Documentation ¶
Overview ¶
The snapshot endpoint is a special non-RPC endpoint that supports streaming for taking and restoring snapshots for disaster recovery. This gets wired directly into Consul's stream handler, and a new TCP connection is made for each request.
This also includes a SnapshotRPC() function, which acts as a lightweight client that knows the details of the stream protocol.
Index ¶
- Constants
- Variables
- func CanServersUnderstandProtocol(members []serf.Member, version uint8) (bool, error)
- func FilterDirEnt(authorizer acl.Authorizer, ent structs.DirEntries) structs.DirEntries
- func FilterEntries(f Filter) int
- func FilterTxnResults(authorizer acl.Authorizer, results structs.TxnResults) structs.TxnResults
- func IsACLRemoteError(err error) bool
- func ServersGetACLMode(provider checkServersProvider, leaderAddr string, datacenter string) (found bool, mode structs.ACLMode, leaderMode structs.ACLMode)
- func ServersInDCMeetMinimumVersion(provider checkServersProvider, datacenter string, minVersion *version.Version) (ok bool, found bool)
- func ServersInDCMeetRequirements(provider checkServersProvider, datacenter string, ...) (ok bool, found bool)
- func SnapshotRPC(connPool *pool.ConnPool, dc string, nodeName string, addr net.Addr, ...) (io.ReadCloser, error)
- type ACL
- func (a *ACL) Apply(args *structs.ACLRequest, reply *string) error
- func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *bool) error
- func (a *ACL) AuthMethodList(args *structs.ACLAuthMethodListRequest, ...) error
- func (a *ACL) AuthMethodRead(args *structs.ACLAuthMethodGetRequest, reply *structs.ACLAuthMethodResponse) error
- func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *structs.ACLAuthMethod) error
- func (a *ACL) Authorize(args *structs.RemoteACLAuthorizationRequest, ...) error
- func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply *bool) error
- func (a *ACL) BindingRuleList(args *structs.ACLBindingRuleListRequest, ...) error
- func (a *ACL) BindingRuleRead(args *structs.ACLBindingRuleGetRequest, reply *structs.ACLBindingRuleResponse) error
- func (a *ACL) BindingRuleSet(args *structs.ACLBindingRuleSetRequest, reply *structs.ACLBindingRule) error
- func (a *ACL) Bootstrap(args *structs.DCSpecificRequest, reply *structs.ACL) error
- func (a *ACL) BootstrapTokens(args *structs.DCSpecificRequest, reply *structs.ACLToken) error
- func (a *ACL) Get(args *structs.ACLSpecificRequest, reply *structs.IndexedACLs) error
- func (a *ACL) GetPolicy(args *structs.ACLPolicyResolveLegacyRequest, ...) error
- func (a *ACL) List(args *structs.DCSpecificRequest, reply *structs.IndexedACLs) error
- func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) error
- func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error
- func (a *ACL) PolicyBatchRead(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error
- func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) error
- func (a *ACL) PolicyList(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error
- func (a *ACL) PolicyRead(args *structs.ACLPolicyGetRequest, reply *structs.ACLPolicyResponse) error
- func (a *ACL) PolicyResolve(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error
- func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPolicy) error
- func (a *ACL) ReplicationStatus(args *structs.DCSpecificRequest, reply *structs.ACLReplicationStatus) error
- func (a *ACL) RoleBatchRead(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error
- func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) error
- func (a *ACL) RoleList(args *structs.ACLRoleListRequest, reply *structs.ACLRoleListResponse) error
- func (a *ACL) RoleRead(args *structs.ACLRoleGetRequest, reply *structs.ACLRoleResponse) error
- func (a *ACL) RoleResolve(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error
- func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) error
- func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *structs.ACLTokenBatchResponse) error
- func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error
- func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) error
- func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error
- func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLTokenResponse) error
- func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error
- type ACLRemoteError
- type ACLResolver
- func (r *ACLResolver) ACLsEnabled() bool
- func (r *ACLResolver) Close()
- func (r *ACLResolver) GetMergedPolicyForToken(token string) (structs.ACLIdentity, *acl.Policy, error)
- func (r *ACLResolver) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)
- func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)
- type ACLResolverConfig
- type ACLResolverDelegate
- type AutoConfig
- type AutoConfigAuthorizer
- type AutoConfigBackend
- type AutoConfigOptions
- type AutoEncrypt
- type AutopilotDelegate
- func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config
- func (d *AutopilotDelegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats
- func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server
- func (d *AutopilotDelegate) NotifyState(state *autopilot.State)
- func (d *AutopilotDelegate) RemoveFailedServer(srv *autopilot.Server)
- type CAManager
- func (c *CAManager) Initialize() (reterr error)
- func (c *CAManager) RenewIntermediate(ctx context.Context, isPrimary bool) error
- func (c *CAManager) Start()
- func (c *CAManager) Stop()
- func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error)
- func (c *CAManager) UpdateRoots(roots structs.IndexedCARoots) error
- type Catalog
- func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) error
- func (c *Catalog) GatewayServices(args *structs.ServiceSpecificRequest, reply *structs.IndexedGatewayServices) error
- func (c *Catalog) ListDatacenters(args *structs.DatacentersRequest, reply *[]string) error
- func (c *Catalog) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedNodes) error
- func (c *Catalog) ListServices(args *structs.DCSpecificRequest, reply *structs.IndexedServices) error
- func (c *Catalog) NodeServiceList(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServiceList) error
- func (c *Catalog) NodeServices(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServices) error
- func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error
- func (c *Catalog) ServiceList(args *structs.DCSpecificRequest, reply *structs.IndexedServiceList) error
- func (c *Catalog) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceNodes) error
- type Client
- func (c *Client) ACLDatacenter(legacy bool) string
- func (c *Client) CheckServers(datacenter string, fn func(*metadata.Server) bool)
- func (c *Client) GetLANCoordinate() (lib.CoordinateSet, error)
- func (c *Client) JoinLAN(addrs []string) (int, error)
- func (c *Client) KeyManagerLAN() *serf.KeyManager
- func (c *Client) LANMembers() []serf.Member
- func (c *Client) LANMembersAllSegments() ([]serf.Member, error)
- func (c *Client) LANSegmentMembers(segment string) ([]serf.Member, error)
- func (c *Client) Leave() error
- func (c *Client) LocalMember() serf.Member
- func (c *Client) RPC(method string, args interface{}, reply interface{}) error
- func (c *Client) ReloadConfig(config *Config) error
- func (c *Client) RemoveFailedNode(node string, prune bool) error
- func (c *Client) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)
- func (c *Client) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)
- func (c *Client) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)
- func (c *Client) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (acl.Authorizer, error)
- func (c *Client) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)
- func (c *Client) Shutdown() error
- func (c *Client) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, ...) error
- func (c *Client) Stats() map[string]map[string]string
- func (c *Client) UseLegacyACLs() bool
- type Config
- type ConfigEntry
- func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error
- func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{}) error
- func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.ConfigEntryResponse) error
- func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.IndexedConfigEntries) error
- func (c *ConfigEntry) ListAll(args *structs.ConfigEntryListAllRequest, ...) error
- func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, reply *structs.ServiceConfigResponse) error
- type ConnectCA
- func (s *ConnectCA) ConfigurationGet(args *structs.DCSpecificRequest, reply *structs.CAConfiguration) error
- func (s *ConnectCA) ConfigurationSet(args *structs.CARequest, reply *interface{}) error
- func (s *ConnectCA) Roots(args *structs.DCSpecificRequest, reply *structs.IndexedCARoots) error
- func (s *ConnectCA) Sign(args *structs.CASignRequest, reply *structs.IssuedCert) error
- func (s *ConnectCA) SignIntermediate(args *structs.CASignRequest, reply *string) error
- type Coordinate
- func (c *Coordinate) ListDatacenters(args *struct{}, reply *[]structs.DatacenterMap) error
- func (c *Coordinate) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedCoordinates) error
- func (c *Coordinate) Node(args *structs.NodeSpecificRequest, reply *structs.IndexedCoordinates) error
- func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct{}) (err error)
- type Deps
- type DiscoveryChain
- type EnterpriseACLResolverDelegate
- type EnterpriseClient
- type EnterpriseConfig
- type EnterpriseServer
- type FederationState
- func (c *FederationState) Apply(args *structs.FederationStateRequest, reply *bool) error
- func (c *FederationState) Get(args *structs.FederationStateQuery, reply *structs.FederationStateResponse) error
- func (c *FederationState) List(args *structs.DCSpecificRequest, reply *structs.IndexedFederationStates) error
- func (c *FederationState) ListMeshGateways(args *structs.DCSpecificRequest, ...) error
- type FederationStateReplicator
- func (r *FederationStateReplicator) DiffRemoteAndLocalState(localRaw interface{}, remoteRaw interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error)
- func (r *FederationStateReplicator) FetchLocal() (int, interface{}, error)
- func (r *FederationStateReplicator) FetchRemote(lastRemoteIndex uint64) (int, interface{}, uint64, error)
- func (r *FederationStateReplicator) MetricName() string
- func (r *FederationStateReplicator) PerformDeletions(ctx context.Context, deletionsRaw interface{}) (exit bool, err error)
- func (r *FederationStateReplicator) PerformUpdates(ctx context.Context, updatesRaw interface{}) (exit bool, err error)
- func (r *FederationStateReplicator) PluralNoun() string
- func (r *FederationStateReplicator) SingularNoun() string
- type Filter
- type FunctionReplicator
- type GatewayLocator
- func (g *GatewayLocator) DialPrimaryThroughLocalGateway() bool
- func (g *GatewayLocator) PickGateway(dc string) string
- func (g *GatewayLocator) PrimaryGatewayFallbackAddresses() []string
- func (g *GatewayLocator) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}
- func (g *GatewayLocator) RefreshPrimaryGatewayFallbackAddresses(addrs []string)
- func (g *GatewayLocator) Run(ctx context.Context)
- func (g *GatewayLocator) SetLastFederationStateReplicationError(err error, fromReplication bool)
- func (g *GatewayLocator) SetUseReplicationSignal(newValue bool)
- type Health
- func (h *Health) ChecksInState(args *structs.ChecksInStateRequest, reply *structs.IndexedHealthChecks) error
- func (h *Health) NodeChecks(args *structs.NodeSpecificRequest, reply *structs.IndexedHealthChecks) error
- func (h *Health) ServiceChecks(args *structs.ServiceSpecificRequest, reply *structs.IndexedHealthChecks) error
- func (h *Health) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error
- type IndexReplicator
- type IndexReplicatorDelegate
- type IndexReplicatorDiff
- type Intention
- func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error
- func (s *Intention) Check(args *structs.IntentionQueryRequest, ...) error
- func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error
- func (s *Intention) List(args *structs.IntentionListRequest, reply *structs.IndexedIntentions) error
- func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentionMatches) error
- type Internal
- func (m *Internal) EventFire(args *structs.EventFireRequest, reply *structs.EventFireResponse) error
- func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error
- func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceDump) error
- func (m *Internal) KeyringOperation(args *structs.KeyringRequest, reply *structs.KeyringResponses) error
- func (m *Internal) NodeDump(args *structs.DCSpecificRequest, reply *structs.IndexedNodeDump) error
- func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeDump) error
- func (m *Internal) ServiceDump(args *structs.ServiceDumpRequest, reply *structs.IndexedNodesWithGateways) error
- func (m *Internal) ServiceTopology(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceTopology) error
- type KVS
- func (k *KVS) Apply(args *structs.KVSRequest, reply *bool) error
- func (k *KVS) Get(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error
- func (k *KVS) List(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error
- func (k *KVS) ListKeys(args *structs.KeyListRequest, reply *structs.IndexedKeyList) error
- type LeaderRoutine
- type LeaderRoutineManager
- func (m *LeaderRoutineManager) IsRunning(name string) bool
- func (m *LeaderRoutineManager) Start(name string, routine LeaderRoutine) error
- func (m *LeaderRoutineManager) StartWithContext(parentCtx context.Context, name string, routine LeaderRoutine) error
- func (m *LeaderRoutineManager) Stop(name string) <-chan struct{}
- func (m *LeaderRoutineManager) StopAll()
- type NetworkSegment
