consul

package
v1.6.10 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2020 License: MPL-2.0 Imports: 69 Imported by: 162

Documentation

Overview

The snapshot endpoint is a special non-RPC endpoint that supports streaming for taking and restoring snapshots for disaster recovery. This gets wired directly into Consul's stream handler, and a new TCP connection is made for each request.

This also includes a SnapshotRPC() function, which acts as a lightweight client that knows the details of the stream protocol.

Index

Constants

View Source
const (
	DefaultDC          = "dc1"
	DefaultRPCPort     = 8300
	DefaultLANSerfPort = 8301
	DefaultWANSerfPort = 8302

	// DefaultRaftMultiplier is used as a baseline Raft configuration that
	// will be reliable on a very basic server. See docs/install/performance.html
	// for information on how this value was obtained.
	DefaultRaftMultiplier uint = 5

	// MaxRaftMultiplier is a fairly arbitrary upper bound that limits the
	// amount of performance detuning that's possible.
	MaxRaftMultiplier uint = 10
)
View Source
const (
	ProtocolVersionMin uint8 = 2

	// Version 3 added support for network coordinates but we kept the
	// default protocol version at 2 to ease the transition to this new
	// feature. A Consul agent speaking version 2 of the protocol will
	// attempt to send its coordinates to a server who understands version
	// 3 or greater.
	ProtocolVersion2Compatible = 2

	ProtocolVersionMax = 3
)

These are the protocol versions that Consul can _understand_. These are Consul-level protocol versions, that are used to configure the Serf protocol versions.

View Source
const (
	// StatusReap is used to update the status of a node if we
	// are handling a EventMemberReap
	StatusReap = serf.MemberStatus(-1)
)

Variables

View Source
var (
	// Err strings. net/rpc doesn't have a way to transport typed/rich errors so
	// we currently rely on sniffing the error string in a few cases where we need
	// to change client behavior. These are the canonical error strings to use.
	// Note though that client code can't use `err == consul.Err*` directly since
	// the error returned by RPC will be a plain error.errorString created by
	// net/rpc client so will not be the same _instance_ that this package
	// variable points to. Clients need to compare using `err.Error() ==
	// consul.ErrRateLimited.Error()` which is very sad. Short of replacing our
	// RPC mechanism it's hard to know how to make that much better though.
	ErrConnectNotEnabled    = errors.New("Connect must be enabled in order to use this endpoint")
	ErrRateLimited          = errors.New("Rate limit reached, try again later")
	ErrNotPrimaryDatacenter = errors.New("not the primary datacenter")
)
View Source
var (
	DefaultRPCAddr = &net.TCPAddr{IP: net.ParseIP("0.0.0.0"), Port: DefaultRPCPort}
)
View Source
var (
	ErrAutoEncryptAllowTLSNotEnabled = errors.New("AutoEncrypt.AllowTLS must be enabled in order to use this endpoint")
)
View Source
var (
	ErrChunkingResubmit = errors.New("please resubmit call for rechunking")
)
View Source
var (
	// ErrIntentionNotFound is returned if the intention lookup failed.
	ErrIntentionNotFound = errors.New("Intention not found")
)
View Source
var (
	// ErrQueryNotFound is returned if the query lookup failed.
	ErrQueryNotFound = errors.New("Query not found")
)
View Source
var (
	ErrWANFederationDisabled = fmt.Errorf("WAN Federation is disabled")
)

Functions

func CanServersUnderstandProtocol

func CanServersUnderstandProtocol(members []serf.Member, version uint8) (bool, error)

CanServersUnderstandProtocol checks to see if all the servers in the given list understand the given protocol version. If there are no servers in the list then this will return false.

func FilterDirEnt

func FilterDirEnt(authorizer acl.Authorizer, ent structs.DirEntries) structs.DirEntries

FilterDirEnt is used to filter a list of directory entries by applying an ACL policy

func FilterEntries

func FilterEntries(f Filter) int

FilterEntries is used to do an inplace filter of a slice. This has cost proportional to the list length.

func FilterKeys

func FilterKeys(authorizer acl.Authorizer, keys []string) []string

FilterKeys is used to filter a list of keys by applying an ACL policy

func FilterTxnResults

func FilterTxnResults(authorizer acl.Authorizer, results structs.TxnResults) structs.TxnResults

FilterTxnResults is used to filter a list of transaction results by applying an ACL policy.

func GetPrivateIP

func GetPrivateIP() (net.IP, error)

GetPrivateIP is used to return the first private IP address associated with an interface on the machine

func GetPublicIPv6

func GetPublicIPv6() (net.IP, error)

GetPublicIPv6 is used to return the first public IP address associated with an interface on the machine

func InterpolateHIL added in v1.5.0

func InterpolateHIL(s string, vars map[string]string) (string, error)

InterpolateHIL processes the string as if it were HIL and interpolates only the provided string->string map as possible variables.

func IsACLRemoteError added in v1.4.0

func IsACLRemoteError(err error) bool

func ServersGetACLMode added in v1.4.0

func ServersGetACLMode(provider checkServersProvider, leaderAddr string, datacenter string) (found bool, mode structs.ACLMode, leaderMode structs.ACLMode)

ServersGetACLMode checks all the servers in a particular datacenter and determines what the minimum ACL mode amongst them is and what the leaders ACL mode is. The "found" return value indicates whether there were any servers considered in this datacenter. If that is false then the other mode return values are meaningless as they will be ACLModeEnabled and ACLModeUnkown respectively.

func ServersInDCMeetMinimumVersion added in v1.6.0

func ServersInDCMeetMinimumVersion(provider checkServersProvider, datacenter string, minVersion *version.Version) (ok bool, found bool)

ServersInDCMeetMinimumVersion returns whether the given alive servers from a particular datacenter are at least on the given Consul version. This also returns whether any alive or failed servers are known in that datacenter (ignoring left and leaving ones)

func ServersInDCMeetRequirements added in v1.6.5

func ServersInDCMeetRequirements(provider checkServersProvider, datacenter string, meetsRequirements serverRequirementFn) (ok bool, found bool)

ServersInDCMeetRequirements returns whether the given server members meet the requirements as defined by the callback function and whether at least one server remains unfiltered by the requirements function.

func SnapshotRPC

func SnapshotRPC(connPool *pool.ConnPool, dc string, addr net.Addr, useTLS bool,
	args *structs.SnapshotRequest, in io.Reader, reply *structs.SnapshotResponse) (io.ReadCloser, error)

SnapshotRPC is a streaming client function for performing a snapshot RPC request to a remote server. It will create a fresh connection for each request, send the request header, and then stream in any data from the reader (for a restore). It will then parse the received response header, and if there's no error will return an io.ReadCloser (that you must close) with the streaming output (for a snapshot). If the reply contains an error, this will always return an error as well, so you don't need to check the error inside the filled-in reply.

