Commit Graph

11391 Commits (5105bf3d678dfc81a4d77c182225aa24426e6c2a)

Author SHA1 Message Date
Aestek 24a0f2bba2 ae: use stale requests when performing full sync (#5873)
Read requests performed during anti antropy full sync currently target
the leader only. This generates a non-negligible load on the leader when
the DC is large enough and can be offloaded to the followers following
the "eventually consistent" policy for the agent state.
We switch the AE read calls to use stale requests with a small (2s)
MaxStaleDuration value and make sure we do not read too fast after a
write.
2019-06-17 18:05:47 +02:00
Alvin Huang 3928878433
Support relative and external URL rewrites (#5970)
* switch to relative path redirects for non external links

* update website deploy script to support relative+full url redirects
2019-06-17 11:48:29 -04:00
Matt Keeler f3d9b999ee
Add tagged addresses for services (#5965)
This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
2019-06-17 10:51:50 -04:00
Matt Keeler 8a6e5476e9
Update CHANGELOG.md 2019-06-17 10:42:49 -04:00
Matt Keeler 2557d7a6cc
Fix CAS operations on Services (#5971)
* Fix CAS operations on services

* Update agent/consul/state/catalog_test.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>
2019-06-17 10:41:04 -04:00
Alvin Huang b9951cc626
update website build to exclude guides (#5951) 2019-06-14 16:55:18 -04:00
Judith Malnick 4c5c69bdba
[docs] Correct typos in API agnet docs (#5966) 2019-06-14 09:30:41 -07:00
Paul Banks 0837e5774b
Update CHANGELOG.md 2019-06-14 10:47:50 +01:00
Hans Hasselberg 53d7008a44
Update CHANGELOG.md 2019-06-14 10:44:46 +02:00
Judith Malnick 9915e22bc2
[docs] Reorganize connect documentation for clarity (#5864)
* clarify possibilities for centralized proxy configuration

* add line breaks to config entries file

* add info about centralized config to built in proxy doc

* mondify connect landing page to help with navigation

* move internals details to its own page

* link fixes and shortening text on main page

* put built-in proxy options on its own page

* add configuration details for connect

* clarify security title and add observability page

* reorganize menu

* remove observability from configuration section

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/agent/config_entries.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* rename connect section to include service mesh

* reorganize sections per suggestions from paul

* add configuration edits from paul

* add internals edits from paul

* add observability edits from paul

* reorganize pages and menu

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* menu corrections and edits

* incorporate some of pauls comments

* incorporate more of pauls comments

* Update website/source/docs/connect/configuration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/index.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* incorporate kaitlin and pavanni feedback

* add redirect

* fix conflicts in index file

* Resolve conflicts in index file

* correct links for new organization

* Update website/source/docs/connect/proxies.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* Update website/source/docs/connect/registration.html.md

Co-Authored-By: Paul Banks <banks@banksco.de>

* add title to service registration page
2019-06-13 22:52:50 -07:00
Hans Hasselberg dce847a97a
Remove the misleading default separator for listing keys. (#5288)
The default separator for key listing is an empty string - the docs incorrectly made it seem as if this was `/`.
2019-06-14 00:06:18 +02:00
Justin Weissig 4cafff579e docs: fixed typos (#5854)
Fixed typos: alterative/alternative & communciation/communication
2019-06-14 00:05:32 +02:00
Hans Hasselberg 06e0bb4065
docs: wording (#5889)
Fixed wording: "will be resolve to the" -> "will be resolved to the".
2019-06-13 23:59:05 +02:00
Justin Weissig aa6ed1ff25 docs: fixed typo polices/policies (#5894)
Fixed typo: polices/policies.
2019-06-13 23:58:34 +02:00
Yoan Blanc 301d3bacd0 docs: fix markdown consul operator (#5901)
broken markdown
2019-06-13 23:57:38 +02:00
Pavel Drankov b3a0b273ed api: update link to agent caching in comments (#5935) 2019-06-13 23:56:19 +02:00
Joel Kuzmarski 355bb7dc20 Update production-acls.html.md (#5959) 2019-06-13 10:03:22 -04:00
Paul Banks acfcc7daf4
Add rate limiting to RPCs sent within a server instance too (#5927) 2019-06-13 04:26:27 -05:00
Luke Kysow 3517e47ad1
Merge pull request #5948 from hashicorp/lkysow-patch-1
Update kubernetes-reference.html.md
2019-06-13 10:07:15 +01:00
Nicholas Jackson b915a5e9f3 Update questions issue template directing q's to the forum (#5957)
* Update questions issue template directing q's to the forum