- type Operator
- func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, reply *structs.AutopilotConfig) error
- func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error
- func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autopilot.State) error
- func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply *structs.RaftConfigurationResponse) error
- func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest, reply *struct{}) error
- func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, reply *struct{}) error
- func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs.AutopilotHealthReply) error
- type PreparedQuery
- func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string) (err error)
- func (p *PreparedQuery) Execute(args *structs.PreparedQueryExecuteRequest, ...) error
- func (p *PreparedQuery) ExecuteRemote(args *structs.PreparedQueryExecuteRemoteRequest, ...) error
- func (p *PreparedQuery) Explain(args *structs.PreparedQueryExecuteRequest, ...) error
- func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest, ...) error
- func (p *PreparedQuery) List(args *structs.DCSpecificRequest, reply *structs.IndexedPreparedQueries) error
- type RPCConfig
- type RaftLayer
- type Replicator
- type ReplicatorConfig
- type ReplicatorDelegate
- type ReplicatorFunc
- type Server
- func (s *Server) ACLDatacenter(legacy bool) string
- func (s *Server) CheckServers(datacenter string, fn func(*metadata.Server) bool)
- func (s *Server) CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error)
- func (s *Server) DatacenterJoinAddresses(segment string) ([]string, error)
- func (s *Server) DatacenterSupportsFederationStates() bool
- func (s *Server) DatacenterSupportsIntentionsAsConfigEntries() bool
- func (s *Server) Flood(addrFn router.FloodAddrFn, dstSerf *serf.Serf)
- func (s *Server) FloodNotify()
- func (s *Server) ForwardRPC(method string, info structs.RPCInfo, args interface{}, reply interface{}) (bool, error)
- func (s *Server) GetCARoots() (*structs.IndexedCARoots, error)
- func (s *Server) GetLANCoordinate() (lib.CoordinateSet, error)
- func (s *Server) InACLDatacenter() bool
- func (s *Server) IsACLReplicationEnabled() bool
- func (s *Server) IsLeader() bool
- func (s *Server) JoinLAN(addrs []string) (int, error)
- func (s *Server) JoinWAN(addrs []string) (int, error)
- func (s *Server) KeyManagerLAN() *serf.KeyManager
- func (s *Server) KeyManagerWAN() *serf.KeyManager
- func (s *Server) LANMembers() []serf.Member
- func (s *Server) LANMembersAllSegments() ([]serf.Member, error)
- func (s *Server) LANSegmentAddr(name string) string
- func (s *Server) LANSegmentMembers(segment string) ([]serf.Member, error)
- func (s *Server) LANSegments() map[string]*serf.Serf
- func (s *Server) LeaderLastContact() time.Time
- func (s *Server) Leave() error
- func (s *Server) LocalMember() serf.Member
- func (s *Server) LocalTokensEnabled() bool
- func (s *Server) PickRandomMeshGatewaySuitableForDialing(dc string) string
- func (s *Server) PrimaryGatewayFallbackAddresses() []string
- func (s *Server) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}
- func (s *Server) RPC(method string, args interface{}, reply interface{}) error
- func (s *Server) RefreshPrimaryGatewayFallbackAddresses(addrs []string)
- func (s *Server) RegisterEndpoint(name string, handler interface{}) error
- func (s *Server) ReloadConfig(config *Config) error
- func (s *Server) RemoveFailedNode(node string, prune bool) error
- func (s *Server) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)
- func (s *Server) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)
- func (s *Server) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)
- func (s *Server) ResolveToken(token string) (acl.Authorizer, error)
- func (s *Server) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (acl.Authorizer, error)
- func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, ...) (structs.ACLIdentity, acl.Authorizer, error)
- func (s *Server) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)
- func (s *Server) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)
- func (s *Server) Shutdown() error
- func (s *Server) SignCertificate(csr *x509.CertificateRequest, spiffeID connect.CertURI) (*structs.IssuedCert, error)
- func (s *Server) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, ...) error
- func (s *Server) Stats() map[string]map[string]string
- func (s *Server) UseLegacyACLs() bool
- func (s *Server) WANMembers() []serf.Member
- type ServerLookup
- func (sl *ServerLookup) AddServer(server *metadata.Server)
- func (sl *ServerLookup) CheckServers(fn func(srv *metadata.Server) bool)
- func (sl *ServerLookup) RemoveServer(server *metadata.Server)
- func (sl *ServerLookup) Server(addr raft.ServerAddress) *metadata.Server
- func (sl *ServerLookup) ServerAddr(id raft.ServerID) (raft.ServerAddress, error)
- func (sl *ServerLookup) Servers() []*metadata.Server
- type Session
- func (s *Session) Apply(args *structs.SessionRequest, reply *string) error
- func (s *Session) Get(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error
- func (s *Session) List(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error
- func (s *Session) NodeSessions(args *structs.NodeSpecificRequest, reply *structs.IndexedSessions) error
- func (s *Session) Renew(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error
- type SessionTimers
- func (t *SessionTimers) Del(id string)
- func (t *SessionTimers) Get(id string) *time.Timer
- func (t *SessionTimers) Len() int
- func (t *SessionTimers) ResetOrCreate(id string, ttl time.Duration, afterFunc func())
- func (t *SessionTimers) Set(id string, tm *time.Timer)
- func (t *SessionTimers) Stop(id string)
- func (t *SessionTimers) StopAll()
- type StatsFetcher
- type Status
- type Txn
Constants ¶
const ( DefaultDC = "dc1" DefaultRPCPort = 8300 DefaultLANSerfPort = 8301 DefaultWANSerfPort = 8302 // DefaultRaftMultiplier is used as a baseline Raft configuration that // will be reliable on a very basic server. See docs/install/performance.html // for information on how this value was obtained. DefaultRaftMultiplier uint = 5 // MaxRaftMultiplier is a fairly arbitrary upper bound that limits the // amount of performance detuning that's possible. MaxRaftMultiplier uint = 10 )
const ( DefaultRPCProtocol = 2 ProtocolVersionMin uint8 = 2 // Version 3 added support for network coordinates but we kept the // default protocol version at 2 to ease the transition to this new // feature. A Consul agent speaking version 2 of the protocol will // attempt to send its coordinates to a server who understands version // 3 or greater. ProtocolVersion2Compatible = 2 ProtocolVersionMax = 3 )
These are the protocol versions that Consul can _understand_. These are Consul-level protocol versions, that are used to configure the Serf protocol versions.
const (
LeaderTransferMinVersion = "1.6.0"
)
const ( // StatusReap is used to update the status of a node if we // are handling a EventMemberReap StatusReap = serf.MemberStatus(-1) )
Variables ¶
var ( // Err strings. net/rpc doesn't have a way to transport typed/rich errors so // we currently rely on sniffing the error string in a few cases where we need // to change client behavior. These are the canonical error strings to use. // Note though that client code can't use `err == consul.Err*` directly since // the error returned by RPC will be a plain error.errorString created by // net/rpc client so will not be the same _instance_ that this package // variable points to. Clients need to compare using `err.Error() == // consul.ErrRateLimited.Error()` which is very sad. Short of replacing our // RPC mechanism it's hard to know how to make that much better though. ErrConnectNotEnabled = errors.New("Connect must be enabled in order to use this endpoint") ErrRateLimited = errors.New("Rate limit reached, try again later") ErrNotPrimaryDatacenter = errors.New("not the primary datacenter") ErrStateReadOnly = errors.New("CA Provider State is read-only") )
var ACLCounters = []prometheus.CounterDefinition{ { Name: []string{"acl", "token", "cache_hit"}, Help: "Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache.", }, { Name: []string{"acl", "token", "cache_miss"}, Help: "Increments if Consul cannot resolve a token's identity, or a legacy token, from the cache.", }, }
var ACLEndpointLegacySummaries = []prometheus.SummaryDefinition{ { Name: []string{"acl", "apply"}, Help: "Measures the time it takes to complete an update to the ACL store.", }, }
var ACLEndpointSummaries = []prometheus.SummaryDefinition{ { Name: []string{"acl", "token", "clone"}, Help: "", }, { Name: []string{"acl", "token", "upsert"}, Help: "", }, { Name: []string{"acl", "token", "delete"}, Help: "", }, { Name: []string{"acl", "policy", "upsert"}, Help: "", }, { Name: []string{"acl", "policy", "delete"}, Help: "", }, { Name: []string{"acl", "policy", "delete"}, Help: "", }, { Name: []string{"acl", "role", "upsert"}, Help: "", }, { Name: []string{"acl", "role", "delete"}, Help: "", }, { Name: []string{"acl", "bindingrule", "upsert"}, Help: "", }, { Name: []string{"acl", "bindingrule", "delete"}, Help: "", }, { Name: []string{"acl", "authmethod", "upsert"}, Help: "", }, { Name: []string{"acl", "authmethod", "delete"}, Help: "", }, { Name: []string{"acl", "login"}, Help: "", }, { Name: []string{"acl", "login"}, Help: "", }, { Name: []string{"acl", "logout"}, Help: "", }, { Name: []string{"acl", "logout"}, Help: "", }, }
var ACLSummaries = []prometheus.SummaryDefinition{ { Name: []string{"acl", "resolveTokenLegacy"}, Help: "This measures the time it takes to resolve an ACL token using the legacy ACL system.", }, { Name: []string{"acl", "ResolveToken"}, Help: "This measures the time it takes to resolve an ACL token.", }, { Name: []string{"acl", "ResolveTokenToIdentity"}, Help: "This measures the time it takes to resolve an ACL token to an Identity.", }, }
var AutopilotGauges = []prometheus.GaugeDefinition{ { Name: []string{"autopilot", "failure_tolerance"}, Help: "Tracks the number of voting servers that the cluster can lose while continuing to function.", }, { Name: []string{"autopilot", "healthy"}, Help: "Tracks the overall health of the local server cluster. 1 if all servers are healthy, 0 if one or more are unhealthy.", }, }
var CatalogCounters = []prometheus.CounterDefinition{ { Name: []string{"catalog", "service", "query"}, Help: "Increments for each catalog query for the given service.", }, { Name: []string{"catalog", "connect", "query"}, Help: "Increments for each connect-based catalog query for the given service.", }, { Name: []string{"catalog", "service", "query-tag"}, Help: "Increments for each catalog query for the given service with the given tag.", }, { Name: []string{"catalog", "connect", "query-tag"}, Help: "Increments for each connect-based catalog query for the given service with the given tag.", }, { Name: []string{"catalog", "service", "query-tags"}, Help: "Increments for each catalog query for the given service with the given tags.", }, { Name: []string{"catalog", "connect", "query-tags"}, Help: "Increments for each connect-based catalog query for the given service with the given tags.", }, { Name: []string{"catalog", "service", "not-found"}, Help: "Increments for each catalog query where the given service could not be found.", }, { Name: []string{"catalog", "connect", "not-found"}, Help: "Increments for each connect-based catalog query where the given service could not be found.", }, }
var CatalogSummaries = []prometheus.SummaryDefinition{ { Name: []string{"catalog", "deregister"}, Help: "Measures the time it takes to complete a catalog deregister operation.", }, { Name: []string{"catalog", "register"}, Help: "Measures the time it takes to complete a catalog register operation.", }, }
var ClientCounters = []prometheus.CounterDefinition{ { Name: []string{"client", "rpc"}, Help: "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server.", }, { Name: []string{"client", "rpc", "exceeded"}, Help: "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.", }, { Name: []string{"client", "rpc", "failed"}, Help: "Increments whenever a Consul agent in client mode makes an RPC request to a Consul server and fails.", }, }
var ConfigSummaries = []prometheus.SummaryDefinition{ { Name: []string{"config_entry", "apply"}, Help: "", }, { Name: []string{"config_entry", "get"}, Help: "", }, { Name: []string{"config_entry", "list"}, Help: "", }, { Name: []string{"config_entry", "listAll"}, Help: "", }, { Name: []string{"config_entry", "delete"}, Help: "", }, { Name: []string{"config_entry", "resolve_service_config"}, Help: "", }, }
var (
DefaultRPCAddr = &net.TCPAddr{IP: net.ParseIP("0.0.0.0"), Port: DefaultRPCPort}
)
var (
ErrAutoEncryptAllowTLSNotEnabled = errors.New("AutoEncrypt.AllowTLS must be enabled in order to use this endpoint")
)
var (
ErrChunkingResubmit = errors.New("please resubmit call for rechunking")
)
var ( // ErrIntentionNotFound is returned if the intention lookup failed. ErrIntentionNotFound = errors.New("Intention not found") )
var ErrIntentionsNotUpgradedYet = errors.New("Intentions are read only while being upgraded to config entries")
var (
ErrWANFederationDisabled = fmt.Errorf("WAN Federation is disabled")
)
var FederationStateSummaries = []prometheus.SummaryDefinition{ { Name: []string{"federation_state", "apply"}, Help: "", }, { Name: []string{"federation_state", "get"}, Help: "", }, { Name: []string{"federation_state", "list"}, Help: "", }, { Name: []string{"federation_state", "list_mesh_gateways"}, Help: "", }, }
var IntentionSummaries = []prometheus.SummaryDefinition{ { Name: []string{"consul", "intention", "apply"}, Help: "", }, { Name: []string{"intention", "apply"}, Help: "", }, }