Types

type ACL

type ACL struct {
	// contains filtered or unexported fields
}

ACL endpoint is used to manipulate ACLs

func (*ACL) Apply

func (a *ACL) Apply(args *structs.ACLRequest, reply *string) error

Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data

func (*ACL) AuthMethodDelete added in v1.5.0

func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *bool) error

func (*ACL) AuthMethodList added in v1.5.0

func (*ACL) AuthMethodRead added in v1.5.0

func (a *ACL) AuthMethodRead(args *structs.ACLAuthMethodGetRequest, reply *structs.ACLAuthMethodResponse) error

func (*ACL) AuthMethodSet added in v1.5.0

func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *structs.ACLAuthMethod) error

func (*ACL) BindingRuleDelete added in v1.5.0

func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply *bool) error

func (*ACL) BindingRuleList added in v1.5.0

func (*ACL) BindingRuleRead added in v1.5.0

func (a *ACL) BindingRuleRead(args *structs.ACLBindingRuleGetRequest, reply *structs.ACLBindingRuleResponse) error

func (*ACL) BindingRuleSet added in v1.5.0

func (a *ACL) BindingRuleSet(args *structs.ACLBindingRuleSetRequest, reply *structs.ACLBindingRule) error

func (*ACL) Bootstrap added in v0.9.1

func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) error

Bootstrap is used to perform a one-time ACL bootstrap operation on a cluster to get the first management token.

func (*ACL) BootstrapTokens added in v1.4.0

func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.ACLToken) error

Bootstrap is used to perform a one-time ACL bootstrap operation on a cluster to get the first management token.

func (*ACL) Get

func (a *ACL) Get(args *structs.ACLSpecificRequest,
	reply *structs.IndexedACLs) error

Get is used to retrieve a single ACL

func (*ACL) GetPolicy

GetPolicy is used to retrieve a compiled policy object with a TTL. Does not support a blocking query.

func (*ACL) List

func (a *ACL) List(args *structs.DCSpecificRequest,
	reply *structs.IndexedACLs) error

List is used to list all the ACLs

func (*ACL) Login added in v1.5.0

func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) error

func (*ACL) Logout added in v1.5.0

func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error

func (*ACL) PolicyBatchRead added in v1.4.0

func (a *ACL) PolicyBatchRead(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error

func (*ACL) PolicyDelete added in v1.4.0

func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) error

func (*ACL) PolicyList added in v1.4.0

func (a *ACL) PolicyList(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error

func (*ACL) PolicyRead added in v1.4.0

func (a *ACL) PolicyRead(args *structs.ACLPolicyGetRequest, reply *structs.ACLPolicyResponse) error

func (*ACL) PolicyResolve added in v1.4.0

func (a *ACL) PolicyResolve(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error

PolicyResolve is used to retrieve a subset of the policies associated with a given token The policy ids in the args simply act as a filter on the policy set assigned to the token

func (*ACL) PolicySet added in v1.4.0

func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPolicy) error

func (*ACL) ReplicationStatus

func (a *ACL) ReplicationStatus(args *structs.DCSpecificRequest,
	reply *structs.ACLReplicationStatus) error

ReplicationStatus is used to retrieve the current ACL replication status.

func (*ACL) RoleBatchRead added in v1.5.0

func (a *ACL) RoleBatchRead(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error

func (*ACL) RoleDelete added in v1.5.0

func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) error

func (*ACL) RoleList added in v1.5.0

func (a *ACL) RoleList(args *structs.ACLRoleListRequest, reply *structs.ACLRoleListResponse) error

func (*ACL) RoleRead added in v1.5.0

func (a *ACL) RoleRead(args *structs.ACLRoleGetRequest, reply *structs.ACLRoleResponse) error

func (*ACL) RoleResolve added in v1.5.0

func (a *ACL) RoleResolve(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error

RoleResolve is used to retrieve a subset of the roles associated with a given token The role ids in the args simply act as a filter on the role set assigned to the token

func (*ACL) RoleSet added in v1.5.0

func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) error

func (*ACL) TokenBatchRead added in v1.4.0

func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *structs.ACLTokenBatchResponse) error

func (*ACL) TokenClone added in v1.4.0

func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error

func (*ACL) TokenDelete added in v1.4.0

func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) error

func (*ACL) TokenList added in v1.4.0

func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error

func (*ACL) TokenRead added in v1.4.0

func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLTokenResponse) error

func (*ACL) TokenSet added in v1.4.0

func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error

type ACLRemoteError added in v1.4.0

type ACLRemoteError struct {
	Err error
}

func (ACLRemoteError) Error added in v1.4.0

func (e ACLRemoteError) Error() string

type ACLResolver added in v1.4.0

type ACLResolver struct {
	// contains filtered or unexported fields
}

ACLResolver is the type to handle all your token and policy resolution needs.

Supports:

  • Resolving tokens locally via the ACLResolverDelegate
  • Resolving policies locally via the ACLResolverDelegate
  • Resolving roles locally via the ACLResolverDelegate
  • Resolving legacy tokens remotely via a ACL.GetPolicy RPC
  • Resolving tokens remotely via an ACL.TokenRead RPC
  • Resolving policies remotely via an ACL.PolicyResolve RPC
  • Resolving roles remotely via an ACL.RoleResolve RPC

Remote Resolution:

Remote resolution can be done synchronously or asynchronously depending
on the ACLDownPolicy in the Config passed to the resolver.

When the down policy is set to async-cache and we have already cached values
then go routines will be spawned to perform the RPCs in the background
and then will update the cache with either the positive or negative result.

When the down policy is set to extend-cache or the token/policy/role is not already
cached then the same go routines are spawned to do the RPCs in the background.
However in this mode channels are created to receive the results of the RPC
and are registered with the resolver. Those channels are immediately read/blocked
upon.

func NewACLResolver added in v1.4.0

func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error)

func (*ACLResolver) ACLsEnabled added in v1.4.0

func (r *ACLResolver) ACLsEnabled() bool

func (*ACLResolver) GetMergedPolicyForToken added in v1.4.0

func (r *ACLResolver) GetMergedPolicyForToken(token string) (structs.ACLIdentity, *acl.Policy, error)

func (*ACLResolver) ResolveToken added in v1.4.0

func (r *ACLResolver) ResolveToken(token string) (acl.Authorizer, error)

type ACLResolverConfig added in v1.4.0

type ACLResolverConfig struct {
	Config *Config
	Logger *log.Logger

	// CacheConfig is a pass through configuration for ACL cache limits
	CacheConfig *structs.ACLCachesConfig

	// Delegate that implements some helper functionality that is server/client specific
	Delegate ACLResolverDelegate

	// AutoDisable indicates that RPC responses should be checked and if they indicate ACLs are disabled
	// remotely then disable them locally as well. This is particularly useful for the client agent
	// so that it can detect when the servers have gotten ACLs enabled.
	AutoDisable bool

	Sentinel sentinel.Evaluator
}

ACLResolverConfig holds all the configuration necessary to create an ACLResolver

type ACLResolverDelegate added in v1.4.0

type ACLResolverDelegate interface {
	ACLsEnabled() bool
	ACLDatacenter(legacy bool) string
	UseLegacyACLs() bool
	ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)
	ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)
	ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)
	RPC(method string, args interface{}, reply interface{}) error
}

type AutoEncrypt added in v1.5.2

type AutoEncrypt struct {
	// contains filtered or unexported fields
}

func (*AutoEncrypt) Sign added in v1.5.2

func (a *AutoEncrypt) Sign(
	args *structs.CASignRequest,
	reply *structs.SignedResponse) error

Sign signs a certificate for an agent.

type AutopilotDelegate added in v1.0.3

type AutopilotDelegate struct {
	// contains filtered or unexported fields
}

AutopilotDelegate is a Consul delegate for autopilot operations.