* Update contributing guide to add link to forum
2019-06-12 09:07:44 -05:00
Judith Malnick c5d83536e5
Add a redirect for the K8s reference arch guide (#5949) 2019-06-11 10:28:52 -07:00
Luke Kysow e7d4dc6470
Update kubernetes-reference.html.md 2019-06-11 15:58:46 +01:00
John Cowen 3c80d244b9
Update CHANGELOG.md 2019-06-11 10:22:00 +01:00
John Cowen a41c13ae83
ui: Ensure Service Instance pages account for nodes (#5933)
Include node name in the URL for service instances
Integrate the node name slug into tests for service instance pages
2019-06-11 10:18:50 +01:00
Matt Keeler dcc7f67b3e
Remove vendoring of github.com/hashicorp/consul (#5943) 2019-06-10 09:19:37 -04:00
Paul Banks ffcfdf29fc
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872)
* Upgrade xDS (go-control-plane) API to support Envoy 1.10.

This includes backwards compatibility shim to work around the ext_authz package rename in 1.10.

It also adds integration test support in CI for 1.10.0.

* Fix go vet complaints

* go mod vendor

* Update Envoy version info in docs

* Update website/source/docs/connect/proxies/envoy.md
2019-06-07 07:10:43 -05:00
Hans Hasselberg 4d9116d759
connect: provide -admin-access-log-path for envoy (#5858) 2019-06-07 11:26:43 +02:00
John Cowen cef378bc9b
ui: Upgrade js-yaml (#5926) 2019-06-06 22:21:25 +01:00
Chris Marchesi b7b1d77139 website: fix Sentinel time-of-day policy (#5930)
The policy in the time-of-day Sentinel example incorrectly references
the top-level time.hour constant. This is actually the same as the
time.Hour Go value, so in other words, 3600000000000 (the int64 value
representing the time in nanoseconds).

This is corrected by just using time.now.hour instead.
2019-06-06 14:31:54 -06:00
Nitish Alluri f3ae605bcb docs: update default grpc-addr value in connect envoy command (#5886)
* Update envoy.html.md.erb
2019-06-06 10:37:29 +02:00
John Cowen 685b89bdec
ui: Adds ability to search by policy, role or service ident names (#5811) 2019-06-05 09:25:32 +01:00
Jack Pearkes 2587a32688
website: add azure storage options for enterprise (#5920)
This documents the additional backup target for
the snapshot agent.

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-06-04 20:40:22 -05:00
John Cowen 174fcb557f
UI: Test readonly ServiceIdentity rules (#5865) 2019-06-04 17:55:10 +01:00
kaitlincarter-hc 8fe230fbac
[docs] Enterprise Landing Page (#5804)
* Updating enterprise landing page to be more clear about the licensing process.

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Updating based on Matt's feedback
2019-06-04 11:01:46 -05:00
John Cowen 9013e53ebc
ui: Ensures nested policy forms are reset properly (#5838)
1. All {{ivy-codemirror}} components need 'refreshing' when they become
visible via our own `didAppear` method on the `{{code-editor}}`
component

(also see:)
- https://github.com/hashicorp/consul/pull/4190#discussion_r193270223
- 73db111db8 (r225264296)

2. On initial investigation, it looks like the component we are using
for the code editor doesn't distinguish between setting its `value`
programatically and a `keyup` event, i.e. an interaction from the user.
We currently pretend that whenever its `value` changes, it is a `keyup`
event. This means that when we reset the `value` to `""`
programmatically for form resetting purposes, a 'pretend keyup' event
would also be fired, which would in turn kick off the validation, which
would fail and show an error message for empty values in other fields of
the form - something that is perfectly valid if you haven't typed
anything yet. We solved this by checking for `isPristine` on fields that
are allowed to be empty before you have typed anything.
2019-06-04 15:57:35 +01:00
John Cowen 8306b2f251
ui: Replaces destroyRecord with unloadRecord for KV 404's (#5837)
Just because Consul gives us a 404 this doesn't guarantee the KV doesn't
exist, it doesn't even mean we don't have access to it. Furthermore we
should never destroyRecord's without user interaction (therefore only via the
repo.delete method).

