Pierre Souchay
dd9efb755a
Fixed minor typo in comments
...
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
Guido Iaquinti
8cd11d5888
Add package name to log output
2018-03-21 15:56:14 +00:00
Jack Pearkes
559d35156a
Merge pull request #3929 from sryabkov/patch-1
...
Highlighting the dead link in documentation
2018-03-19 16:00:32 -07:00
Paul Banks
7a90a44a71
Note TLS cipher suite support changes
2018-03-19 21:51:14 +00:00
Josh Soref
94835a2715
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
Paul Banks
8871ad130d
Merge pull request #3961 from canterberry/docs/tls-cipher-suites
...
📝 Clarify the list of supported TLS cipher suites
2018-03-19 16:51:14 +00:00
Paul Banks
37c07b3cac
Use master
2018-03-19 16:50:52 +00:00
Paul Banks
a8f7681c70
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
...
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
Paul Banks
9e4b10ab6f
Merge pull request #3966 from hashicorp/docs-ui-acls
...
website: add UI section to ACL guide
2018-03-19 16:40:50 +00:00
Pierre Souchay
b6914617d9
Fixed typo in comments
2018-03-19 17:12:08 +01:00
Pierre Souchay
5e974843f1
Refactoring to have clearer code without weird bool
2018-03-19 16:12:54 +01:00
Pierre Souchay
a44b9e84b1
[BUGFIX] When a node level check is removed, ensure all services of node are notified
...
Bugfix for https://github.com/hashicorp/consul/pull/3899
When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.
If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Preetha Appan
da2d5304cb
Update CHANGELOG
2018-03-16 09:39:00 -05:00
Preetha Appan
2eed7766a8
cleanup unit test code a bit
2018-03-16 09:36:57 -05:00
Preetha
c87699abf2
Merge pull request #3885 from eddsteel/support-options-requests
...
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry
2187ab1e1c
🎨 Formatting changes only; convert leading space to tabs
2018-03-15 10:30:38 -07:00
Devin Canterberry
961aea97fe
📝 Prefer brevity at the cost of some ambiguity
2018-03-15 10:25:27 -07:00
Devin Canterberry
7236c95e11
✅ Match expectation of TLSCipherSuites to values of tls_cipher_suites
2018-03-15 10:19:46 -07:00
Devin Canterberry
a61abcd931
🐛 Formatting changes only; add missing trailing commas
2018-03-15 10:19:46 -07:00
Devin Canterberry
c901307a47
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
Devin Canterberry
1db58de366
⤵️ Merge from `master`; no conflicts
2018-03-15 09:13:01 -07:00
Jack Pearkes
6fb94ff40a
website: clarify where ACL token is set in the UI
2018-03-14 16:50:04 -07:00
Jack Pearkes
c66628a06f
website: add section on securing the UI with ACLs
...
Figured it would be worth documenting due to #3931 .
2018-03-14 16:46:04 -07:00
Paul Banks
844a5fe8c0
Call out the service-watch upgrade notice
2018-03-14 11:03:21 +00:00
Jack Pearkes
652e821511
Merge pull request #3884 from rberlind/master
...
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes
101e1d030e
Merge pull request #3952 from slopeinsb/patch-1
...
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes
4bddecb195
Update CHANGELOG.md
2018-03-13 15:32:37 -07:00
Devin Canterberry
84d650cc4a
📝 Clarify the list of supported TLS cipher suites
...
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha
3ed071b4a6
Merge pull request #3946 from hashicorp/je.fixes
...
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson
3b1a2af8f1
Update index.html.md
...
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay
aebfcb6767
Fixed minor typo (+ travis tests is unstable)
2018-03-09 18:42:13 +01:00
Pierre Souchay
93fa1f6f49
Optimize size for SRV records, should improve performance a bit
...
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan
0e3c41738d
Update CHANGELOG.md
2018-03-09 07:37:57 -06:00
Preetha
210cfe5ef9
Merge pull request #3940 from pierresouchay/dns_max_size
...
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha
251cdb9c24
Some tweaks to the documentation for a_record_limit
2018-03-08 11:23:07 -06:00
Pierre Souchay
57310a6446
Updated documentation as requested by @preetapan
2018-03-08 18:02:40 +01:00
Pierre Souchay
d0e45f22df
Fixed wrong format of debug msg in unit test
2018-03-08 00:36:17 +01:00
Pierre Souchay
ce3f47a75d
Performance optimization for services having more than 2k records
2018-03-08 00:26:41 +01:00
Pierre Souchay
7d59249d96
Avoid issue with compression of DNS messages causing overflow
2018-03-07 23:33:41 +01:00
Pierre Souchay
419bf29041
Cleaner Unit tests from suggestions from @preetapan
2018-03-07 18:24:41 +01:00
Pierre Souchay
b77fd5ce9d
64000 max limit to DNS messages since there is overhead
...
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay
be39fb20cc
[BUGFIX] do not break when TCP DNS answer exceeds 64k
...
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).
Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante
760b4ff72f
update to latest middleman-hashicorp
...
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante
f9a41e290d
First instance of 'Consul' on homepage -> 'HashiCorp Consul'
2018-03-06 16:37:47 -05:00
Mitchell Hashimoto
fb9b018128
Merge pull request #3944 from hashicorp/f-testify
...
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto
8217564c48
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
Pierre Souchay
0b7f620dc6
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel
41b1d45cc7
Re-use defined endpoints for tests
2018-03-03 11:19:18 -08:00
Sergei Ryabkov
82d195b695
Highlighting the dead link
...
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives ). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
Paul Banks
257ad520f2
Merge pull request #3928 from hashicorp/service-token-docs
...
Notes on ACL token storage and permissions
2018-03-02 16:28:56 +00:00