func (*AutopilotDelegate) AutopilotConfig added in v1.0.3

func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config

func (*AutopilotDelegate) FetchStats added in v1.0.3

func (d *AutopilotDelegate) FetchStats(ctx context.Context, servers []serf.Member) map[string]*autopilot.ServerStats

func (*AutopilotDelegate) IsServer added in v1.0.3

func (*AutopilotDelegate) NotifyHealth added in v1.0.3

func (d *AutopilotDelegate) NotifyHealth(health autopilot.OperatorHealthReply)

Heartbeat a metric for monitoring if we're the leader

func (*AutopilotDelegate) PromoteNonVoters added in v1.0.3

func (d *AutopilotDelegate) PromoteNonVoters(conf *autopilot.Config, health autopilot.OperatorHealthReply) ([]raft.Server, error)

func (*AutopilotDelegate) Raft added in v1.0.3

func (d *AutopilotDelegate) Raft() *raft.Raft

func (*AutopilotDelegate) SerfLAN added in v1.5.3

func (d *AutopilotDelegate) SerfLAN() *serf.Serf

func (*AutopilotDelegate) SerfWAN added in v1.5.3

func (d *AutopilotDelegate) SerfWAN() *serf.Serf

type Catalog

type Catalog struct {
	// contains filtered or unexported fields
}

Catalog endpoint is used to manipulate the service catalog

func (*Catalog) Deregister

func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) error

Deregister is used to remove a service registration for a given node.

func (*Catalog) ListDatacenters

func (c *Catalog) ListDatacenters(args *structs.DatacentersRequest, reply *[]string) error

ListDatacenters is used to query for the list of known datacenters

func (*Catalog) ListNodes

func (c *Catalog) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedNodes) error

ListNodes is used to query the nodes in a DC

func (*Catalog) ListServices

func (c *Catalog) ListServices(args *structs.DCSpecificRequest, reply *structs.IndexedServices) error

ListServices is used to query the services in a DC

func (*Catalog) NodeServices

func (c *Catalog) NodeServices(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServices) error

NodeServices returns all the services registered as part of a node

func (*Catalog) Register

func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error

Register is used register that a node is providing a given service.

func (*Catalog) ServiceNodes

func (c *Catalog) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceNodes) error

ServiceNodes returns all the nodes registered as part of a service

type Client

type Client struct {

	// embedded struct to hold all the enterprise specific data
	EnterpriseClient
	// contains filtered or unexported fields
}

Client is Consul client which uses RPC to communicate with the services for service discovery, health checking, and DC forwarding.

func NewClient

func NewClient(config *Config) (*Client, error)

NewClient is used to construct a new Consul client from the configuration, potentially returning an error. NewClient only used to help setting up a client for testing. Normal code exercises NewClientLogger.

func NewClientLogger

func NewClientLogger(config *Config, logger *log.Logger, tlsConfigurator *tlsutil.Configurator) (*Client, error)

func (*Client) ACLDatacenter added in v1.4.0

func (c *Client) ACLDatacenter(legacy bool) string

func (*Client) ACLsEnabled added in v1.4.0

func (c *Client) ACLsEnabled() bool

func (*Client) CheckServers added in v1.6.5

func (c *Client) CheckServers(datacenter string, fn func(*metadata.Server) bool)

CheckServers implements the checkServersProvider interface for the Client

func (*Client) Encrypted

func (c *Client) Encrypted() bool

Encrypted determines if gossip is encrypted

func (*Client) GetLANCoordinate

func (c *Client) GetLANCoordinate() (lib.CoordinateSet, error)

GetLANCoordinate returns the network coordinate of the current node, as maintained by Serf.

func (*Client) JoinLAN

func (c *Client) JoinLAN(addrs []string) (int, error)

JoinLAN is used to have Consul client join the inner-DC pool The target address should be another node inside the DC listening on the Serf LAN address

func (*Client) KeyManagerLAN

func (c *Client) KeyManagerLAN() *serf.KeyManager

KeyManagerLAN returns the LAN Serf keyring manager

func (*Client) LANMembers

func (c *Client) LANMembers() []serf.Member

LANMembers is used to return the members of the LAN cluster

func (*Client) LANMembersAllSegments added in v0.9.3

func (c *Client) LANMembersAllSegments() ([]serf.Member, error)

LANMembersAllSegments returns members from all segments.

func (*Client) LANSegmentMembers added in v0.9.3

func (c *Client) LANSegmentMembers(segment string) ([]serf.Member, error)

LANSegmentMembers only returns our own segment's members, because clients can't be in multiple segments.

func (*Client) Leave

func (c *Client) Leave() error

Leave is used to prepare for a graceful shutdown

func (*Client) LocalMember

func (c *Client) LocalMember() serf.Member

LocalMember is used to return the local node

func (*Client) RPC

func (c *Client) RPC(method string, args interface{}, reply interface{}) error

RPC is used to forward an RPC call to a consul server, or fail if no servers

func (*Client) ReloadConfig added in v1.2.0

func (c *Client) ReloadConfig(config *Config) error

ReloadConfig is used to have the Client do an online reload of relevant configuration information

func (*Client) RemoveFailedNode

func (c *Client) RemoveFailedNode(node string, prune bool) error

RemoveFailedNode is used to remove a failed node from the cluster

func (*Client) RequestAutoEncryptCerts added in v1.5.2

func (c *Client) RequestAutoEncryptCerts(servers []string, port int, token string, interruptCh chan struct{}) (*structs.SignedResponse, string, error)

func (*Client) ResolveIdentityFromToken added in v1.4.0

func (c *Client) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)

func (*Client) ResolvePolicyFromID added in v1.4.0

func (c *Client) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)

func (*Client) ResolveRoleFromID added in v1.5.0

func (c *Client) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)

func (*Client) ResolveToken added in v1.4.0

func (c *Client) ResolveToken(token string) (acl.Authorizer, error)

func (*Client) Shutdown

func (c *Client) Shutdown() error

Shutdown is used to shutdown the client

func (*Client) SnapshotRPC

func (c *Client) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer,
	replyFn structs.SnapshotReplyFn) error

SnapshotRPC sends the snapshot request to one of the servers, reading from the streaming input and writing to the streaming output depending on the operation.

func (*Client) Stats

func (c *Client) Stats() map[string]map[string]string

Stats is used to return statistics for debugging and insight for various sub-systems

func (*Client) UseLegacyACLs added in v1.4.0

func (c *Client) UseLegacyACLs() bool

type Config

type Config struct {
	// Bootstrap mode is used to bring up the first Consul server.
	// It is required so that it can elect a leader without any
	// other nodes being present
	Bootstrap bool

	// BootstrapExpect mode is used to automatically bring up a collection of
	// Consul servers. This can be used to automatically bring up a collection
	// of nodes.
	BootstrapExpect int

	// Datacenter is the datacenter this Consul server represents.
	Datacenter string

	// PrimaryDatacenter is the authoritative datacenter for features like ACLs
	// and Connect.
	PrimaryDatacenter string

	// DataDir is the directory to store our state in.
	DataDir string

	// DevMode is used to enable a development server mode.
	DevMode bool

	// NodeID is a unique identifier for this node across space and time.
	NodeID types.NodeID

	// Node name is the name we use to advertise. Defaults to hostname.
	NodeName string

	// Domain is the DNS domain for the records. Defaults to "consul."
	Domain string

	// RaftConfig is the configuration used for Raft in the local DC
	RaftConfig *raft.Config