var KVSummaries = []prometheus.SummaryDefinition{ { Name: []string{"kvs", "apply"}, Help: "Measures the time it takes to complete an update to the KV store.", }, }
var LeaderSummaries = []prometheus.SummaryDefinition{ { Name: []string{"leader", "barrier"}, Help: "Measures the time spent waiting for the raft barrier upon gaining leadership.", }, { Name: []string{"leader", "reconcileMember"}, Help: "Measures the time spent updating the raft store for a single serf member's information.", }, { Name: []string{"leader", "reapTombstones"}, Help: "Measures the time spent clearing tombstones.", }, }
var PreparedQuerySummaries = []prometheus.SummaryDefinition{ { Name: []string{"prepared-query", "apply"}, Help: "Measures the time it takes to apply a prepared query update.", }, { Name: []string{"prepared-query", "explain"}, Help: "Measures the time it takes to process a prepared query explain request.", }, { Name: []string{"prepared-query", "execute"}, Help: "Measures the time it takes to process a prepared query execute request.", }, { Name: []string{"prepared-query", "execute_remote"}, Help: "Measures the time it takes to process a prepared query execute request that was forwarded to another datacenter.", }, }
var RPCCounters = []prometheus.CounterDefinition{ { Name: []string{"rpc", "accept_conn"}, Help: "Increments when a server accepts an RPC connection.", }, { Name: []string{"rpc", "raft_handoff"}, Help: "Increments when a server accepts a Raft-related RPC connection.", }, { Name: []string{"rpc", "request_error"}, Help: "Increments when a server returns an error from an RPC request.", }, { Name: []string{"rpc", "request"}, Help: "Increments when a server receives a Consul-related RPC request.", }, { Name: []string{"rpc", "cross-dc"}, Help: "Increments when a server sends a (potentially blocking) cross datacenter RPC query.", }, { Name: []string{"rpc", "query"}, Help: "Increments when a server receives a new blocking RPC request, indicating the rate of new blocking query calls.", }, }
var RPCGauges = []prometheus.GaugeDefinition{ { Name: []string{"rpc", "queries_blocking"}, Help: "Shows the current number of in-flight blocking queries the server is handling.", }, }
var RPCSummaries = []prometheus.SummaryDefinition{ { Name: []string{"rpc", "consistentRead"}, Help: "Measures the time spent confirming that a consistent read can be performed.", }, }
var ReplicationGauges = []prometheus.GaugeDefinition{ { Name: []string{"leader", "replication", "acl-policies", "status"}, Help: "Tracks the current health of ACL policy replication on the leader", }, { Name: []string{"leader", "replication", "acl-policies", "index"}, Help: "Tracks the index of ACL policies in the primary that the secondary has successfully replicated", }, { Name: []string{"leader", "replication", "acl-tokens", "status"}, Help: "Tracks the current health of ACL token replication on the leader", }, { Name: []string{"leader", "replication", "acl-tokens", "index"}, Help: "Tracks the index of ACL tokens in the primary that the secondary has successfully replicated", }, { Name: []string{"leader", "replication", "acl-roles", "status"}, Help: "Tracks the current health of ACL role replication on the leader", }, { Name: []string{"leader", "replication", "acl-roles", "index"}, Help: "Tracks the index of ACL roles in the primary that the secondary has successfully replicated", }, { Name: []string{"leader", "replication", "config-entries", "status"}, Help: "Tracks the current health of config entry replication on the leader", }, { Name: []string{"leader", "replication", "config-entries", "index"}, Help: "Tracks the index of config entries in the primary that the secondary has successfully replicated", }, { Name: []string{"leader", "replication", "federation-state", "status"}, Help: "Tracks the current health of federation state replication on the leader", }, { Name: []string{"leader", "replication", "federation-state", "index"}, Help: "Tracks the index of federation states in the primary that the secondary has successfully replicated", }, { Name: []string{"leader", "replication", "namespaces", "status"}, Help: "Tracks the current health of federation state replication on the leader", }, { Name: []string{"leader", "replication", "namespaces", "index"}, Help: "Tracks the index of federation states in the primary that the secondary has successfully replicated", }, }
var SegmentOSSSummaries = []prometheus.SummaryDefinition{ { Name: []string{"leader", "reconcile"}, Help: "Measures the time spent updating the raft store from the serf member information.", }, }
var SessionEndpointSummaries = []prometheus.SummaryDefinition{ { Name: []string{"session", "apply"}, Help: "Measures the time spent applying a session update.", }, { Name: []string{"session", "renew"}, Help: "Measures the time spent renewing a session.", }, }
var SessionGauges = []prometheus.GaugeDefinition{ { Name: []string{"session_ttl", "active"}, Help: "Tracks the active number of sessions being tracked.", }, { Name: []string{"raft", "applied_index"}, Help: "Represents the raft applied index.", }, { Name: []string{"raft", "last_index"}, Help: "Represents the raft last index.", }, }
var SessionSummaries = []prometheus.SummaryDefinition{ { Name: []string{"session_ttl", "invalidate"}, Help: "Measures the time spent invalidating an expired session.", }, }
var TxnSummaries = []prometheus.SummaryDefinition{ { Name: []string{"txn", "apply"}, Help: "Measures the time spent applying a transaction operation.", }, { Name: []string{"txn", "read"}, Help: "Measures the time spent returning a read transaction.", }, }
Functions ¶
func CanServersUnderstandProtocol ¶
CanServersUnderstandProtocol checks to see if all the servers in the given list understand the given protocol version. If there are no servers in the list then this will return false.
func FilterDirEnt ¶
func FilterDirEnt(authorizer acl.Authorizer, ent structs.DirEntries) structs.DirEntries
FilterDirEnt is used to filter a list of directory entries by applying an ACL policy
func FilterEntries ¶
FilterEntries is used to do an inplace filter of a slice. This has cost proportional to the list length.
func FilterTxnResults ¶
func FilterTxnResults(authorizer acl.Authorizer, results structs.TxnResults) structs.TxnResults
FilterTxnResults is used to filter a list of transaction results by applying an ACL policy.
func IsACLRemoteError ¶ added in v1.4.0
func ServersGetACLMode ¶ added in v1.4.0
func ServersGetACLMode(provider checkServersProvider, leaderAddr string, datacenter string) (found bool, mode structs.ACLMode, leaderMode structs.ACLMode)
ServersGetACLMode checks all the servers in a particular datacenter and determines what the minimum ACL mode amongst them is and what the leaders ACL mode is. The "found" return value indicates whether there were any servers considered in this datacenter. If that is false then the other mode return values are meaningless as they will be ACLModeEnabled and ACLModeUnkown respectively.
func ServersInDCMeetMinimumVersion ¶ added in v1.6.0
func ServersInDCMeetMinimumVersion(provider checkServersProvider, datacenter string, minVersion *version.Version) (ok bool, found bool)
ServersInDCMeetMinimumVersion returns whether the given alive servers from a particular datacenter are at least on the given Consul version. This also returns whether any alive or failed servers are known in that datacenter (ignoring left and leaving ones)
func ServersInDCMeetRequirements ¶ added in v1.6.5
func ServersInDCMeetRequirements(provider checkServersProvider, datacenter string, meetsRequirements serverRequirementFn) (ok bool, found bool)
ServersInDCMeetRequirements returns whether the given server members meet the requirements as defined by the callback function and whether at least one server remains unfiltered by the requirements function.
func SnapshotRPC ¶
func SnapshotRPC( connPool *pool.ConnPool, dc string, nodeName string, addr net.Addr, args *structs.SnapshotRequest, in io.Reader, reply *structs.SnapshotResponse, ) (io.ReadCloser, error)
SnapshotRPC is a streaming client function for performing a snapshot RPC request to a remote server. It will create a fresh connection for each request, send the request header, and then stream in any data from the reader (for a restore). It will then parse the received response header, and if there's no error will return an io.ReadCloser (that you must close) with the streaming output (for a snapshot). If the reply contains an error, this will always return an error as well, so you don't need to check the error inside the filled-in reply.
Types ¶
type ACL ¶
type ACL struct {
// contains filtered or unexported fields
}
ACL endpoint is used to manipulate ACLs
func (*ACL) Apply ¶
func (a *ACL) Apply(args *structs.ACLRequest, reply *string) error
Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data
func (*ACL) AuthMethodDelete ¶ added in v1.5.0
func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *bool) error
func (*ACL) AuthMethodList ¶ added in v1.5.0
func (a *ACL) AuthMethodList(args *structs.ACLAuthMethodListRequest, reply *structs.ACLAuthMethodListResponse) error
func (*ACL) AuthMethodRead ¶ added in v1.5.0
func (a *ACL) AuthMethodRead(args *structs.ACLAuthMethodGetRequest, reply *structs.ACLAuthMethodResponse) error
func (*ACL) AuthMethodSet ¶ added in v1.5.0
func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *structs.ACLAuthMethod) error
func (*ACL) Authorize ¶ added in v1.7.0
func (a *ACL) Authorize(args *structs.RemoteACLAuthorizationRequest, reply *[]structs.ACLAuthorizationResponse) error
func (*ACL) BindingRuleDelete ¶ added in v1.5.0
func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply *bool) error
func (*ACL) BindingRuleList ¶ added in v1.5.0
func (a *ACL) BindingRuleList(args *structs.ACLBindingRuleListRequest, reply *structs.ACLBindingRuleListResponse) error
func (*ACL) BindingRuleRead ¶ added in v1.5.0
func (a *ACL) BindingRuleRead(args *structs.ACLBindingRuleGetRequest, reply *structs.ACLBindingRuleResponse) error
func (*ACL) BindingRuleSet ¶ added in v1.5.0
func (a *ACL) BindingRuleSet(args *structs.ACLBindingRuleSetRequest, reply *structs.ACLBindingRule) error
func (*ACL) Bootstrap ¶ added in v0.9.1
Bootstrap is used to perform a one-time ACL bootstrap operation on a cluster to get the first management token.
func (*ACL) BootstrapTokens ¶ added in v1.4.0
Bootstrap is used to perform a one-time ACL bootstrap operation on a cluster to get the first management token.
func (*ACL) Get ¶
func (a *ACL) Get(args *structs.ACLSpecificRequest, reply *structs.IndexedACLs) error
Get is used to retrieve a single ACL
func (*ACL) GetPolicy ¶
func (a *ACL) GetPolicy(args *structs.ACLPolicyResolveLegacyRequest, reply *structs.ACLPolicyResolveLegacyResponse) error
GetPolicy is used to retrieve a compiled policy object with a TTL. Does not support a blocking query.
func (*ACL) List ¶
func (a *ACL) List(args *structs.DCSpecificRequest, reply *structs.IndexedACLs) error
List is used to list all the ACLs
func (*ACL) Logout ¶ added in v1.5.0
func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error
func (*ACL) PolicyBatchRead ¶ added in v1.4.0
func (a *ACL) PolicyBatchRead(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error
func (*ACL) PolicyDelete ¶ added in v1.4.0
func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) error
func (*ACL) PolicyList ¶ added in v1.4.0
func (a *ACL) PolicyList(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error
func (*ACL) PolicyRead ¶ added in v1.4.0
func (a *ACL) PolicyRead(args *structs.ACLPolicyGetRequest, reply *structs.ACLPolicyResponse) error
func (*ACL) PolicyResolve ¶ added in v1.4.0
func (a *ACL) PolicyResolve(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error
PolicyResolve is used to retrieve a subset of the policies associated with a given token The policy ids in the args simply act as a filter on the policy set assigned to the token
func (*ACL) ReplicationStatus ¶
func (a *ACL) ReplicationStatus(args *structs.DCSpecificRequest, reply *structs.ACLReplicationStatus) error
ReplicationStatus is used to retrieve the current ACL replication status.
func (*ACL) RoleBatchRead ¶ added in v1.5.0
func (a *ACL) RoleBatchRead(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error
func (*ACL) RoleDelete ¶ added in v1.5.0
func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) error
func (*ACL) RoleList ¶ added in v1.5.0
func (a *ACL) RoleList(args *structs.ACLRoleListRequest, reply *structs.ACLRoleListResponse) error
func (*ACL) RoleRead ¶ added in v1.5.0
func (a *ACL) RoleRead(args *structs.ACLRoleGetRequest, reply *structs.ACLRoleResponse) error
func (*ACL) RoleResolve ¶ added in v1.5.0
func (a *ACL) RoleResolve(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error
RoleResolve is used to retrieve a subset of the roles associated with a given token The role ids in the args simply act as a filter on the role set assigned to the token
func (*ACL) TokenBatchRead ¶ added in v1.4.0
func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *structs.ACLTokenBatchResponse) error
func (*ACL) TokenClone ¶ added in v1.4.0
func (*ACL) TokenDelete ¶ added in v1.4.0
func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) error
func (*ACL) TokenList ¶ added in v1.4.0
func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error
func (*ACL) TokenRead ¶ added in v1.4.0
func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLTokenResponse) error
type ACLRemoteError ¶ added in v1.4.0
type ACLRemoteError struct {
Err error
}
func (ACLRemoteError) Error ¶ added in v1.4.0
func (e ACLRemoteError) Error() string
type ACLResolver ¶ added in v1.4.0
type ACLResolver struct {
// contains filtered or unexported fields
}
ACLResolver is the type to handle all your token and policy resolution needs.
