +01:00
Matt Keeler c4973a63f3
Add some config entry docs (#5808)
* Add some config entry docs

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>

* Get rid of double negative

* Some incremental updates

* Update the config list docs to not point to service-default related things.

* A few more doc updates to get rid of some service-defaults specific linking info in the cli docs

* In progress update

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>

* Reword bootstrap section

* Update example proxy-defaults config

* Finish up the examples section for managing config entries with the CLI

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>

* Use $ for shell command start

* Make it very clear that the normal way to manage things is via the API/CLI

* Update website/source/docs/agent/options.html.md

Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
2019-05-08 16:19:37 -04:00
kaitlincarter-hc d22ac2a5c2
[docs] WIP ports page (#5693)
* Updating ports information to be consistent accross docs.

* adding some extra notes based on feedback
2019-05-08 11:09:12 -05:00
R.B. Boyer 0f686687b2
docs: adding note about enabling acl token replication for auth methods (#5792) 2019-05-06 11:57:31 -05:00
Tyler Ryan af3d20b1bd Add documentation for Serf member telemetry metrics 2019-05-01 15:35:52 -06:00
R.B. Boyer c649243f7c
docs: add documentation for all secure acl introduction work (#5640) 2019-05-01 16:11:23 -05:00
Kyle Havlovitz 7b16fe3436 Config Entry docs (#5734)
* Add api docs for the config entry endpoints

* Add enable_central_service_config field to agent docs

* Add docs for config entry CLI operations

* Fix wording and links in config entry docs

* Add links to the central service config option

* Update the central service config setting description.
2019-05-01 11:21:11 -07:00
kaitlincarter-hc 626392eb62
[docs] Fixing API broken links (#5732)
* starting broken link fixes

* Updating the other links for ACLs

* Updating the rest of the links

* fixing acl required links.

* update a bunch of other links

* updated a couple more broken links based on Alvins checker

* removed the extra s
2019-04-30 12:20:51 -05:00
Matt Keeler f67e12eb6f
Enabling "service" watch handler to accept a slice of tags
Originally from PR #5347
2019-04-29 15:28:01 -04:00
Matt Keeler 15e80e4e76
Implement bootstrapping proxy defaults from the config file (#5714) 2019-04-26 14:25:03 -04:00
Freddy 3fe3b3e6dc
Clarify -log-rotate-duration string format and default value 2019-04-19 14:07:18 -06:00
Matt Keeler 032d299072
Add missing token field in the service definition in the docs (#5685)
Fixes #5684
2019-04-18 16:05:51 -04:00
kaitlincarter-hc 7dcc727b4d
[docs] Server Performance (#5627)
* Moving server performance guide to docs.

* fixing broken links

* updating broken link

* fixing broken links
2019-04-17 13:17:12 -05:00
Freddy a03392c906
Add additional raft metrics (#5628)
* Add documentation for new raft metrics
* Revendor raft from master
2019-04-09 16:09:22 -06:00
Sarah Christoff 53cbaefd5d Updated Ports Documentation 2019-04-05 12:25:44 -05:00
Alvin Huang e0a4d872af
missed a broken link (#5545) 2019-03-25 18:46:10 -04:00
kaitlincarter-hc 114b42b448
[docs] ACL Side Navigation Added (#5526)
* Adding new ACL menu item with guides and documentation.

* removing sidebar stuff from under agent, some documenting
2019-03-25 16:20:40 -05:00
Alvin Huang dc3c131836 fix broken link 2019-03-22 19:20:48 -04:00
Erik DeLamarter e37c402c9e [Docs] Added a note to GCE auto-join credentials option (#5391)
* Added a note to GCE auto-join credentials option

Simply added a note to remind users that putting a json file in the config-dir will make consul parse it as a config file.
Hope to help someone else avoid wasting a day because of these errors:
==> Error parsing /etc/consul.d/credentials.json: 10 error(s) occurred: * invalid config key private_key

* Updated according to style guidelines

Co-Authored-By: delamart <erik@delamarter.ch>
2019-03-19 09:40:12 -05:00
Steve Burns 34c70d2475 Add log_file attribute to agent configuration documentation (#5492) 2019-03-18 10:24:49 -07:00
Alex Mayer 585978ab94 Docs Proofing (#5424)
* Docs: Remove default_policy From Code Example

It is not needed according to:
https://www.consul.io/docs/agent/acl-system.html#configuring-acls

* Docs: Cleanup Commands And Their Output On ACL Guide Page

Remove extra spaces and newlines
Ensure rules match input rules

* Docs: Remove Incomplete "Added In Version" Statement

Version added is specified on parent option

* Docs: Fix Broken Links

* Docs: Minor Sentence Tweaks
2019-03-15 09:35:33 -05:00
kaitlincarter-hc 51acd28d3b
[docs] Move Sentinel documentation (#5478)
* Moving sentinel doc

* updating links, fixing headings.

* Update website/source/docs/agent/acl-rules.html.md
2019-03-13 12:47:25 -05:00
Hans Hasselberg 7e11dd82aa
agent: enable reloading of tls config (#5419)
This PR introduces reloading tls configuration. Consul will now be able to reload the TLS configuration which previously required a restart. It is not yet possible to turn TLS ON or OFF with these changes. Only when TLS is already turned on, the configuration can be reloaded. Most importantly the certificates and CAs.
2019-03-13 10:29:06 +01:00
Reid Beels cd1aa9b426 Remove misleading encrypt param documentation (#5452)
According to https://www.consul.io/docs/agent/options.html#_encrypt, the `encrypt` param specifies the 16-byte key to use, not the path to a config file containing the key.
2019-03-12 10:26:40 -05:00
Alvin Huang 21fcfcad7f
Merge pull request #5451 from hashicorp/update_go_discover_for_azure
Update go-discover vendor
2019-03-11 16:39:39 -04:00
Lowe Schmidt e293045751 Typo fix (segement > segment) (#5469) 2019-03-11 16:25:19 +01:00
Masato Yamazaki 23bc8636c1 website: delete duplication of "are" (#5464) 2019-03-11 10:42:15 +01:00
petems a505e6e9da Update go-discover vendor
* Adds note about use of ENV variables for auto-join on Azure
2019-03-08 22:57:48 +00:00
R.B. Boyer a99f7aaa25 website: fix broken links 2019-03-05 14:24:33 -06:00
Hans Hasselberg d35824b1fa default to tls 1.2 as promised. (#5340) 2019-03-04 09:42:04 -05:00
Aestek 02f991843f Fix race condition in DNS when using cache (#5398)
* Fix race condition in DNS when using cache

The healty node filtering was modifying the result from the cache, which
caused a crash when multiple queries were made to the same service
simultaneously.
We now copy the node slice before filtering to ensure we do not modify
the data stored in the cache.

* Fix wording in dns cache config doc

s/dns_max_age/cache_max_age/
2019-03-04 09:22:01 -05:00
Matt Keeler 118adbb123
ACL Token Persistence and Reloading (#5328)
This PR adds two features which will be useful for operators when ACLs are in use.

1. Tokens set in configuration files are now reloadable.
2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload)

Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change.

Some other secondary changes:

* Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly.
* Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. 
* Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents.
* Docs updated to reflect the API additions and to show using the new endpoints.
* Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 14:28:31 -05:00