	// (Enterprise-only) NonVoter is used to prevent this server from being added
	// as a voting member of the Raft cluster.
	NonVoter bool

	// NotifyListen is called after the RPC listener has been configured.
	// RPCAdvertise will be set to the listener address if it hasn't been
	// configured at this point.
	NotifyListen func()

	// NotifyShutdown is called after Server is completely Shutdown.
	NotifyShutdown func()

	// RPCAddr is the RPC address used by Consul. This should be reachable
	// by the WAN and LAN
	RPCAddr *net.TCPAddr

	// RPCAdvertise is the address that is advertised to other nodes for
	// the RPC endpoint. This can differ from the RPC address, if for example
	// the RPCAddr is unspecified "0.0.0.0:8300", but this address must be
	// reachable. If RPCAdvertise is nil then it will be set to the Listener
	// address after the listening socket is configured.
	RPCAdvertise *net.TCPAddr

	// RPCSrcAddr is the source address for outgoing RPC connections.
	RPCSrcAddr *net.TCPAddr

	// (Enterprise-only) The network segment this agent is part of.
	Segment string

	// (Enterprise-only) Segments is a list of network segments for a server to
	// bind on.
	Segments []NetworkSegment

	// SerfLANConfig is the configuration for the intra-dc serf
	SerfLANConfig *serf.Config

	// SerfWANConfig is the configuration for the cross-dc serf
	SerfWANConfig *serf.Config

	// SerfFloodInterval controls how often we attempt to flood local Serf
	// Consul servers into the global areas (WAN and user-defined areas in
	// Consul Enterprise).
	SerfFloodInterval time.Duration

	// ReconcileInterval controls how often we reconcile the strongly
	// consistent store with the Serf info. This is used to handle nodes
	// that are force removed, as well as intermittent unavailability during
	// leader election.
	ReconcileInterval time.Duration

	// LogLevel is the level of the logs to write. Defaults to "INFO".
	LogLevel string

	// LogOutput is the location to write logs to. If this is not set,
	// logs will go to stderr.
	LogOutput io.Writer

	// ProtocolVersion is the protocol version to speak. This must be between
	// ProtocolVersionMin and ProtocolVersionMax.
	ProtocolVersion uint8

	// VerifyIncoming is used to verify the authenticity of incoming connections.
	// This means that TCP requests are forbidden, only allowing for TLS. TLS connections
	// must match a provided certificate authority. This can be used to force client auth.
	VerifyIncoming bool

	// VerifyOutgoing is used to force verification of the authenticity of outgoing connections.
	// This means that TLS requests are used, and TCP requests are not made. TLS connections
	// must match a provided certificate authority.
	VerifyOutgoing bool

	// UseTLS is used to enable TLS for outgoing connections to other TLS-capable Consul
	// servers. This doesn't imply any verification, it only enables TLS if possible.
	UseTLS bool

	// VerifyServerHostname is used to enable hostname verification of servers. This
	// ensures that the certificate presented is valid for server.<datacenter>.<domain>.
	// This prevents a compromised client from being restarted as a server, and then
	// intercepting request traffic as well as being added as a raft peer. This should be
	// enabled by default with VerifyOutgoing, but for legacy reasons we cannot break
	// existing clients.
	VerifyServerHostname bool

	// CAFile is a path to a certificate authority file. This is used with VerifyIncoming
	// or VerifyOutgoing to verify the TLS connection.
	CAFile string

	// CAPath is a path to a directory of certificate authority files. This is used with
	// VerifyIncoming or VerifyOutgoing to verify the TLS connection.
	CAPath string

	// CertFile is used to provide a TLS certificate that is used for serving TLS connections.
	// Must be provided to serve TLS connections.
	CertFile string

	// KeyFile is used to provide a TLS key that is used for serving TLS connections.
	// Must be provided to serve TLS connections.
	KeyFile string

	// ServerName is used with the TLS certificate to ensure the name we
	// provide matches the certificate
	ServerName string

	// TLSMinVersion is used to set the minimum TLS version used for TLS connections.
	TLSMinVersion string

	// TLSCipherSuites is used to specify the list of supported ciphersuites.
	TLSCipherSuites []uint16

	// TLSPreferServerCipherSuites specifies whether to prefer the server's ciphersuite
	// over the client ciphersuites.
	TLSPreferServerCipherSuites bool

	// RejoinAfterLeave controls our interaction with Serf.
	// When set to false (default), a leave causes a Consul to not rejoin
	// the cluster until an explicit join is received. If this is set to
	// true, we ignore the leave, and rejoin the cluster on start.
	RejoinAfterLeave bool

	// Build is a string that is gossiped around, and can be used to help
	// operators track which versions are actively deployed
	Build string

	// ACLEnabled is used to enable ACLs
	ACLsEnabled bool

	// ACLEnforceVersion8 is used to gate a set of ACL policy features that
	// are opt-in prior to Consul 0.8 and opt-out in Consul 0.8 and later.
	ACLEnforceVersion8 bool

	// ACLMasterToken is used to bootstrap the ACL system. It should be specified
	// on the servers in the ACLDatacenter. When the leader comes online, it ensures
	// that the Master token is available. This provides the initial token.
	ACLMasterToken string

	// ACLDatacenter provides the authoritative datacenter for ACL
	// tokens. If not provided, ACL verification is disabled.
	ACLDatacenter string

	// ACLTokenTTL controls the time-to-live of cached ACL tokens.
	// It can be set to zero to disable caching, but this adds
	// a substantial cost.
	ACLTokenTTL time.Duration

	// ACLPolicyTTL controls the time-to-live of cached ACL policies.
	// It can be set to zero to disable caching, but this adds
	// a substantial cost.
	ACLPolicyTTL time.Duration

	// ACLRoleTTL controls the time-to-live of cached ACL roles.
	// It can be set to zero to disable caching, but this adds
	// a substantial cost.
	ACLRoleTTL time.Duration

	// ACLDisabledTTL is the time between checking if ACLs should be
	// enabled. This
	ACLDisabledTTL time.Duration

	// ACLTokenReplication is used to enabled token replication.
	//
	// By default policy-only replication is enabled. When token
	// replication is off and the primary datacenter is not
	// yet upgraded to the new ACLs no replication will be performed
	ACLTokenReplication bool

	// ACLDefaultPolicy is used to control the ACL interaction when
	// there is no defined policy. This can be "allow" which means
	// ACLs are used to black-list, or "deny" which means ACLs are
	// white-lists.
	ACLDefaultPolicy string

	// ACLDownPolicy controls the behavior of ACLs if the ACLDatacenter
	// cannot be contacted. It can be either "deny" to deny all requests,
	// "extend-cache" or "async-cache" which ignores the ACLCacheInterval and
	// uses cached policies.
	// If a policy is not in the cache, it acts like deny.
	// "allow" can be used to allow all requests. This is not recommended.
	ACLDownPolicy string

	// ACLReplicationRate is the max number of replication rounds that can
	// be run per second. Note that either 1 or 2 RPCs are used during each replication
	// round
	ACLReplicationRate int

	// ACLReplicationBurst is how many replication RPCs can be bursted after a
	// period of idleness
	ACLReplicationBurst int

	// ACLReplicationApplyLimit is the max number of replication-related
	// apply operations that we allow during a one second period. This is
	// used to limit the amount of Raft bandwidth used for replication.
	ACLReplicationApplyLimit int