Supports:
- Resolving tokens locally via the ACLResolverDelegate
- Resolving policies locally via the ACLResolverDelegate
- Resolving roles locally via the ACLResolverDelegate
- Resolving legacy tokens remotely via an ACL.GetPolicy RPC
- Resolving tokens remotely via an ACL.TokenRead RPC
- Resolving policies remotely via an ACL.PolicyResolve RPC
- Resolving roles remotely via an ACL.RoleResolve RPC
Remote Resolution:
Remote resolution can be done synchronously or asynchronously depending on the ACLDownPolicy in the Config passed to the resolver. When the down policy is set to async-cache and we have already cached values then go routines will be spawned to perform the RPCs in the background and then will update the cache with either the positive or negative result. When the down policy is set to extend-cache or the token/policy/role is not already cached then the same go routines are spawned to do the RPCs in the background. However in this mode channels are created to receive the results of the RPC and are registered with the resolver. Those channels are immediately read/blocked upon.
func NewACLResolver ¶ added in v1.4.0
func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error)
func (*ACLResolver) ACLsEnabled ¶ added in v1.4.0
func (r *ACLResolver) ACLsEnabled() bool
func (*ACLResolver) Close ¶ added in v1.7.0
func (r *ACLResolver) Close()
func (*ACLResolver) GetMergedPolicyForToken ¶ added in v1.4.0
func (r *ACLResolver) GetMergedPolicyForToken(token string) (structs.ACLIdentity, *acl.Policy, error)
func (*ACLResolver) ResolveTokenToIdentity ¶ added in v1.8.0
func (r *ACLResolver) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)
func (*ACLResolver) ResolveTokenToIdentityAndAuthorizer ¶ added in v1.7.0
func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)
type ACLResolverConfig ¶ added in v1.4.0
type ACLResolverConfig struct { Config *Config Logger hclog.Logger // CacheConfig is a pass through configuration for ACL cache limits CacheConfig *structs.ACLCachesConfig // Delegate that implements some helper functionality that is server/client specific Delegate ACLResolverDelegate // AutoDisable indicates that RPC responses should be checked and if they indicate ACLs are disabled // remotely then disable them locally as well. This is particularly useful for the client agent // so that it can detect when the servers have gotten ACLs enabled. AutoDisable bool // ACLConfig is the configuration necessary to pass through to the acl package when creating authorizers // and when authorizing access ACLConfig *acl.Config // Tokens is the token store of locally managed tokens Tokens *token.Store }
ACLResolverConfig holds all the configuration necessary to create an ACLResolver
type ACLResolverDelegate ¶ added in v1.4.0
type ACLResolverDelegate interface { ACLDatacenter(legacy bool) string UseLegacyACLs() bool ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error) RPC(method string, args interface{}, reply interface{}) error EnterpriseACLResolverDelegate }
type AutoConfig ¶ added in v1.8.1
type AutoConfig struct {
// contains filtered or unexported fields
}
AutoConfig endpoint is used for cluster auto configuration operations
func NewAutoConfig ¶ added in v1.8.1
func NewAutoConfig(conf *Config, tlsConfigurator *tlsutil.Configurator, backend AutoConfigBackend, authz AutoConfigAuthorizer) *AutoConfig
func (*AutoConfig) InitialConfiguration ¶ added in v1.8.1
func (ac *AutoConfig) InitialConfiguration(req *pbautoconf.AutoConfigRequest, resp *pbautoconf.AutoConfigResponse) error
AgentAutoConfig will authorize the incoming request and then generate the configuration to push down to the client
type AutoConfigAuthorizer ¶ added in v1.8.1
type AutoConfigAuthorizer interface { // Authorizes the request and returns a struct containing the various // options for how to generate the configuration. Authorize(*pbautoconf.AutoConfigRequest) (AutoConfigOptions, error) }
type AutoConfigBackend ¶ added in v1.8.1
type AutoConfigBackend interface { CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error) DatacenterJoinAddresses(segment string) ([]string, error) ForwardRPC(method string, info structs.RPCInfo, args, reply interface{}) (bool, error) GetCARoots() (*structs.IndexedCARoots, error) SignCertificate(csr *x509.CertificateRequest, id connect.CertURI) (*structs.IssuedCert, error) }
type AutoConfigOptions ¶ added in v1.8.1
type AutoConfigOptions struct { NodeName string SegmentName string CSR *x509.CertificateRequest SpiffeID *connect.SpiffeIDAgent }
type AutoEncrypt ¶ added in v1.5.2
type AutoEncrypt struct {
// contains filtered or unexported fields
}
func (*AutoEncrypt) Sign ¶ added in v1.5.2
func (a *AutoEncrypt) Sign( args *structs.CASignRequest, reply *structs.SignedResponse) error
Sign signs a certificate for an agent.
type AutopilotDelegate ¶ added in v1.0.3
type AutopilotDelegate struct {
// contains filtered or unexported fields
}
AutopilotDelegate is a Consul delegate for autopilot operations.
func (*AutopilotDelegate) AutopilotConfig ¶ added in v1.0.3
func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config
func (*AutopilotDelegate) FetchServerStats ¶ added in v1.9.0
func (*AutopilotDelegate) KnownServers ¶ added in v1.9.0
func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server
func (*AutopilotDelegate) NotifyState ¶ added in v1.9.0
func (d *AutopilotDelegate) NotifyState(state *autopilot.State)
func (*AutopilotDelegate) RemoveFailedServer ¶ added in v1.9.0
func (d *AutopilotDelegate) RemoveFailedServer(srv *autopilot.Server)
type CAManager ¶ added in v1.8.7
type CAManager struct {
// contains filtered or unexported fields
}
CAManager is a wrapper around CA operations such as updating roots, an intermediate or the configuration. All operations should go through the CAManager in order to avoid data races.
func NewCAManager ¶ added in v1.8.7
func NewCAManager(delegate caServerDelegate, leaderRoutineManager *LeaderRoutineManager, logger hclog.Logger, config *Config) *CAManager
func (*CAManager) Initialize ¶ added in v1.9.14
Initialize sets up the CA provider when gaining leadership, either bootstrapping the CA if this is the primary DC or making a remote RPC for intermediate signing if this is a secondary DC.
func (*CAManager) RenewIntermediate ¶ added in v1.8.7
RenewIntermediate checks the intermediate cert for expiration. If more than half the time a cert is valid has passed, it will try to renew it.
func (*CAManager) UpdateConfiguration ¶ added in v1.8.7
func (*CAManager) UpdateRoots ¶ added in v1.8.7
func (c *CAManager) UpdateRoots(roots structs.IndexedCARoots) error
UpdateRoots updates the cached roots from the primary and regenerates the intermediate certificate if necessary.
type Catalog ¶
type Catalog struct {
// contains filtered or unexported fields
}
Catalog endpoint is used to manipulate the service catalog
func (*Catalog) Deregister ¶
func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) error
Deregister is used to remove a service registration for a given node.
func (*Catalog) GatewayServices ¶ added in v1.8.0
func (c *Catalog) GatewayServices(args *structs.ServiceSpecificRequest, reply *structs.IndexedGatewayServices) error
func (*Catalog) ListDatacenters ¶
func (c *Catalog) ListDatacenters(args *structs.DatacentersRequest, reply *[]string) error
ListDatacenters is used to query for the list of known datacenters
func (*Catalog) ListNodes ¶
func (c *Catalog) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedNodes) error
ListNodes is used to query the nodes in a DC
func (*Catalog) ListServices ¶
func (c *Catalog) ListServices(args *structs.DCSpecificRequest, reply *structs.IndexedServices) error
ListServices is used to query the services in a DC
func (*Catalog) NodeServiceList ¶ added in v1.7.0
func (c *Catalog) NodeServiceList(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServiceList) error
func (*Catalog) NodeServices ¶
func (c *Catalog) NodeServices(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServices) error
NodeServices returns all the services registered as part of a node
func (*Catalog) Register ¶
func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error
Register is used register that a node is providing a given service.
func (*Catalog) ServiceList ¶ added in v1.7.0
func (c *Catalog) ServiceList(args *structs.DCSpecificRequest, reply *structs.IndexedServiceList) error
func (*Catalog) ServiceNodes ¶
func (c *Catalog) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceNodes) error
ServiceNodes returns all the nodes registered as part of a service
type Client ¶
type Client struct { // embedded struct to hold all the enterprise specific data EnterpriseClient // contains filtered or unexported fields }
Client is Consul client which uses RPC to communicate with the services for service discovery, health checking, and DC forwarding.
func (*Client) ACLDatacenter ¶ added in v1.4.0
func (*Client) CheckServers ¶ added in v1.6.5
CheckServers implements the checkServersProvider interface for the Client
func (*Client) GetLANCoordinate ¶
func (c *Client) GetLANCoordinate() (lib.CoordinateSet, error)
GetLANCoordinate returns the network coordinate of the current node, as maintained by Serf.
func (*Client) JoinLAN ¶
JoinLAN is used to have Consul client join the inner-DC pool The target address should be another node inside the DC listening on the Serf LAN address
func (*Client) KeyManagerLAN ¶
func (c *Client) KeyManagerLAN() *serf.KeyManager
KeyManagerLAN returns the LAN Serf keyring manager
func (*Client) LANMembers ¶
LANMembers is used to return the members of the LAN cluster
func (*Client) LANMembersAllSegments ¶ added in v0.9.3
LANMembersAllSegments returns members from all segments.
func (*Client) LANSegmentMembers ¶ added in v0.9.3
LANSegmentMembers only returns our own segment's members, because clients can't be in multiple segments.
func (*Client) LocalMember ¶
LocalMember is used to return the local node
func (*Client) ReloadConfig ¶ added in v1.2.0
ReloadConfig is used to have the Client do an online reload of relevant configuration information
func (*Client) RemoveFailedNode ¶
RemoveFailedNode is used to remove a failed node from the cluster
func (*Client) ResolveIdentityFromToken ¶ added in v1.4.0
func (*Client) ResolvePolicyFromID ¶ added in v1.4.0
func (*Client) ResolveRoleFromID ¶ added in v1.5.0
func (*Client) ResolveTokenAndDefaultMeta ¶ added in v1.7.0
func (c *Client) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error)
func (*Client) ResolveTokenToIdentity ¶ added in v1.8.0
func (c *Client) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)
func (*Client) SnapshotRPC ¶
func (c *Client) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error
SnapshotRPC sends the snapshot request to one of the servers, reading from the streaming input and writing to the streaming output depending on the operation.