This switches destroyRecord to unloadRecord which performs the
additional legwork to keep ember-data in sync with the actual truth.

unloadRecord unloads the record from ember-data rather than sending an API
delete request, which would have been the intent here.
2019-06-04 15:56:20 +01:00
John Cowen 75e221d256
ui: ACL Policies. Catch all server errors (#5836)
Always show any server errors under Rules, not just invalid HCL
2019-06-04 15:53:10 +01:00
Matt Keeler 5f7494137a
Update CHANGELOG.md 2019-06-04 10:03:50 -04:00
Pierre Souchay 4a4c63bda0 Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
Matt Keeler 2ba6c3ac00
Update links to envoy docs on xDS protocol (#5871) 2019-06-03 11:03:05 -05:00
Matt Keeler 57e1136b7e
Fix acl.enable_key_list to be acl.enable_key_list_policy in docs (#5907) 2019-06-03 09:31:02 -05:00
John Cowen 9ca416a7f5
ui: Upgrade fstream (#5912)
Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12.
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](npm/fstream@v1.0.11...v1.0.12)
2019-06-03 11:08:40 +01:00
R.B. Boyer 58c0c101af update changelog 2019-05-24 13:38:00 -05:00
R.B. Boyer 40336fd353
agent: fix several data races and bugs related to node-local alias checks (#5876)
The observed bug was that a full restart of a consul datacenter (servers
and clients) in conjunction with a restart of a connect-flavored
application with bring-your-own-service-registration logic would very
frequently cause the envoy sidecar service check to never reflect the
aliased service.

Over the course of investigation several bugs and unfortunate
interactions were corrected:

(1)

local.CheckState objects were only shallow copied, but the key piece of
data that gets read and updated is one of the things not copied (the
underlying Check with a Status field). When the stock code was run with
the race detector enabled this highly-relevant-to-the-test-scenario field
was found to be racy.

Changes:

 a) update the existing Clone method to include the Check field
 b) copy-on-write when those fields need to change rather than
    incrementally updating them in place.

This made the observed behavior occur slightly less often.

(2)

If anything about how the runLocal method for node-local alias check
logic was ever flawed, there was no fallback option. Those checks are
purely edge-triggered and failure to properly notice a single edge
transition would leave the alias check incorrect until the next flap of
the aliased check.

The change was to introduce a fallback timer to act as a control loop to
double check the alias check matches the aliased check every minute
(borrowing the duration from the non-local alias check logic body).

This made the observed behavior eventually go away when it did occur.

(3)

Originally I thought there were two main actions involved in the data race:

A. The act of adding the original check (from disk recovery) and its
   first health evaluation.

B. The act of the HTTP API requests coming in and resetting the local
   state when re-registering the same services and checks.

It took awhile for me to realize that there's a third action at work:

C. The goroutines associated with the original check and the later
   checks.

The actual sequence of actions that was causing the bad behavior was
that the API actions result in the original check to be removed and
re-added _without waiting for the original goroutine to terminate_. This
means for brief windows of time during check definition edits there are
two goroutines that can be sending updates for the alias check status.

In extremely unlikely scenarios the original goroutine sees the aliased
check start up in `critical` before being removed but does not get the
notification about the nearly immediate update of that check to
`passing`.

This is interlaced wit the new goroutine coming up, initializing its
base case to `passing` from the current state and then listening for new
notifications of edge triggers.

If the original goroutine "finishes" its update, it then commits one
more write into the local state of `critical` and exits leaving the
alias check no longer reflecting the underlying check.

The correction here is to enforce that the old goroutines must terminate
before spawning the new one for alias checks.
2019-05-24 13:36:56 -05:00
Freddy 6b31482333
Increase reliability of TestResetSessionTimerLocked_Renew 2019-05-24 13:54:51 -04:00
Hans Hasselberg 27f05b16a0
Update CHANGELOG.md 2019-05-24 16:51:44 +02:00
Pierre Souchay e892981418 agent: Improve startup message to avoid confusing users when no error occurs (#5896)
* Improve startup message to avoid confusing users when no error occurs

Several times, some users not very familiar with Consul get confused
by error message at startup:

  `[INFO] agent: (LAN) joined: 1 Err: <nil>`

Having `Err: <nil>` seems weird to many users, I propose to have the
following instead:

* Success: `[INFO] agent: (LAN) joined: 1`
* Error:   `[WARN] agent: (LAN) couldn't join: %d Err: ERROR`
2019-05-24 16:50:18 +02:00
Freddy 17e74985b0
Run TestServer_Expect on its own (#5890) 2019-05-23 19:52:33 -04:00
Freddy 6c19cacd42
Flaky test: ACLReplication_Tokens (#5891)
* Exclude non-go workflows while testing

* Wait for s2 global-management policy

* Revert "Exclude non-go workflows while testing"

This reverts commit 47a83cbe9f.
2019-05-23 19:52:02 -04:00
Freddy d4ea163b0b
Add retries to StatsFetcherTest (#5892) 2019-05-23 19:51:31 -04:00