	// ACLEnableKeyListPolicy is used to gate enforcement of the new "list" policy that
	// protects listing keys by prefix. This behavior is opt-in
	// by default in Consul 1.0 and later.
	ACLEnableKeyListPolicy bool

	// TombstoneTTL is used to control how long KV tombstones are retained.
	// This provides a window of time where the X-Consul-Index is monotonic.
	// Outside this window, the index may not be monotonic. This is a result
	// of a few trade offs:
	// 1) The index is defined by the data view and not globally. This is a
	// performance optimization that prevents any write from incrementing the
	// index for all data views.
	// 2) Tombstones are not kept indefinitely, since otherwise storage required
	// is also monotonic. This prevents deletes from reducing the disk space
	// used.
	// In theory, neither of these are intrinsic limitations, however for the
	// purposes of building a practical system, they are reasonable trade offs.
	//
	// It is also possible to set this to an incredibly long time, thereby
	// simulating infinite retention. This is not recommended however.
	//
	TombstoneTTL time.Duration

	// TombstoneTTLGranularity is used to control how granular the timers are
	// for the Tombstone GC. This is used to batch the GC of many keys together
	// to reduce overhead. It is unlikely a user would ever need to tune this.
	TombstoneTTLGranularity time.Duration

	// Minimum Session TTL
	SessionTTLMin time.Duration

	// maxTokenExpirationDuration is the maximum difference allowed between
	// ACLToken CreateTime and ExpirationTime values if ExpirationTime is set
	// on a token.
	ACLTokenMaxExpirationTTL time.Duration

	// ACLTokenMinExpirationTTL is the minimum difference allowed between
	// ACLToken CreateTime and ExpirationTime values if ExpirationTime is set
	// on a token.
	ACLTokenMinExpirationTTL time.Duration

	// ServerUp callback can be used to trigger a notification that
	// a Consul server is now up and known about.
	ServerUp func()

	// UserEventHandler callback can be used to handle incoming
	// user events. This function should not block.
	UserEventHandler func(serf.UserEvent)

	// ConfigReplicationRate is the max number of replication rounds that can
	// be run per second. Note that either 1 or 2 RPCs are used during each replication
	// round
	ConfigReplicationRate int

	// ConfigReplicationBurst is how many replication rounds can be bursted after a
	// period of idleness
	ConfigReplicationBurst int

	// ConfigReplicationApply limit is the max number of replication-related
	// apply operations that we allow during a one second period. This is
	// used to limit the amount of Raft bandwidth used for replication.
	ConfigReplicationApplyLimit int

	// CoordinateUpdatePeriod controls how long a server batches coordinate
	// updates before applying them in a Raft transaction. A larger period
	// leads to fewer Raft transactions, but also the stored coordinates
	// being more stale.
	CoordinateUpdatePeriod time.Duration

	// CoordinateUpdateBatchSize controls the maximum number of updates a
	// server batches before applying them in a Raft transaction.
	CoordinateUpdateBatchSize int

	// CoordinateUpdateMaxBatches controls the maximum number of batches we
	// are willing to apply in one period. After this limit we will issue a
	// warning and discard the remaining updates.
	CoordinateUpdateMaxBatches int

	// CheckOutputMaxSize control the max size of output of checks
	CheckOutputMaxSize int

	// RPCHandshakeTimeout limits how long we will wait for the initial magic byte
	// on an RPC client connection. It also governs how long we will wait for a
	// TLS handshake when TLS is configured however the timout applies separately
	// for the initial magic byte and the TLS handshake and inner magic byte.
	RPCHandshakeTimeout time.Duration

	// RPCHoldTimeout is how long an RPC can be "held" before it is errored.
	// This is used to paper over a loss of leadership by instead holding RPCs,
	// so that the caller experiences a slow response rather than an error.
	// This period is meant to be long enough for a leader election to take
	// place, and a small jitter is applied to avoid a thundering herd.
	RPCHoldTimeout time.Duration

	// RPCRate and RPCMaxBurst control how frequently RPC calls are allowed
	// to happen. In any large enough time interval, rate limiter limits the
	// rate to RPCRate tokens per second, with a maximum burst size of
	// RPCMaxBurst events. As a special case, if RPCRate == Inf (the infinite
	// rate), RPCMaxBurst is ignored.
	//
	// See https://en.wikipedia.org/wiki/Token_bucket for more about token
	// buckets.
	RPCRate     rate.Limit
	RPCMaxBurst int

	// RPCMaxConnsPerClient is the limit of how many concurrent connections are
	// allowed from a single source IP.
	RPCMaxConnsPerClient int

	// LeaveDrainTime is used to wait after a server has left the LAN Serf
	// pool for RPCs to drain and new requests to be sent to other servers.
	LeaveDrainTime time.Duration

	// AutopilotConfig is used to apply the initial autopilot config when
	// bootstrapping.
	AutopilotConfig *autopilot.Config

	// ServerHealthInterval is the frequency with which the health of the
	// servers in the cluster will be updated.
	ServerHealthInterval time.Duration

	// AutopilotInterval is the frequency with which the leader will perform
	// autopilot tasks, such as promoting eligible non-voters and removing
	// dead servers.
	AutopilotInterval time.Duration

	// ConnectEnabled is whether to enable Connect features such as the CA.
	ConnectEnabled bool

	// CAConfig is used to apply the initial Connect CA configuration when
	// bootstrapping.
	CAConfig *structs.CAConfiguration

	// ConfigEntryBootstrap contains a list of ConfigEntries to ensure are created
	// If entries of the same Kind/Name exist already these will not update them.
	ConfigEntryBootstrap []structs.ConfigEntry

	// AutoEncryptAllowTLS is whether to enable the server responding to
	// AutoEncrypt.Sign requests.
	AutoEncryptAllowTLS bool
}

Config is used to configure the server

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig returns a sane default configuration.

func (*Config) CheckACL

func (c *Config) CheckACL() error

CheckACL validates the ACL configuration.

func (*Config) CheckProtocolVersion

func (c *Config) CheckProtocolVersion() error

CheckProtocolVersion validates the protocol version.

func (*Config) ToTLSUtilConfig added in v1.4.3

func (c *Config) ToTLSUtilConfig() tlsutil.Config

ToTLSUtilConfig is only used by tests, usually the config is being passed down from the agent.

type ConfigEntry added in v1.5.0

type ConfigEntry struct {
	// contains filtered or unexported fields
}

The ConfigEntry endpoint is used to query centralized config information

func (*ConfigEntry) Apply added in v1.5.0

func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error

Apply does an upsert of the given config entry.

func (*ConfigEntry) Delete added in v1.5.0

func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{}) error

Delete deletes a config entry.

func (*ConfigEntry) Get added in v1.5.0

Get returns a single config entry by Kind/Name.

func (*ConfigEntry) List added in v1.5.0

List returns all the config entries of the given kind. If Kind is blank, all existing config entries will be returned.

func (*ConfigEntry) ListAll added in v1.5.0

ListAll returns all the known configuration entries

func (*ConfigEntry) ResolveServiceConfig added in v1.5.0

func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, reply *structs.ServiceConfigResponse) error

ResolveServiceConfig

type ConnectCA added in v1.2.0

type ConnectCA struct {
	// contains filtered or unexported fields
}

ConnectCA manages the Connect CA.