func (*Client) Stats ¶
Stats is used to return statistics for debugging and insight for various sub-systems
func (*Client) UseLegacyACLs ¶ added in v1.4.0
type Config ¶
type Config struct { // Bootstrap mode is used to bring up the first Consul server. // It is required so that it can elect a leader without any // other nodes being present Bootstrap bool // BootstrapExpect mode is used to automatically bring up a collection of // Consul servers. This can be used to automatically bring up a collection // of nodes. BootstrapExpect int // Datacenter is the datacenter this Consul server represents. Datacenter string // PrimaryDatacenter is the authoritative datacenter for features like ACLs // and Connect. PrimaryDatacenter string // DataDir is the directory to store our state in. DataDir string // DefaultQueryTime is the amount of time a blocking query will wait before // Consul will force a response. This value can be overridden by the 'wait' // query parameter. DefaultQueryTime time.Duration // MaxQueryTime is the maximum amount of time a blocking query can wait // before Consul will force a response. Consul applies jitter to the wait // time. The jittered time will be capped to MaxQueryTime. MaxQueryTime time.Duration // DevMode is used to enable a development server mode. DevMode bool // NodeID is a unique identifier for this node across space and time. NodeID types.NodeID // Node name is the name we use to advertise. Defaults to hostname. NodeName string // Domain is the DNS domain for the records. Defaults to "consul." Domain string // RaftConfig is the configuration used for Raft in the local DC RaftConfig *raft.Config // (Enterprise-only) ReadReplica is used to prevent this server from being added // as a voting member of the Raft cluster. ReadReplica bool // NotifyListen is called after the RPC listener has been configured. // RPCAdvertise will be set to the listener address if it hasn't been // configured at this point. NotifyListen func() // RPCAddr is the RPC address used by Consul. This should be reachable // by the WAN and LAN RPCAddr *net.TCPAddr // RPCAdvertise is the address that is advertised to other nodes for // the RPC endpoint. This can differ from the RPC address, if for example // the RPCAddr is unspecified "0.0.0.0:8300", but this address must be // reachable. If RPCAdvertise is nil then it will be set to the Listener // address after the listening socket is configured. RPCAdvertise *net.TCPAddr // RPCSrcAddr is the source address for outgoing RPC connections. RPCSrcAddr *net.TCPAddr // (Enterprise-only) The network segment this agent is part of. Segment string // (Enterprise-only) Segments is a list of network segments for a server to // bind on. Segments []NetworkSegment // SerfLANConfig is the configuration for the intra-dc serf SerfLANConfig *serf.Config // SerfWANConfig is the configuration for the cross-dc serf SerfWANConfig *serf.Config // SerfFloodInterval controls how often we attempt to flood local Serf // Consul servers into the global areas (WAN and user-defined areas in // Consul Enterprise). SerfFloodInterval time.Duration // ReconcileInterval controls how often we reconcile the strongly // consistent store with the Serf info. This is used to handle nodes // that are force removed, as well as intermittent unavailability during // leader election. ReconcileInterval time.Duration // ProtocolVersion is the protocol version to speak. This must be between // ProtocolVersionMin and ProtocolVersionMax. ProtocolVersion uint8 // VerifyIncoming is used to verify the authenticity of incoming connections. // This means that TCP requests are forbidden, only allowing for TLS. TLS connections // must match a provided certificate authority. This can be used to force client auth. VerifyIncoming bool // VerifyOutgoing is used to force verification of the authenticity of outgoing connections. // This means that TLS requests are used, and TCP requests are not made. TLS connections // must match a provided certificate authority. VerifyOutgoing bool // UseTLS is used to enable TLS for outgoing connections to other TLS-capable Consul // servers. This doesn't imply any verification, it only enables TLS if possible. UseTLS bool // VerifyServerHostname is used to enable hostname verification of servers. This // ensures that the certificate presented is valid for server.<datacenter>.<domain>. // This prevents a compromised client from being restarted as a server, and then // intercepting request traffic as well as being added as a raft peer. This should be // enabled by default with VerifyOutgoing, but for legacy reasons we cannot break // existing clients. VerifyServerHostname bool // CAFile is a path to a certificate authority file. This is used with VerifyIncoming // or VerifyOutgoing to verify the TLS connection. CAFile string // CAPath is a path to a directory of certificate authority files. This is used with // VerifyIncoming or VerifyOutgoing to verify the TLS connection. CAPath string // CertFile is used to provide a TLS certificate that is used for serving TLS connections. // Must be provided to serve TLS connections. CertFile string // KeyFile is used to provide a TLS key that is used for serving TLS connections. // Must be provided to serve TLS connections. KeyFile string // ServerName is used with the TLS certificate to ensure the name we // provide matches the certificate ServerName string // TLSMinVersion is used to set the minimum TLS version used for TLS connections. TLSMinVersion string // TLSCipherSuites is used to specify the list of supported ciphersuites. TLSCipherSuites []uint16 // TLSPreferServerCipherSuites specifies whether to prefer the server's ciphersuite // over the client ciphersuites. TLSPreferServerCipherSuites bool // RejoinAfterLeave controls our interaction with Serf. // When set to false (default), a leave causes a Consul to not rejoin // the cluster until an explicit join is received. If this is set to // true, we ignore the leave, and rejoin the cluster on start. RejoinAfterLeave bool // AdvertiseReconnectTimeout is the duration after which this node should be // assumed to not be returning and thus should be reaped within Serf. This // can only be set for Client agents AdvertiseReconnectTimeout time.Duration // Build is a string that is gossiped around, and can be used to help // operators track which versions are actively deployed Build string // ACLEnabled is used to enable ACLs ACLsEnabled bool // ACLMasterToken is used to bootstrap the ACL system. It should be specified // on the servers in the ACLDatacenter. When the leader comes online, it ensures // that the Master token is available. This provides the initial token. ACLMasterToken string // ACLDatacenter provides the authoritative datacenter for ACL // tokens. If not provided, ACL verification is disabled. ACLDatacenter string // ACLTokenTTL controls the time-to-live of cached ACL tokens. // It can be set to zero to disable caching, but this adds // a substantial cost. ACLTokenTTL time.Duration // ACLPolicyTTL controls the time-to-live of cached ACL policies. // It can be set to zero to disable caching, but this adds // a substantial cost. ACLPolicyTTL time.Duration // ACLRoleTTL controls the time-to-live of cached ACL roles. // It can be set to zero to disable caching, but this adds // a substantial cost. ACLRoleTTL time.Duration // ACLDisabledTTL is the time between checking if ACLs should be // enabled. This ACLDisabledTTL time.Duration // ACLTokenReplication is used to enabled token replication. // // By default policy-only replication is enabled. When token // replication is off and the primary datacenter is not // yet upgraded to the new ACLs no replication will be performed ACLTokenReplication bool // ACLDefaultPolicy is used to control the ACL interaction when // there is no defined policy. This can be "allow" which means // ACLs are used to deny-list, or "deny" which means ACLs are // allow-lists. ACLDefaultPolicy string // ACLDownPolicy controls the behavior of ACLs if the ACLDatacenter // cannot be contacted. It can be either "deny" to deny all requests, // "extend-cache" or "async-cache" which ignores the ACLCacheInterval and // uses cached policies. // If a policy is not in the cache, it acts like deny. // "allow" can be used to allow all requests. This is not recommended. ACLDownPolicy string // ACLReplicationRate is the max number of replication rounds that can // be run per second. Note that either 1 or 2 RPCs are used during each replication // round ACLReplicationRate int // ACLReplicationBurst is how many replication RPCs can be bursted after a // period of idleness ACLReplicationBurst int // ACLReplicationApplyLimit is the max number of replication-related // apply operations that we allow during a one second period. This is // used to limit the amount of Raft bandwidth used for replication. ACLReplicationApplyLimit int // ACLEnableKeyListPolicy is used to gate enforcement of the new "list" policy that // protects listing keys by prefix. This behavior is opt-in // by default in Consul 1.0 and later. ACLEnableKeyListPolicy bool AutoConfigEnabled bool AutoConfigIntroToken string AutoConfigIntroTokenFile string AutoConfigServerAddresses []string AutoConfigDNSSANs []string AutoConfigIPSANs []net.IP AutoConfigAuthzEnabled bool AutoConfigAuthzAuthMethod structs.ACLAuthMethod AutoConfigAuthzClaimAssertions []string AutoConfigAuthzAllowReuse bool // TombstoneTTL is used to control how long KV tombstones are retained. // This provides a window of time where the X-Consul-Index is monotonic. // Outside this window, the index may not be monotonic. This is a result // of a few trade offs: // 1) The index is defined by the data view and not globally. This is a // performance optimization that prevents any write from incrementing the // index for all data views. // 2) Tombstones are not kept indefinitely, since otherwise storage required // is also monotonic. This prevents deletes from reducing the disk space // used. // In theory, neither of these are intrinsic limitations, however for the // purposes of building a practical system, they are reasonable trade offs. // // It is also possible to set this to an incredibly long time, thereby // simulating infinite retention. This is not recommended however. // TombstoneTTL time.Duration // TombstoneTTLGranularity is used to control how granular the timers are // for the Tombstone GC. This is used to batch the GC of many keys together // to reduce overhead. It is unlikely a user would ever need to tune this. TombstoneTTLGranularity time.Duration // Minimum Session TTL SessionTTLMin time.Duration // maxTokenExpirationDuration is the maximum difference allowed between // ACLToken CreateTime and ExpirationTime values if ExpirationTime is set // on a token. ACLTokenMaxExpirationTTL time.Duration // ACLTokenMinExpirationTTL is the minimum difference allowed between // ACLToken CreateTime and ExpirationTime values if ExpirationTime is set // on a token. ACLTokenMinExpirationTTL time.Duration // ServerUp callback can be used to trigger a notification that // a Consul server is now up and known about. ServerUp func() // Shutdown callback is used to trigger a full Consul shutdown Shutdown func() // UserEventHandler callback can be used to handle incoming // user events. This function should not block. UserEventHandler func(serf.UserEvent) // ConfigReplicationRate is the max number of replication rounds that can // be run per second. Note that either 1 or 2 RPCs are used during each replication // round ConfigReplicationRate int // ConfigReplicationBurst is how many replication rounds can be bursted after a // period of idleness ConfigReplicationBurst int // ConfigReplicationApply limit is the max number of replication-related // apply operations that we allow during a one second period. This is // used to limit the amount of Raft bandwidth used for replication. ConfigReplicationApplyLimit int // FederationStateReplicationRate is the max number of replication rounds that can // be run per second. Note that either 1 or 2 RPCs are used during each replication // round FederationStateReplicationRate int // FederationStateReplicationBurst is how many replication rounds can be bursted after a // period of idleness FederationStateReplicationBurst int // FederationStateReplicationApply limit is the max number of replication-related // apply operations that we allow during a one second period. This is // used to limit the amount of Raft bandwidth used for replication. FederationStateReplicationApplyLimit int // CoordinateUpdatePeriod controls how long a server batches coordinate // updates before applying them in a Raft transaction. A larger period // leads to fewer Raft transactions, but also the stored coordinates // being more stale. CoordinateUpdatePeriod time.Duration // CoordinateUpdateBatchSize controls the maximum number of updates a // server batches before applying them in a Raft transaction. CoordinateUpdateBatchSize int // CoordinateUpdateMaxBatches controls the maximum number of batches we // are willing to apply in one period. After this limit we will issue a // warning and discard the remaining updates. CoordinateUpdateMaxBatches int // CheckOutputMaxSize control the max size of output of checks CheckOutputMaxSize int // RPCHandshakeTimeout limits how long we will wait for the initial magic byte // on an RPC client connection. It also governs how long we will wait for a // TLS handshake when TLS is configured however the timout applies separately // for the initial magic byte and the TLS handshake and inner magic byte. RPCHandshakeTimeout time.Duration // RPCHoldTimeout is how long an RPC can be "held" before it is errored. // This is used to paper over a loss of leadership by instead holding RPCs, // so that the caller experiences a slow response rather than an error. // This period is meant to be long enough for a leader election to take // place, and a small jitter is applied to avoid a thundering herd. RPCHoldTimeout time.Duration // RPCRate and RPCMaxBurst control how frequently RPC calls are allowed // to happen. In any large enough time interval, rate limiter limits the // rate to RPCRate tokens per second, with a maximum burst size of // RPCMaxBurst events. As a special case, if RPCRate == Inf (the infinite // rate), RPCMaxBurst is ignored. // // See https://en.wikipedia.org/wiki/Token_bucket for more about token // buckets. RPCRate rate.Limit RPCMaxBurst int // RPCMaxConnsPerClient is the limit of how many concurrent connections are // allowed from a single source IP. RPCMaxConnsPerClient int // LeaveDrainTime is used to wait after a server has left the LAN Serf // pool for RPCs to drain and new requests to be sent to other servers. LeaveDrainTime time.Duration // AutopilotConfig is used to apply the initial autopilot config when // bootstrapping. AutopilotConfig *structs.AutopilotConfig // ServerHealthInterval is the frequency with which the health of the // servers in the cluster will be updated. ServerHealthInterval time.Duration // AutopilotInterval is the frequency with which the leader will perform // autopilot tasks, such as promoting eligible non-voters and removing // dead servers. AutopilotInterval time.Duration // MetricsReportingInterval is the frequency with which the server will // report usage metrics to the configured go-metrics Sinks. MetricsReportingInterval time.Duration // ConnectEnabled is whether to enable Connect features such as the CA. ConnectEnabled bool // ConnectMeshGatewayWANFederationEnabled determines if wan federation of // datacenters should exclusively traverse mesh gateways. ConnectMeshGatewayWANFederationEnabled bool // DisableFederationStateAntiEntropy solely exists for use in unit tests to // disable a background routine. DisableFederationStateAntiEntropy bool // OverrideInitialSerfTags solely exists for use in unit tests to ensure // that a serf tag is initially set to a known value, rather than the // default to test some consul upgrade scenarios with fewer races. OverrideInitialSerfTags func(tags map[string]string) // CAConfig is used to apply the initial Connect CA configuration when // bootstrapping. CAConfig *structs.CAConfiguration // ConfigEntryBootstrap contains a list of ConfigEntries to ensure are created // If entries of the same Kind/Name exist already these will not update them. ConfigEntryBootstrap []structs.ConfigEntry // AutoEncryptAllowTLS is whether to enable the server responding to // AutoEncrypt.Sign requests. AutoEncryptAllowTLS bool RPCConfig RPCConfig // Embedded Consul Enterprise specific configuration *EnterpriseConfig }
Config is used to configure the server
func (*Config) CheckProtocolVersion ¶
CheckProtocolVersion validates the protocol version.