func (*ConnectCA) ConfigurationGet added in v1.2.0

func (s *ConnectCA) ConfigurationGet(
	args *structs.DCSpecificRequest,
	reply *structs.CAConfiguration) error

ConfigurationGet returns the configuration for the CA.

func (*ConnectCA) ConfigurationSet added in v1.2.0

func (s *ConnectCA) ConfigurationSet(
	args *structs.CARequest,
	reply *interface{}) error

ConfigurationSet updates the configuration for the CA.

func (*ConnectCA) Roots added in v1.2.0

Roots returns the currently trusted root certificates.

func (*ConnectCA) Sign added in v1.2.0

func (s *ConnectCA) Sign(
	args *structs.CASignRequest,
	reply *structs.IssuedCert) error

Sign signs a certificate for a service.

func (*ConnectCA) SignIntermediate added in v1.6.0

func (s *ConnectCA) SignIntermediate(
	args *structs.CASignRequest,
	reply *string) error

SignIntermediate signs an intermediate certificate for a remote datacenter.

type Coordinate

type Coordinate struct {
	// contains filtered or unexported fields
}

Coordinate manages queries and updates for network coordinates.

func NewCoordinate

func NewCoordinate(srv *Server) *Coordinate

NewCoordinate returns a new Coordinate endpoint.

func (*Coordinate) ListDatacenters

func (c *Coordinate) ListDatacenters(args *struct{}, reply *[]structs.DatacenterMap) error

ListDatacenters returns the list of datacenters and their respective nodes and the raw coordinates of those nodes (if no coordinates are available for any of the nodes, the node list may be empty).

func (*Coordinate) ListNodes

ListNodes returns the list of nodes with their raw network coordinates (if no coordinates are available for a node it won't appear in this list).

func (*Coordinate) Node added in v1.0.1

Node returns the raw coordinates for a single node.

func (*Coordinate) Update

func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct{}) (err error)

Update inserts or updates the LAN coordinate of a node.

type DiscoveryChain added in v1.6.0

type DiscoveryChain struct {
	// contains filtered or unexported fields
}

func (*DiscoveryChain) Get added in v1.6.0

type EnterpriseClient added in v1.2.0

type EnterpriseClient struct{}

type EnterpriseServer added in v1.2.0

type EnterpriseServer struct{}

type Filter

type Filter interface {
	Len() int
	Filter(int) bool
	Move(dst, src, span int)
}

Filter interface is used with FilterEntries to do an in-place filter of a slice.

type Health

type Health struct {
	// contains filtered or unexported fields
}

Health endpoint is used to query the health information

func (*Health) ChecksInState

func (h *Health) ChecksInState(args *structs.ChecksInStateRequest,
	reply *structs.IndexedHealthChecks) error

ChecksInState is used to get all the checks in a given state

func (*Health) NodeChecks

func (h *Health) NodeChecks(args *structs.NodeSpecificRequest,
	reply *structs.IndexedHealthChecks) error

NodeChecks is used to get all the checks for a node

func (*Health) ServiceChecks

func (h *Health) ServiceChecks(args *structs.ServiceSpecificRequest,
	reply *structs.IndexedHealthChecks) error

ServiceChecks is used to get all the checks for a service

func (*Health) ServiceNodes

ServiceNodes returns all the nodes registered as part of a service including health info

type Intention added in v1.2.0

type Intention struct {
	// contains filtered or unexported fields
}

Intention manages the Connect intentions.

func (*Intention) Apply added in v1.2.0

func (s *Intention) Apply(
	args *structs.IntentionRequest,
	reply *string) error

Apply creates or updates an intention in the data store.

func (*Intention) Check added in v1.2.0

Check tests a source/destination and returns whether it would be allowed or denied based on the current ACL configuration.

Note: Whenever the logic for this method is changed, you should take a look at the agent authorize endpoint (agent/agent_endpoint.go) since the logic there is similar.

func (*Intention) Get added in v1.2.0

Get returns a single intention by ID.

func (*Intention) List added in v1.2.0

List returns all the intentions.

func (*Intention) Match added in v1.2.0

Match returns the set of intentions that match the given source/destination.

type Internal

type Internal struct {
	// contains filtered or unexported fields
}

Internal endpoint is used to query the miscellaneous info that does not necessarily fit into the other systems. It is also used to hold undocumented APIs that users should not rely on.

func (*Internal) EventFire

func (m *Internal) EventFire(args *structs.EventFireRequest,
	reply *structs.EventFireResponse) error

EventFire is a bit of an odd endpoint, but it allows for a cross-DC RPC call to fire an event. The primary use case is to enable user events being triggered in a remote DC.

func (*Internal) KeyringOperation

func (m *Internal) KeyringOperation(
	args *structs.KeyringRequest,
	reply *structs.KeyringResponses) error

KeyringOperation will query the WAN and LAN gossip keyrings of all nodes.

func (*Internal) NodeDump

func (m *Internal) NodeDump(args *structs.DCSpecificRequest,
	reply *structs.IndexedNodeDump) error

NodeDump is used to generate information about all of the nodes.

func (*Internal) NodeInfo

func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest,
	reply *structs.IndexedNodeDump) error

NodeInfo is used to retrieve information about a specific node.

func (*Internal) ServiceDump added in v1.5.0

type KVS

type KVS struct {
	// contains filtered or unexported fields
}

KVS endpoint is used to manipulate the Key-Value store

func (*KVS) Apply

func (k *KVS) Apply(args *structs.KVSRequest, reply *bool) error

Apply is used to apply a KVS update request to the data store.

func (*KVS) Get

func (k *KVS) Get(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error

Get is used to lookup a single key.

func (*KVS) List

func (k *KVS) List(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error

List is used to list all keys with a given prefix.

func (*KVS) ListKeys

func (k *KVS) ListKeys(args *structs.KeyListRequest, reply *structs.IndexedKeyList) error

ListKeys is used to list all keys with a given prefix to a separator.

type NetworkSegment added in v0.9.3

type NetworkSegment struct {
	Name       string
	Bind       string
	Port       int
	Advertise  string
	RPCAddr    *net.TCPAddr
	SerfConfig *serf.Config
}

(Enterprise-only) NetworkSegment is the address and port configuration for a network segment.

type Operator

type Operator struct {
	// contains filtered or unexported fields
}

Operator endpoint is used to perform low-level operator tasks for Consul.

func (*Operator) AutopilotGetConfiguration

func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, reply *autopilot.Config) error

AutopilotGetConfiguration is used to retrieve the current Autopilot configuration.

func (*Operator) AutopilotSetConfiguration

func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error

AutopilotSetConfiguration is used to set the current Autopilot configuration.

func (*Operator) RaftGetConfiguration

func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply *structs.RaftConfigurationResponse) error

RaftGetConfiguration is used to retrieve the current Raft configuration.

func (*Operator) RaftRemovePeerByAddress

func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest, reply *struct{}) error

RaftRemovePeerByAddress is used to kick a stale peer (one that it in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but it required to fulfill the RPC interface.

func (*Operator) RaftRemovePeerByID

func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, reply *struct{}) error

RaftRemovePeerByID is used to kick a stale peer (one that is in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but is required to fulfill the RPC interface.

func (*Operator) ServerHealth

func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *autopilot.OperatorHealthReply) error

ServerHealth is used to get the current health of the servers.

type PreparedQuery

type PreparedQuery struct {
	// contains filtered or unexported fields
}

PreparedQuery manages the prepared query endpoint.