func (*Config) ToTLSUtilConfig ¶ added in v1.4.3
ToTLSUtilConfig is only used by tests, usually the config is being passed down from the agent.
type ConfigEntry ¶ added in v1.5.0
type ConfigEntry struct {
// contains filtered or unexported fields
}
The ConfigEntry endpoint is used to query centralized config information
func (*ConfigEntry) Apply ¶ added in v1.5.0
func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error
Apply does an upsert of the given config entry.
func (*ConfigEntry) Delete ¶ added in v1.5.0
func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *struct{}) error
Delete deletes a config entry.
func (*ConfigEntry) Get ¶ added in v1.5.0
func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.ConfigEntryResponse) error
Get returns a single config entry by Kind/Name.
func (*ConfigEntry) List ¶ added in v1.5.0
func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.IndexedConfigEntries) error
List returns all the config entries of the given kind. If Kind is blank, all existing config entries will be returned.
func (*ConfigEntry) ListAll ¶ added in v1.5.0
func (c *ConfigEntry) ListAll(args *structs.ConfigEntryListAllRequest, reply *structs.IndexedGenericConfigEntries) error
ListAll returns all the known configuration entries
func (*ConfigEntry) ResolveServiceConfig ¶ added in v1.5.0
func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, reply *structs.ServiceConfigResponse) error
ResolveServiceConfig
type ConnectCA ¶ added in v1.2.0
type ConnectCA struct {
// contains filtered or unexported fields
}
ConnectCA manages the Connect CA.
func (*ConnectCA) ConfigurationGet ¶ added in v1.2.0
func (s *ConnectCA) ConfigurationGet( args *structs.DCSpecificRequest, reply *structs.CAConfiguration) error
ConfigurationGet returns the configuration for the CA.
func (*ConnectCA) ConfigurationSet ¶ added in v1.2.0
ConfigurationSet updates the configuration for the CA.
func (*ConnectCA) Roots ¶ added in v1.2.0
func (s *ConnectCA) Roots( args *structs.DCSpecificRequest, reply *structs.IndexedCARoots) error
Roots returns the currently trusted root certificates.
func (*ConnectCA) Sign ¶ added in v1.2.0
func (s *ConnectCA) Sign( args *structs.CASignRequest, reply *structs.IssuedCert) error
Sign signs a certificate for a service.
func (*ConnectCA) SignIntermediate ¶ added in v1.6.0
func (s *ConnectCA) SignIntermediate( args *structs.CASignRequest, reply *string) error
SignIntermediate signs an intermediate certificate for a remote datacenter.
type Coordinate ¶
type Coordinate struct {
// contains filtered or unexported fields
}
Coordinate manages queries and updates for network coordinates.
func NewCoordinate ¶
func NewCoordinate(srv *Server, logger hclog.Logger) *Coordinate
NewCoordinate returns a new Coordinate endpoint.
func (*Coordinate) ListDatacenters ¶
func (c *Coordinate) ListDatacenters(args *struct{}, reply *[]structs.DatacenterMap) error
ListDatacenters returns the list of datacenters and their respective nodes and the raw coordinates of those nodes (if no coordinates are available for any of the nodes, the node list may be empty). This endpoint will not return information about the LAN network area.
func (*Coordinate) ListNodes ¶
func (c *Coordinate) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedCoordinates) error
ListNodes returns the list of nodes with their raw network coordinates (if no coordinates are available for a node it won't appear in this list).
func (*Coordinate) Node ¶ added in v1.0.1
func (c *Coordinate) Node(args *structs.NodeSpecificRequest, reply *structs.IndexedCoordinates) error
Node returns the raw coordinates for a single node.
func (*Coordinate) Update ¶
func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct{}) (err error)
Update inserts or updates the LAN coordinate of a node.
type Deps ¶ added in v1.9.0
type Deps struct { Logger hclog.InterceptLogger TLSConfigurator *tlsutil.Configurator Tokens *token.Store Router *router.Router ConnPool *pool.ConnPool GRPCConnPool *grpc.ClientConnPool }
type DiscoveryChain ¶ added in v1.6.0
type DiscoveryChain struct {
// contains filtered or unexported fields
}
func (*DiscoveryChain) Get ¶ added in v1.6.0
func (c *DiscoveryChain) Get(args *structs.DiscoveryChainRequest, reply *structs.DiscoveryChainResponse) error
type EnterpriseACLResolverDelegate ¶ added in v1.7.0
type EnterpriseACLResolverDelegate interface{}
EnterpriseACLResolverDelegate stub
type EnterpriseClient ¶ added in v1.2.0
type EnterpriseClient struct{}
type EnterpriseConfig ¶ added in v1.7.0
type EnterpriseConfig struct{}
func DefaultEnterpriseConfig ¶ added in v1.7.0
func DefaultEnterpriseConfig() *EnterpriseConfig
type EnterpriseServer ¶ added in v1.2.0
type EnterpriseServer struct{}
type FederationState ¶ added in v1.8.0
type FederationState struct {
// contains filtered or unexported fields
}
FederationState endpoint is used to manipulate federation states from all datacenters.
func (*FederationState) Apply ¶ added in v1.8.0
func (c *FederationState) Apply(args *structs.FederationStateRequest, reply *bool) error
func (*FederationState) Get ¶ added in v1.8.0
func (c *FederationState) Get(args *structs.FederationStateQuery, reply *structs.FederationStateResponse) error
func (*FederationState) List ¶ added in v1.8.0
func (c *FederationState) List(args *structs.DCSpecificRequest, reply *structs.IndexedFederationStates) error
List is the endpoint meant to be used by consul servers performing replication.
func (*FederationState) ListMeshGateways ¶ added in v1.8.0
func (c *FederationState) ListMeshGateways(args *structs.DCSpecificRequest, reply *structs.DatacenterIndexedCheckServiceNodes) error
ListMeshGateways is the endpoint meant to be used by proxies only interested in the discovery info for dialing mesh gateways. Analogous to catalog endpoints.
type FederationStateReplicator ¶ added in v1.8.0
type FederationStateReplicator struct {
// contains filtered or unexported fields
}
func (*FederationStateReplicator) DiffRemoteAndLocalState ¶ added in v1.8.0
func (r *FederationStateReplicator) DiffRemoteAndLocalState(localRaw interface{}, remoteRaw interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error)
DiffRemoteAndLocalState implements IndexReplicatorDelegate.
func (*FederationStateReplicator) FetchLocal ¶ added in v1.8.0
func (r *FederationStateReplicator) FetchLocal() (int, interface{}, error)
FetchLocal implements IndexReplicatorDelegate.
func (*FederationStateReplicator) FetchRemote ¶ added in v1.8.0
func (r *FederationStateReplicator) FetchRemote(lastRemoteIndex uint64) (int, interface{}, uint64, error)
FetchRemote implements IndexReplicatorDelegate.
func (*FederationStateReplicator) MetricName ¶ added in v1.8.0
func (r *FederationStateReplicator) MetricName() string
MetricName implements IndexReplicatorDelegate.
func (*FederationStateReplicator) PerformDeletions ¶ added in v1.8.0
func (r *FederationStateReplicator) PerformDeletions(ctx context.Context, deletionsRaw interface{}) (exit bool, err error)
PerformDeletions implements IndexReplicatorDelegate.
func (*FederationStateReplicator) PerformUpdates ¶ added in v1.8.0
func (r *FederationStateReplicator) PerformUpdates(ctx context.Context, updatesRaw interface{}) (exit bool, err error)
PerformUpdates implements IndexReplicatorDelegate.
func (*FederationStateReplicator) PluralNoun ¶ added in v1.8.0
func (r *FederationStateReplicator) PluralNoun() string
PluralNoun implements IndexReplicatorDelegate.
func (*FederationStateReplicator) SingularNoun ¶ added in v1.8.0
func (r *FederationStateReplicator) SingularNoun() string
SingularNoun implements IndexReplicatorDelegate.
type FunctionReplicator ¶ added in v1.7.0
type FunctionReplicator struct { ReplicateFn ReplicatorFunc Name string }
func (*FunctionReplicator) MetricName ¶ added in v1.8.11
func (r *FunctionReplicator) MetricName() string
type GatewayLocator ¶ added in v1.8.0
type GatewayLocator struct {
// contains filtered or unexported fields
}
GatewayLocator assists in selecting an appropriate mesh gateway when wan federation via mesh gateways is enabled.
This is exclusively used by the consul server itself when it needs to tunnel RPC or gossip through a mesh gateway to reach its ultimate destination.
During secondary datacenter bootstrapping there is a phase where it is impossible for mesh gateways in the secondary datacenter to register themselves into the catalog to be discovered by the servers, so the servers maintain references for the mesh gateways in the primary in addition to its own local mesh gateways.
After initial datacenter federation the primary mesh gateways are only used in extreme fallback situations (basically re-bootstrapping).
For all other operations a consul server will ALWAYS contact a local mesh gateway to ultimately forward the request through a remote mesh gateway to reach its destination.
func NewGatewayLocator ¶ added in v1.8.0
func NewGatewayLocator( logger hclog.Logger, srv serverDelegate, datacenter string, primaryDatacenter string, ) *GatewayLocator
func (*GatewayLocator) DialPrimaryThroughLocalGateway ¶ added in v1.8.0
func (g *GatewayLocator) DialPrimaryThroughLocalGateway() bool
DialPrimaryThroughLocalGateway determines if we should dial the primary's mesh gateways directly or use our local mesh gateways (if they are up).
Generally the system has three states:
1. Servers dial primary MGWs using fallback addresses from the agent config. 2. Servers dial primary MGWs using replicated federation state data. 3. Servers dial primary MGWs indirectly through local MGWs.
After initial bootstrapping most communication should go through (3). If the local mesh gateways are not coming up for chicken/egg problems (mostly the kind that arise from secondary datacenter bootstrapping) then (2) is useful to solve the chicken/egg problem and get back to (3). In the worst case where we completely lost communication with the primary AND all of their old mesh gateway addresses are changed then we need to go all the way back to square one and re-bootstrap via (1).
Since both (1) and (2) are meant to be temporary we simplify things and make the system only consider two overall configurations: (1+2, with the addresses being unioned) or (3).
This method returns true if in state (3) and false if in state (1+2).
func (*GatewayLocator) PickGateway ¶ added in v1.8.0
func (g *GatewayLocator) PickGateway(dc string) string
PickGateway returns the address for a gateway suitable for reaching the provided datacenter.
func (*GatewayLocator) PrimaryGatewayFallbackAddresses ¶ added in v1.8.0
func (g *GatewayLocator) PrimaryGatewayFallbackAddresses() []string
PrimaryGatewayFallbackAddresses returns the current set of discovered fallback addresses for the mesh gateways in the primary datacenter.
func (*GatewayLocator) PrimaryMeshGatewayAddressesReadyCh ¶ added in v1.8.0
func (g *GatewayLocator) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}
PrimaryMeshGatewayAddressesReadyCh returns a channel that will be closed when federation state replication ships back at least one primary mesh gateway (not via fallback config).
func (*GatewayLocator) RefreshPrimaryGatewayFallbackAddresses ¶ added in v1.8.0
func (g *GatewayLocator) RefreshPrimaryGatewayFallbackAddresses(addrs []string)
RefreshPrimaryGatewayFallbackAddresses is used to update the list of current fallback addresses for locating mesh gateways in the primary datacenter.
func (*GatewayLocator) Run ¶ added in v1.8.0
func (g *GatewayLocator) Run(ctx context.Context)
func (*GatewayLocator) SetLastFederationStateReplicationError ¶ added in v1.8.0
func (g *GatewayLocator) SetLastFederationStateReplicationError(err error, fromReplication bool)
SetLastFederationStateReplicationError is used to indicate if the federation state replication loop has succeeded (nil) or failed during the last execution.
Rather than introduce a completely new mechanism to periodically probe that our chosen mesh-gateway configuration can reach the primary's servers (like a ping or status RPC) we cheat and use the federation state replicator goroutine's success or failure as a proxy.
func (*GatewayLocator) SetUseReplicationSignal ¶ added in v1.8.9
func (g *GatewayLocator) SetUseReplicationSignal(newValue bool)
type Health ¶
type Health struct {
// contains filtered or unexported fields
}
Health endpoint is used to query the health information
func (*Health) ChecksInState ¶
func (h *Health) ChecksInState(args *structs.ChecksInStateRequest, reply *structs.IndexedHealthChecks) error
ChecksInState is used to get all the checks in a given state
func (*Health) NodeChecks ¶
func (h *Health) NodeChecks(args *structs.NodeSpecificRequest, reply *structs.IndexedHealthChecks) error
NodeChecks is used to get all the checks for a node
func (*Health) ServiceChecks ¶
func (h *Health) ServiceChecks(args *structs.ServiceSpecificRequest, reply *structs.IndexedHealthChecks) error
ServiceChecks is used to get all the checks for a service
func (*Health) ServiceNodes ¶
func (h *Health) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error
ServiceNodes returns all the nodes registered as part of a service including health info
type IndexReplicator ¶ added in v1.7.0
type IndexReplicator struct { Delegate IndexReplicatorDelegate Logger hclog.Logger }
func (*IndexReplicator) MetricName ¶ added in v1.8.11
func (r *IndexReplicator) MetricName() string
type IndexReplicatorDelegate ¶ added in v1.7.0
type IndexReplicatorDelegate interface { // SingularNoun is the singular form of the item being replicated. SingularNoun() string // PluralNoun is the plural form of the item being replicated. PluralNoun() string // Name to use when emitting metrics MetricName() string // FetchRemote retrieves items newer than the provided index from the // remote datacenter (for diffing purposes). FetchRemote(lastRemoteIndex uint64) (int, interface{}, uint64, error) // FetchLocal retrieves items from the current datacenter (for diffing // purposes). FetchLocal() (int, interface{}, error) DiffRemoteAndLocalState(local interface{}, remote interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error) PerformDeletions(ctx context.Context, deletions interface{}) (exit bool, err error) PerformUpdates(ctx context.Context, updates interface{}) (exit bool, err error) }
type IndexReplicatorDiff ¶ added in v1.7.0
type Intention ¶ added in v1.2.0
type Intention struct {
// contains filtered or unexported fields
}
Intention manages the Connect intentions.
func (*Intention) Apply ¶ added in v1.2.0
func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error
Apply creates or updates an intention in the data store.
func (*Intention) Check ¶ added in v1.2.0
func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.IntentionQueryCheckResponse) error
Check tests a source/destination and returns whether it would be allowed or denied based on the current ACL configuration.
NOTE: This endpoint treats any L7 intentions as DENY.
Note: Whenever the logic for this method is changed, you should take a look at the agent authorize endpoint (agent/agent_endpoint.go) since the logic there is similar.
func (*Intention) Get ¶ added in v1.2.0
func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error
Get returns a single intention by ID.
func (*Intention) List ¶ added in v1.2.0
func (s *Intention) List(args *structs.IntentionListRequest, reply *structs.IndexedIntentions) error
List returns all the intentions.
func (*Intention) Match ¶ added in v1.2.0
func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentionMatches) error
Match returns the set of intentions that match the given source/destination.
type Internal ¶
type Internal struct {
// contains filtered or unexported fields
}
Internal endpoint is used to query the miscellaneous info that does not necessarily fit into the other systems. It is also used to hold undocumented APIs that users should not rely on.
func (*Internal) EventFire ¶
func (m *Internal) EventFire(args *structs.EventFireRequest, reply *structs.EventFireResponse) error
EventFire is a bit of an odd endpoint, but it allows for a cross-DC RPC call to fire an event. The primary use case is to enable user events being triggered in a remote DC.
func (*Internal) GatewayIntentions ¶ added in v1.9.0
func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error
Match returns the set of intentions that match the given source/destination.
func (*Internal) GatewayServiceDump ¶ added in v1.8.0
func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceDump) error
GatewayServiceNodes returns all the nodes for services associated with a gateway along with their gateway config
func (*Internal) KeyringOperation ¶
func (m *Internal) KeyringOperation( args *structs.KeyringRequest, reply *structs.KeyringResponses) error
KeyringOperation will query the WAN and LAN gossip keyrings of all nodes.
func (*Internal) NodeDump ¶
func (m *Internal) NodeDump(args *structs.DCSpecificRequest, reply *structs.IndexedNodeDump) error
NodeDump is used to generate information about all of the nodes.
func (*Internal) NodeInfo ¶
func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeDump) error
NodeInfo is used to retrieve information about a specific node.
func (*Internal) ServiceDump ¶ added in v1.5.0
func (m *Internal) ServiceDump(args *structs.ServiceDumpRequest, reply *structs.IndexedNodesWithGateways) error
func (*Internal) ServiceTopology ¶ added in v1.9.0
func (m *Internal) ServiceTopology(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceTopology) error
type KVS ¶
type KVS struct {
// contains filtered or unexported fields
}
KVS endpoint is used to manipulate the Key-Value store
func (*KVS) Apply ¶
func (k *KVS) Apply(args *structs.KVSRequest, reply *bool) error
Apply is used to apply a KVS update request to the data store.
func (*KVS) Get ¶
func (k *KVS) Get(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error
Get is used to lookup a single key.
func (*KVS) List ¶
func (k *KVS) List(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error
List is used to list all keys with a given prefix.
func (*KVS) ListKeys ¶
func (k *KVS) ListKeys(args *structs.KeyListRequest, reply *structs.IndexedKeyList) error
ListKeys is used to list all keys with a given prefix to a separator. An optional separator may be specified, which can be used to slice off a part of the response so that only a subset of the prefix is returned. In this mode, the keys which are omitted are still counted in the returned index.
type LeaderRoutine ¶ added in v1.7.0
type LeaderRoutineManager ¶ added in v1.7.0
type LeaderRoutineManager struct {
// contains filtered or unexported fields
}
func NewLeaderRoutineManager ¶ added in v1.7.0
func NewLeaderRoutineManager(logger hclog.Logger) *LeaderRoutineManager
func (*LeaderRoutineManager) IsRunning ¶ added in v1.7.0
func (m *LeaderRoutineManager) IsRunning(name string) bool
func (*LeaderRoutineManager) Start ¶ added in v1.7.0
func (m *LeaderRoutineManager) Start(name string, routine LeaderRoutine) error
func (*LeaderRoutineManager) StartWithContext ¶ added in v1.7.0
func (m *LeaderRoutineManager) StartWithContext(parentCtx context.Context, name string, routine LeaderRoutine) error
func (*LeaderRoutineManager) Stop ¶ added in v1.7.0
func (m *LeaderRoutineManager) Stop(name string) <-chan struct{}
func (*LeaderRoutineManager) StopAll ¶ added in v1.7.0
func (m *LeaderRoutineManager) StopAll()
type NetworkSegment ¶ added in v0.9.3
type NetworkSegment struct { Name string Bind string Port int Advertise string RPCAddr *net.TCPAddr SerfConfig *serf.Config }
(Enterprise-only) NetworkSegment is the address and port configuration for a network segment.
type Operator ¶
type Operator struct {
// contains filtered or unexported fields
}
Operator endpoint is used to perform low-level operator tasks for Consul.
func (*Operator) AutopilotGetConfiguration ¶
func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, reply *structs.AutopilotConfig) error
AutopilotGetConfiguration is used to retrieve the current Autopilot configuration.
func (*Operator) AutopilotSetConfiguration ¶
func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error
AutopilotSetConfiguration is used to set the current Autopilot configuration.
func (*Operator) AutopilotState ¶ added in v1.9.0
func (*Operator) RaftGetConfiguration ¶
func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply *structs.RaftConfigurationResponse) error
RaftGetConfiguration is used to retrieve the current Raft configuration.
func (*Operator) RaftRemovePeerByAddress ¶
func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest, reply *struct{}) error
RaftRemovePeerByAddress is used to kick a stale peer (one that it in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but it required to fulfill the RPC interface.
func (*Operator) RaftRemovePeerByID ¶
func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, reply *struct{}) error
RaftRemovePeerByID is used to kick a stale peer (one that is in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but is required to fulfill the RPC interface.
func (*Operator) ServerHealth ¶
func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs.AutopilotHealthReply) error
ServerHealth is used to get the current health of the servers.
type PreparedQuery ¶
type PreparedQuery struct {
// contains filtered or unexported fields
}
PreparedQuery manages the prepared query endpoint.
func (*PreparedQuery) Apply ¶
func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string) (err error)
Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data. The ID of the session is returned in the reply.
func (*PreparedQuery) Execute ¶
func (p *PreparedQuery) Execute(args *structs.PreparedQueryExecuteRequest, reply *structs.PreparedQueryExecuteResponse) error
Execute runs a prepared query and returns the results. This will perform the failover logic if no local results are available. This is typically called as part of a DNS lookup, or when executing prepared queries from the HTTP API.
func (*PreparedQuery) ExecuteRemote ¶
func (p *PreparedQuery) ExecuteRemote(args *structs.PreparedQueryExecuteRemoteRequest, reply *structs.PreparedQueryExecuteResponse) error
ExecuteRemote is used when a local node doesn't have any instances of a service available and needs to probe remote DCs. This sends the full query over since the remote side won't have it in its state store, and this doesn't do the failover logic since that's already being run on the originating DC. We don't want things to fan out further than one level.
func (*PreparedQuery) Explain ¶
func (p *PreparedQuery) Explain(args *structs.PreparedQueryExecuteRequest, reply *structs.PreparedQueryExplainResponse) error
Explain resolves a prepared query and returns the (possibly rendered template) to the caller. This is useful for letting operators figure out which query is picking up a given name. We can also add additional info about how the query will be executed here.
func (*PreparedQuery) Get ¶
func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest, reply *structs.IndexedPreparedQueries) error
Get returns a single prepared query by ID.
func (*PreparedQuery) List ¶
func (p *PreparedQuery) List(args *structs.DCSpecificRequest, reply *structs.IndexedPreparedQueries) error
List returns all the prepared queries.
type RPCConfig ¶ added in v1.9.0
type RPCConfig struct {
EnableStreaming bool
}
RPCConfig settings for the RPC server
TODO: move many settings to this struct.
type RaftLayer ¶
type RaftLayer struct {
// contains filtered or unexported fields
}
RaftLayer implements the raft.StreamLayer interface, so that we can use a single RPC layer for Raft and Consul
func NewRaftLayer ¶
func NewRaftLayer(src, addr net.Addr, tlsWrap tlsutil.Wrapper, tlsFunc func(raft.ServerAddress) bool) *RaftLayer
NewRaftLayer is used to initialize a new RaftLayer which can be used as a StreamLayer for Raft. If a tlsConfig is provided, then the connection will use TLS.
func (*RaftLayer) Accept ¶
Accept is used to return connection which are dialed to be used with the Raft layer
type Replicator ¶ added in v1.5.0
type Replicator struct {
// contains filtered or unexported fields
}
func NewReplicator ¶ added in v1.5.0
func NewReplicator(config *ReplicatorConfig) (*Replicator, error)
func (*Replicator) Index ¶ added in v1.7.0
func (r *Replicator) Index() uint64
type ReplicatorConfig ¶ added in v1.5.0
type ReplicatorConfig struct { // Name to be used in various logging Name string // Delegate to perform each round of replication Delegate ReplicatorDelegate // The number of replication rounds per second that are allowed Rate int // The number of replication rounds that can be done in a burst Burst int // Minimum number of RPC failures to ignore before backing off MinFailures uint // Maximum wait time between failing RPCs MaxRetryWait time.Duration // Where to send our logs Logger hclog.Logger // Function to use for determining if an error should be suppressed SuppressErrorLog func(err error) bool }
type ReplicatorDelegate ¶ added in v1.7.0
type ReplicatorFunc ¶ added in v1.5.0
type Server ¶
type Server struct { // Listener is used to listen for incoming connections Listener net.Listener // embedded struct to hold all the enterprise specific data EnterpriseServer // contains filtered or unexported fields }
Server is Consul server which manages the service discovery, health checking, DC forwarding, Raft, and multiple Serf pools.
func NewServer ¶
NewServer is used to construct a new Consul server from the configuration and extra options, potentially returning an error.
func (*Server) ACLDatacenter ¶ added in v1.4.0
func (*Server) CheckServers ¶ added in v1.6.5
CheckServers implements the checkServersProvider interface for the Server
func (*Server) CreateACLToken ¶ added in v1.8.1
CreateACLToken will create an ACL token from the given template
func (*Server) DatacenterJoinAddresses ¶ added in v1.8.1
DatacenterJoinAddresses will return all the strings suitable for usage in retry join operations to connect to the the LAN or LAN segment gossip pool.
func (*Server) DatacenterSupportsFederationStates ¶ added in v1.8.0
func (*Server) DatacenterSupportsIntentionsAsConfigEntries ¶ added in v1.9.0
func (*Server) Flood ¶
func (s *Server) Flood(addrFn router.FloodAddrFn, dstSerf *serf.Serf)
Flood is a long-running goroutine that floods servers from the LAN to the given global Serf instance, such as the WAN. This will exit once either of the Serf instances are shut down.
func (*Server) FloodNotify ¶
func (s *Server) FloodNotify()
FloodNotify lets all the waiting Flood goroutines know that some change may have affected them.