func (*PreparedQuery) Apply

func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string) (err error)

Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data. The ID of the session is returned in the reply.

func (*PreparedQuery) Execute

Execute runs a prepared query and returns the results. This will perform the failover logic if no local results are available. This is typically called as part of a DNS lookup, or when executing prepared queries from the HTTP API.

func (*PreparedQuery) ExecuteRemote

ExecuteRemote is used when a local node doesn't have any instances of a service available and needs to probe remote DCs. This sends the full query over since the remote side won't have it in its state store, and this doesn't do the failover logic since that's already being run on the originating DC. We don't want things to fan out further than one level.

func (*PreparedQuery) Explain

Explain resolves a prepared query and returns the (possibly rendered template) to the caller. This is useful for letting operators figure out which query is picking up a given name. We can also add additional info about how the query will be executed here.

func (*PreparedQuery) Get

Get returns a single prepared query by ID.

func (*PreparedQuery) List

List returns all the prepared queries.

type RaftLayer

type RaftLayer struct {
	// contains filtered or unexported fields
}

RaftLayer implements the raft.StreamLayer interface, so that we can use a single RPC layer for Raft and Consul

func NewRaftLayer

func NewRaftLayer(src, addr net.Addr, tlsWrap tlsutil.Wrapper, tlsFunc func(raft.ServerAddress) bool) *RaftLayer

NewRaftLayer is used to initialize a new RaftLayer which can be used as a StreamLayer for Raft. If a tlsConfig is provided, then the connection will use TLS.

func (*RaftLayer) Accept

func (l *RaftLayer) Accept() (net.Conn, error)

Accept is used to return connection which are dialed to be used with the Raft layer

func (*RaftLayer) Addr

func (l *RaftLayer) Addr() net.Addr

Addr is used to return the address of the listener

func (*RaftLayer) Close

func (l *RaftLayer) Close() error

Close is used to stop listening for Raft connections

func (*RaftLayer) Dial

func (l *RaftLayer) Dial(address raft.ServerAddress, timeout time.Duration) (net.Conn, error)

Dial is used to create a new outgoing connection

func (*RaftLayer) Handoff

func (l *RaftLayer) Handoff(c net.Conn) error

Handoff is used to hand off a connection to the RaftLayer. This allows it to be Accept()'ed

type Replicator added in v1.5.0

type Replicator struct {
	// contains filtered or unexported fields
}

func NewReplicator added in v1.5.0

func NewReplicator(config *ReplicatorConfig) (*Replicator, error)

func (*Replicator) Start added in v1.5.0

func (r *Replicator) Start()

func (*Replicator) Stop added in v1.5.0

func (r *Replicator) Stop()

type ReplicatorConfig added in v1.5.0

type ReplicatorConfig struct {
	// Name to be used in various logging
	Name string
	// Function to perform the actual replication
	ReplicateFn ReplicatorFunc
	// The number of replication rounds per second that are allowed
	Rate int
	// The number of replication rounds that can be done in a burst
	Burst int
	// Minimum number of RPC failures to ignore before backing off
	MinFailures int
	// Maximum wait time between failing RPCs
	MaxRetryWait time.Duration
	// Where to send our logs
	Logger *log.Logger
}

type ReplicatorFunc added in v1.5.0

type ReplicatorFunc func(ctx context.Context, lastRemoteIndex uint64) (index uint64, exit bool, err error)

type Server

type Server struct {

	// Listener is used to listen for incoming connections
	Listener net.Listener

	// embedded struct to hold all the enterprise specific data
	EnterpriseServer
	// contains filtered or unexported fields
}

Server is Consul server which manages the service discovery, health checking, DC forwarding, Raft, and multiple Serf pools.

func NewServer

func NewServer(config *Config) (*Server, error)

NewServer is only used to help setting up a server for testing. Normal code exercises NewServerLogger.

func NewServerLogger

func NewServerLogger(config *Config, logger *log.Logger, tokens *token.Store, tlsConfigurator *tlsutil.Configurator) (*Server, error)

NewServerLogger is used to construct a new Consul server from the configuration, potentially returning an error

func (*Server) ACLDatacenter added in v1.4.0

func (s *Server) ACLDatacenter(legacy bool) string

func (*Server) ACLsEnabled added in v1.4.0

func (s *Server) ACLsEnabled() bool

func (*Server) CheckServers added in v1.6.5

func (s *Server) CheckServers(datacenter string, fn func(*metadata.Server) bool)

CheckServers implements the checkServersProvider interface for the Server

func (*Server) Encrypted

func (s *Server) Encrypted() bool

Encrypted determines if gossip is encrypted

func (*Server) Flood

func (s *Server) Flood(addrFn router.FloodAddrFn, portFn router.FloodPortFn, global *serf.Serf)

Flood is a long-running goroutine that floods servers from the LAN to the given global Serf instance, such as the WAN. This will exit once either of the Serf instances are shut down.

func (*Server) FloodNotify

func (s *Server) FloodNotify()

FloodNotify lets all the waiting Flood goroutines know that some change may have affected them.

func (*Server) GetLANCoordinate

func (s *Server) GetLANCoordinate() (lib.CoordinateSet, error)

GetLANCoordinate returns the coordinate of the server in the LAN gossip pool.

func (*Server) InACLDatacenter added in v1.4.0

func (s *Server) InACLDatacenter() bool

func (*Server) IsACLReplicationEnabled

func (s *Server) IsACLReplicationEnabled() bool

IsACLReplicationEnabled returns true if ACL replication is enabled. DEPRECATED (ACL-Legacy-Compat) - with new ACLs at least policy replication is required

func (*Server) IsLeader

func (s *Server) IsLeader() bool

IsLeader checks if this server is the cluster leader

func (*Server) JoinLAN

func (s *Server) JoinLAN(addrs []string) (int, error)

JoinLAN is used to have Consul join the inner-DC pool The target address should be another node inside the DC listening on the Serf LAN address

func (*Server) JoinWAN

func (s *Server) JoinWAN(addrs []string) (int, error)

JoinWAN is used to have Consul join the cross-WAN Consul ring The target address should be another node listening on the Serf WAN address

func (*Server) KeyManagerLAN

func (s *Server) KeyManagerLAN() *serf.KeyManager

KeyManagerLAN returns the LAN Serf keyring manager

func (*Server) KeyManagerWAN

func (s *Server) KeyManagerWAN() *serf.KeyManager

KeyManagerWAN returns the WAN Serf keyring manager

func (*Server) LANMembers

func (s *Server) LANMembers() []serf.Member

LANMembers is used to return the members of the LAN cluster

func (*Server) LANMembersAllSegments added in v0.9.3

func (s *Server) LANMembersAllSegments() ([]serf.Member, error)

LANMembersAllSegments returns members from all segments.

func (*Server) LANSegmentAddr added in v0.9.3

func (s *Server) LANSegmentAddr(name string) string

LANSegmentAddr is used to return the address used for the given LAN segment.

func (*Server) LANSegmentMembers added in v0.9.3

func (s *Server) LANSegmentMembers(segment string) ([]serf.Member, error)

LANSegmentMembers is used to return the members of the given LAN segment.