func (*Server) ForwardRPC ¶ added in v1.8.1
func (s *Server) ForwardRPC(method string, info structs.RPCInfo, args interface{}, reply interface{}) (bool, error)
ForwardRPC is used to forward an RPC request to a remote DC or to the local leader Returns a bool of if forwarding was performed, as well as any error
func (*Server) GetCARoots ¶ added in v1.8.1
func (s *Server) GetCARoots() (*structs.IndexedCARoots, error)
GetCARoots will retrieve
func (*Server) GetLANCoordinate ¶
func (s *Server) GetLANCoordinate() (lib.CoordinateSet, error)
GetLANCoordinate returns the coordinate of the server in the LAN gossip pool.
func (*Server) InACLDatacenter ¶ added in v1.4.0
func (*Server) IsACLReplicationEnabled ¶
IsACLReplicationEnabled returns true if ACL replication is enabled. DEPRECATED (ACL-Legacy-Compat) - with new ACLs at least policy replication is required
func (*Server) JoinLAN ¶
JoinLAN is used to have Consul join the inner-DC pool The target address should be another node inside the DC listening on the Serf LAN address
func (*Server) JoinWAN ¶
JoinWAN is used to have Consul join the cross-WAN Consul ring The target address should be another node listening on the Serf WAN address
func (*Server) KeyManagerLAN ¶
func (s *Server) KeyManagerLAN() *serf.KeyManager
KeyManagerLAN returns the LAN Serf keyring manager
func (*Server) KeyManagerWAN ¶
func (s *Server) KeyManagerWAN() *serf.KeyManager
KeyManagerWAN returns the WAN Serf keyring manager
func (*Server) LANMembers ¶
LANMembers is used to return the members of the LAN cluster
func (*Server) LANMembersAllSegments ¶ added in v0.9.3
LANMembersAllSegments returns members from all segments.
func (*Server) LANSegmentAddr ¶ added in v0.9.3
LANSegmentAddr is used to return the address used for the given LAN segment.
func (*Server) LANSegmentMembers ¶ added in v0.9.3
LANSegmentMembers is used to return the members of the given LAN segment.
func (*Server) LANSegments ¶ added in v0.9.3
LANSegments returns a map of LAN segments by name
func (*Server) LeaderLastContact ¶ added in v1.8.0
LeaderLastContact returns the time of last contact by a leader. This only makes sense if we are currently a follower.
func (*Server) LocalMember ¶
LocalMember is used to return the local node
func (*Server) LocalTokensEnabled ¶ added in v1.4.0
func (*Server) PickRandomMeshGatewaySuitableForDialing ¶ added in v1.8.0
PickRandomMeshGatewaySuitableForDialing is a convenience function used for writing tests.
func (*Server) PrimaryGatewayFallbackAddresses ¶ added in v1.8.0
PrimaryGatewayFallbackAddresses returns the current set of discovered fallback addresses for the mesh gateways in the primary datacenter.
func (*Server) PrimaryMeshGatewayAddressesReadyCh ¶ added in v1.8.0
func (s *Server) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}
PrimaryMeshGatewayAddressesReadyCh returns a channel that will be closed when federation state replication ships back at least one primary mesh gateway (not via fallback config).
func (*Server) RefreshPrimaryGatewayFallbackAddresses ¶ added in v1.8.0
RefreshPrimaryGatewayFallbackAddresses is used to update the list of current fallback addresses for locating mesh gateways in the primary datacenter.
func (*Server) RegisterEndpoint ¶
RegisterEndpoint is used to substitute an endpoint for testing.
func (*Server) ReloadConfig ¶ added in v1.2.0
ReloadConfig is used to have the Server do an online reload of relevant configuration information
func (*Server) RemoveFailedNode ¶
RemoveFailedNode is used to remove a failed node from the cluster
func (*Server) ResolveIdentityFromToken ¶ added in v1.4.0
ResolveIdentityFromToken retrieves a token's full identity given its secretID.
func (*Server) ResolvePolicyFromID ¶ added in v1.4.0
func (*Server) ResolveRoleFromID ¶ added in v1.5.0
func (*Server) ResolveToken ¶ added in v1.4.0
func (s *Server) ResolveToken(token string) (acl.Authorizer, error)
func (*Server) ResolveTokenAndDefaultMeta ¶ added in v1.7.0
func (s *Server) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error)
ResolveTokenAndDefaultMeta passes through to ResolveTokenIdentityAndDefaultMeta, eliding the identity from its response.
func (*Server) ResolveTokenIdentityAndDefaultMeta ¶ added in v1.7.0
func (s *Server) ResolveTokenIdentityAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (structs.ACLIdentity, acl.Authorizer, error)
ResolveTokenIdentityAndDefaultMeta retrieves an identity and authorizer for the caller, and populates the EnterpriseMeta based on the AuthorizerContext.
func (*Server) ResolveTokenToIdentity ¶ added in v1.8.0
func (s *Server) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error)
func (*Server) ResolveTokenToIdentityAndAuthorizer ¶ added in v1.7.0
func (s *Server) ResolveTokenToIdentityAndAuthorizer(token string) (structs.ACLIdentity, acl.Authorizer, error)
func (*Server) SignCertificate ¶ added in v1.8.1
func (s *Server) SignCertificate(csr *x509.CertificateRequest, spiffeID connect.CertURI) (*structs.IssuedCert, error)
func (*Server) SnapshotRPC ¶
func (s *Server) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error
SnapshotRPC dispatches the given snapshot request, reading from the streaming input and writing to the streaming output depending on the operation.
func (*Server) Stats ¶
Stats is used to return statistics for debugging and insight for various sub-systems
func (*Server) UseLegacyACLs ¶ added in v1.4.0
func (*Server) WANMembers ¶
WANMembers is used to return the members of the WAN cluster
type ServerLookup ¶ added in v0.9.3
type ServerLookup struct {
// contains filtered or unexported fields
}
ServerLookup encapsulates looking up servers by id and address
func NewServerLookup ¶ added in v0.9.3
func NewServerLookup() *ServerLookup
func (*ServerLookup) AddServer ¶ added in v0.9.3
func (sl *ServerLookup) AddServer(server *metadata.Server)
func (*ServerLookup) CheckServers ¶ added in v1.6.5
func (sl *ServerLookup) CheckServers(fn func(srv *metadata.Server) bool)
func (*ServerLookup) RemoveServer ¶ added in v0.9.3
func (sl *ServerLookup) RemoveServer(server *metadata.Server)
func (*ServerLookup) Server ¶ added in v0.9.3
func (sl *ServerLookup) Server(addr raft.ServerAddress) *metadata.Server
Server looks up the server by address, returns a boolean if not found
func (*ServerLookup) ServerAddr ¶ added in v0.9.3
func (sl *ServerLookup) ServerAddr(id raft.ServerID) (raft.ServerAddress, error)
Implements the ServerAddressProvider interface
func (*ServerLookup) Servers ¶ added in v0.9.3
func (sl *ServerLookup) Servers() []*metadata.Server
type Session ¶
type Session struct {
// contains filtered or unexported fields
}
Session endpoint is used to manipulate sessions for KV
func (*Session) Apply ¶
func (s *Session) Apply(args *structs.SessionRequest, reply *string) error
Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data
func (*Session) Get ¶
func (s *Session) Get(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error
Get is used to retrieve a single session
func (*Session) List ¶
func (s *Session) List(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error
List is used to list all the active sessions
func (*Session) NodeSessions ¶
func (s *Session) NodeSessions(args *structs.NodeSpecificRequest, reply *structs.IndexedSessions) error
NodeSessions is used to get all the sessions for a particular node
func (*Session) Renew ¶
func (s *Session) Renew(args *structs.SessionSpecificRequest, reply *structs.IndexedSessions) error
Renew is used to renew the TTL on a single session
type SessionTimers ¶ added in v0.9.0
SessionTimers provides a map of named timers which is safe for concurrent use.
func NewSessionTimers ¶ added in v0.9.0
func NewSessionTimers() *SessionTimers
func (*SessionTimers) Del ¶ added in v0.9.0
func (t *SessionTimers) Del(id string)
Del removes the timer with the given id.
func (*SessionTimers) Get ¶ added in v0.9.0
func (t *SessionTimers) Get(id string) *time.Timer
Get returns the timer with the given id or nil.
func (*SessionTimers) Len ¶ added in v0.9.0
func (t *SessionTimers) Len() int
Len returns the number of registered timers.
func (*SessionTimers) ResetOrCreate ¶ added in v0.9.0
func (t *SessionTimers) ResetOrCreate(id string, ttl time.Duration, afterFunc func())
ResetOrCreate sets the ttl of the timer with the given id or creates a new one if it does not exist.
func (*SessionTimers) Set ¶ added in v0.9.0
func (t *SessionTimers) Set(id string, tm *time.Timer)
Set stores the timer under given id. If tm is nil the timer with the given id is removed.
func (*SessionTimers) Stop ¶ added in v0.9.0
func (t *SessionTimers) Stop(id string)
Stop stops the timer with the given id and removes it.
func (*SessionTimers) StopAll ¶ added in v0.9.0
func (t *SessionTimers) StopAll()
StopAll stops and removes all registered timers.
type StatsFetcher ¶
type StatsFetcher struct {
// contains filtered or unexported fields
}
StatsFetcher has two functions for autopilot. First, lets us fetch all the stats in parallel so we are taking a sample as close to the same time as possible, since we are comparing time-sensitive info for the health check. Second, it bounds the time so that one slow RPC can't hold up the health check loop; as a side effect of how it implements this, it also limits to a single in-flight RPC to any given server, so goroutines don't accumulate as we run the health check fairly frequently.
func NewStatsFetcher ¶
func NewStatsFetcher(logger hclog.Logger, pool *pool.ConnPool, datacenter string) *StatsFetcher
NewStatsFetcher returns a stats fetcher.
type Status ¶
type Status struct {
// contains filtered or unexported fields
}
Status endpoint is used to check on server status
func (*Status) Leader ¶
func (s *Status) Leader(args *structs.DCSpecificRequest, reply *string) error
Leader is used to get the address of the leader
func (*Status) Peers ¶
func (s *Status) Peers(args *structs.DCSpecificRequest, reply *[]string) error
Peers is used to get all the Raft peers
type Txn ¶
type Txn struct {
// contains filtered or unexported fields
}
Txn endpoint is used to perform multi-object atomic transactions.
func (*Txn) Apply ¶
func (t *Txn) Apply(args *structs.TxnRequest, reply *structs.TxnResponse) error
Apply is used to apply multiple operations in a single, atomic transaction.
func (*Txn) Read ¶
func (t *Txn) Read(args *structs.TxnReadRequest, reply *structs.TxnReadResponse) error
Read is used to perform a read-only transaction that doesn't modify the state store. This is much more scalable since it doesn't go through Raft and supports staleness, so this should be preferred if you're just performing reads.
Source Files ¶
- acl.go
- acl_authmethod.go
- acl_authmethod_oss.go
- acl_client.go
- acl_endpoint.go
- acl_endpoint_legacy.go
- acl_endpoint_oss.go
- acl_oss.go
- acl_replication.go
- acl_replication_legacy.go
- acl_replication_types.go
- acl_server.go
- acl_server_oss.go
- acl_token_exp.go
- auto_config_endpoint.go
- auto_encrypt_endpoint.go
- autopilot.go
- autopilot_oss.go
- catalog_endpoint.go
- client.go
- client_serf.go
- config.go
- config_endpoint.go
- config_replication.go
- connect_ca_endpoint.go
- consul_ca_delegate.go
- coordinate_endpoint.go
- discovery_chain_endpoint.go
- enterprise_client_oss.go
- enterprise_config_oss.go
- enterprise_server_oss.go
- federation_state_endpoint.go
- federation_state_replication.go
- filter.go
- flood.go
- gateway_locator.go
- health_endpoint.go
- intention_endpoint.go
- internal_endpoint.go
- kvs_endpoint.go
- leader.go
- leader_connect.go
- leader_connect_ca.go
- leader_federation_state_ae.go
- leader_intentions.go
- leader_intentions_oss.go
- leader_routine_manager.go
- logging.go
- merge.go
- operator_autopilot_endpoint.go
- operator_endpoint.go
- operator_raft_endpoint.go
- options.go
- prepared_query_endpoint.go
- raft_rpc.go
- replication.go
- rpc.go
- rtt.go
- segment_oss.go
- server.go
- server_connect.go
- server_lookup.go
- server_oss.go
- server_register.go
- server_serf.go
- session_endpoint.go
- session_timers.go
- session_ttl.go
- snapshot_endpoint.go
- stats_fetcher.go
- status_endpoint.go
- subscribe_backend.go
- system_metadata.go
- txn_endpoint.go
- util.go
Directories ¶
Path | Synopsis |
---|---|
Package stream provides a publish/subscribe system for events produced by changes to the state store.
|
Package stream provides a publish/subscribe system for events produced by changes to the state store. |