func (*Server) LANSegments added in v0.9.3

func (s *Server) LANSegments() map[string]*serf.Serf

LANSegments returns a map of LAN segments by name

func (*Server) Leave

func (s *Server) Leave() error

Leave is used to prepare for a graceful shutdown of the server

func (*Server) LocalMember

func (s *Server) LocalMember() serf.Member

LocalMember is used to return the local node

func (*Server) LocalTokensEnabled added in v1.4.0

func (s *Server) LocalTokensEnabled() bool

func (*Server) RPC

func (s *Server) RPC(method string, args interface{}, reply interface{}) error

RPC is used to make a local RPC call

func (*Server) RegisterEndpoint

func (s *Server) RegisterEndpoint(name string, handler interface{}) error

RegisterEndpoint is used to substitute an endpoint for testing.

func (*Server) ReloadConfig added in v1.2.0

func (s *Server) ReloadConfig(config *Config) error

ReloadConfig is used to have the Server do an online reload of relevant configuration information

func (*Server) RemoveFailedNode

func (s *Server) RemoveFailedNode(node string, prune bool) error

RemoveFailedNode is used to remove a failed node from the cluster

func (*Server) ResolveIdentityFromToken added in v1.4.0

func (s *Server) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)

func (*Server) ResolvePolicyFromID added in v1.4.0

func (s *Server) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)

func (*Server) ResolveRoleFromID added in v1.5.0

func (s *Server) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)

func (*Server) ResolveToken added in v1.4.0

func (s *Server) ResolveToken(token string) (acl.Authorizer, error)

func (*Server) Shutdown

func (s *Server) Shutdown() error

Shutdown is used to shutdown the server

func (*Server) SnapshotRPC

func (s *Server) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer,
	replyFn structs.SnapshotReplyFn) error

SnapshotRPC dispatches the given snapshot request, reading from the streaming input and writing to the streaming output depending on the operation.

func (*Server) Stats

func (s *Server) Stats() map[string]map[string]string

Stats is used to return statistics for debugging and insight for various sub-systems

func (*Server) UseLegacyACLs added in v1.4.0

func (s *Server) UseLegacyACLs() bool

func (*Server) WANMembers

func (s *Server) WANMembers() []serf.Member

WANMembers is used to return the members of the LAN cluster

type ServerLookup added in v0.9.3

type ServerLookup struct {
	// contains filtered or unexported fields
}

ServerLookup encapsulates looking up servers by id and address

func NewServerLookup added in v0.9.3

func NewServerLookup() *ServerLookup

func (*ServerLookup) AddServer added in v0.9.3

func (sl *ServerLookup) AddServer(server *metadata.Server)

func (*ServerLookup) CheckServers added in v1.6.5

func (sl *ServerLookup) CheckServers(fn func(srv *metadata.Server) bool)

func (*ServerLookup) RemoveServer added in v0.9.3

func (sl *ServerLookup) RemoveServer(server *metadata.Server)

func (*ServerLookup) Server added in v0.9.3

func (sl *ServerLookup) Server(addr raft.ServerAddress) *metadata.Server

Server looks up the server by address, returns a boolean if not found

func (*ServerLookup) ServerAddr added in v0.9.3

func (sl *ServerLookup) ServerAddr(id raft.ServerID) (raft.ServerAddress, error)

Implements the ServerAddressProvider interface

func (*ServerLookup) Servers added in v0.9.3

func (sl *ServerLookup) Servers() []*metadata.Server

type Session

type Session struct {
	// contains filtered or unexported fields
}

Session endpoint is used to manipulate sessions for KV

func (*Session) Apply

func (s *Session) Apply(args *structs.SessionRequest, reply *string) error

Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data

func (*Session) Get

Get is used to retrieve a single session

func (*Session) List

List is used to list all the active sessions

func (*Session) NodeSessions

func (s *Session) NodeSessions(args *structs.NodeSpecificRequest,
	reply *structs.IndexedSessions) error

NodeSessions is used to get all the sessions for a particular node

func (*Session) Renew

Renew is used to renew the TTL on a single session

type SessionTimers added in v0.9.0

type SessionTimers struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

SessionTimers provides a map of named timers which is safe for concurrent use.

func NewSessionTimers added in v0.9.0

func NewSessionTimers() *SessionTimers

func (*SessionTimers) Del added in v0.9.0

func (t *SessionTimers) Del(id string)

Del removes the timer with the given id.

func (*SessionTimers) Get added in v0.9.0

func (t *SessionTimers) Get(id string) *time.Timer

Get returns the timer with the given id or nil.

func (*SessionTimers) Len added in v0.9.0

func (t *SessionTimers) Len() int

Len returns the number of registered timers.

func (*SessionTimers) ResetOrCreate added in v0.9.0

func (t *SessionTimers) ResetOrCreate(id string, ttl time.Duration, afterFunc func())

ResetOrCreate sets the ttl of the timer with the given id or creates a new one if it does not exist.

func (*SessionTimers) Set added in v0.9.0

func (t *SessionTimers) Set(id string, tm *time.Timer)

Set stores the timer under given id. If tm is nil the timer with the given id is removed.

func (*SessionTimers) Stop added in v0.9.0

func (t *SessionTimers) Stop(id string)

Stop stops the timer with the given id and removes it.

func (*SessionTimers) StopAll added in v0.9.0

func (t *SessionTimers) StopAll()

StopAll stops and removes all registered timers.

type StatsFetcher

type StatsFetcher struct {
	// contains filtered or unexported fields
}

StatsFetcher has two functions for autopilot. First, lets us fetch all the stats in parallel so we are taking a sample as close to the same time as possible, since we are comparing time-sensitive info for the health check. Second, it bounds the time so that one slow RPC can't hold up the health check loop; as a side effect of how it implements this, it also limits to a single in-flight RPC to any given server, so goroutines don't accumulate as we run the health check fairly frequently.

func NewStatsFetcher

func NewStatsFetcher(logger *log.Logger, pool *pool.ConnPool, datacenter string) *StatsFetcher

NewStatsFetcher returns a stats fetcher.

func (*StatsFetcher) Fetch

func (f *StatsFetcher) Fetch(ctx context.Context, members []serf.Member) map[string]*autopilot.ServerStats

Fetch will attempt to query all the servers in parallel.

type Status

type Status struct {
	// contains filtered or unexported fields
}

Status endpoint is used to check on server status

func (*Status) Leader

func (s *Status) Leader(args *structs.DCSpecificRequest, reply *string) error

Leader is used to get the address of the leader

func (*Status) Peers

func (s *Status) Peers(args *structs.DCSpecificRequest, reply *[]string) error

Peers is used to get all the Raft peers

func (*Status) Ping

func (s *Status) Ping(args struct{}, reply *struct{}) error

Ping is used to just check for connectivity

func (*Status) RaftStats

func (s *Status) RaftStats(args struct{}, reply *autopilot.ServerStats) error

Used by Autopilot to query the raft stats of the local server.

type Txn

type Txn struct {
	// contains filtered or unexported fields
}

Txn endpoint is used to perform multi-object atomic transactions.

func (*Txn) Apply

func (t *Txn) Apply(args *structs.TxnRequest, reply *structs.TxnResponse) error

Apply is used to apply multiple operations in a single, atomic transaction.

func (*Txn) Read

func (t *Txn) Read(args *structs.TxnReadRequest, reply *structs.TxnReadResponse) error

Read is used to perform a read-only transaction that doesn't modify the state store. This is much more scalable since it doesn't go through Raft and supports staleness, so this should be preferred if you're just performing reads.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL