Commit Graph

368 Commits (0d6e062b5b9146df7489f044bc9a6ece96d4aa06)

Author SHA1 Message Date
Giuseppe Lavagetto 968f3d9711 docs: clarify the disaster recovery guide
A bit was missing from the documentation on disaster recovery, the reset
of the advertised peer urls for the node recovered from backup. Without
that, any subsequent server joining the cluster would not be able to
speak to the first node.
2015-04-25 18:54:29 +02:00
Barak Michener fa74e702d8 security: Improve the security api as per the suggestions list in #2384
Subcommits:

decouple root and security enable/disable

create root role

prefix matching

godep: bump go-etcd to include credentials

add godep for speakeasy and auth entry parsing

appropriate errors for security enable/disable

WIP adding to etcd/client all the security client methods

add guest access

minor ui return tweaks

revert client changes

respond to comments, log more security operations

fix major ensure() bug, add better UX

block recursive access

fix some boneheaded mistakes

fix integration test

last comments

fix up security_api.md

philips nits

fix docs
2015-04-23 16:11:38 -04:00
Rob Szumski c9878f4765 docs: add absolute link to readme 2015-04-22 13:59:08 -07:00
Rob Szumski bd54f46d1b docs: remove absolute links to other docs 2015-04-22 11:47:52 -07:00
Rob Szumski df32fe63c8 docs: size up all headers by 2 2015-04-16 09:55:46 -07:00
Brandon Philips a223fd532b Documentation: add migration notes to backward compatibility
Add thorough notes on both the data directory migration and the snapshot
migration options.
2015-04-15 20:42:12 -07:00
Yicheng Qin 852213879b Merge pull request #2633 from yichengq/deprecate
etcdmain: deprecate --ca-file and --peer-ca-file
2015-04-09 10:22:30 -07:00
Yicheng Qin 2f7b9a2232 etcdmain: deprecate --ca-file and --peer-ca-file
1. Print out DEPRECATE warning when running and configuration doc.
2. Use new flags for security example.
2015-04-09 10:14:32 -07:00
Xiang Li 1b4bcedf99 Merge pull request #2637 from bakins/proxy-randomize-endpoints
proxy: shuffle endpoints
2015-04-07 14:12:50 -07:00
Brian Akins 1fa511b995 Clarify that it is the proxy doing the shuffle. 2015-04-07 17:05:17 -04:00
Brian Akins e1622cd22c proxy: shuffle endpoints
Shuffle endpoitns to avoid being "stuck" to a single cluster member.
2015-04-07 15:40:29 -04:00
Yicheng Qin 552acd8c37 docs: fix broken link for migration tool 2015-04-06 22:55:37 -07:00
Kelsey Hightower 3db33d19e9 Documentation: update docker docs to use new image and mount certs 2015-04-02 13:22:27 -07:00
Xiang Li a9157ce6d3 build: do not build internal debugging tool
We are still playing around with the dump-log tool.
Stop building it publicly until we are happy with its
ux and functionality.
2015-03-31 11:45:12 -07:00
Xiang Li 80d08ca280 Merge pull request #2521 from xiang90/sec_remove_lastmodified
doc/rfc: remove unimplemented stuff
2015-03-30 13:42:31 -07:00
Xiang Li 45032480f1 *: remove upgrading related stuff 2015-03-27 15:28:00 -07:00
Mateus Braga 7f833ced2b docs: add clarity about the 1000 events history
When talking about missing events on a particular key, the 1000 event history 
limit can be understood as being per key, instead of etcd-wide events. Make it 
clear that it is across all etcd keys.
2015-03-27 13:02:48 -04:00
Kelsey Hightower 2a980ee336 Merge pull request #2503 from yichengq/339
docs/security: fix peer TLS communication example
2015-03-19 17:16:09 -07:00
Brandon Philips 408cfc4f28 Documentation: fixup grammar around the unsafe flags 2015-03-18 16:39:45 -07:00
Xiang Li 263e55e2ff doc/rfc: remove unimplemented stuff 2015-03-16 22:22:34 -07:00
Barak Michener 001efa0639 security: Implement RBAC security for etcd
stub out security

further wip

Last stub before CRUD for roles

Complete role merging

start tests

add Godep for golang.org/x/crypto/bcrypt

first round of comments

add tests, remove root addition (will be added back as part of creation)

Add security checks for /v2/machines and /v2/keys

Allow non-root to determine if security is enabled, get machine list.

Responding to comments, remove multiple verbs (like /v2/security/user/foo/password)

add some prefixes to the logging
2015-03-16 16:23:11 -04:00
Yicheng Qin 45d790c345 docs: add branch management 2015-03-13 15:33:59 -07:00
Yicheng Qin b53bfd2b40 docs/security: fix peer TLS communication example 2015-03-12 22:40:39 -07:00
Kelsey Hightower 4a38788b2f Documentation: add initial benchmarks 2015-03-06 09:32:24 -08:00
Brandon Philips dcd125e7a6 Merge pull request #2382 from philips/add-faq
Documentation: add implementation faq
2015-03-01 20:24:50 -08:00
Mikael Kjaer 22c8d781ef Documentation: fix "Missing infra1="
Documentation: fix "Missing infra1="
2015-03-01 09:44:25 +04:00
ravigadde 8fb6eb6c70 Update libraries-and-tools.md
Added a distributed r/w lock in addition to the master election implementation.
2015-02-28 10:09:07 -08:00
Brandon Philips 53fda9d558 Documentation: add implementation faq
Add some notes on the design discussion around the `--initial` flags. If
anything is wrong let me know.
2015-02-26 09:52:45 -08:00
Jonathan Yu 31bfffaa48 Documentation: standardize on url over URL
url and URL both appear in this doc. Choose url due to higher frequency
2015-02-24 16:26:27 -05:00
Jonathan Yu 1fbaf9dbb7 Documentation: fix discovery flag for proxy docs
It seems that the -discovery flag used to be -discovery-url. Updated this to use
the currently documented and supported -discovery flag.
2015-02-24 16:25:18 -05:00
Jonathan Yu 28e150e50e Documentation: fix sample command flags for proxy
The docs mention the listen-client-urls flag, but the examples use
client-listen-urls, which is an invalid flag.
2015-02-23 11:15:42 -05:00
Barak Michener 40365c4f8d docs: add Security RFC
docs: Add v2 ACL RFC

Add workflow, fix terminology, make the API JSON, and general cleanup

fixes from xiang90s comments

add permissions struct

update regarding glob matches

rename file
2015-02-18 14:34:00 -05:00
Kelsey Hightower 217a1f0730 doc: add etcd docker guide
Fixes #2253
2015-02-16 11:44:41 -08:00
zhangbaitong 518eb9fa2f docs:small fix
Signed-off-by: zhangbaitong <zhangbaitong@163.com>
2015-02-16 17:54:24 +08:00
Matis Hsiao fd90ec6c26 add etcd-console tool to tools list
i add etcd-console tool to tools list for reference
2015-02-11 10:43:21 +08:00
Rob Szumski 24b953a55d docs: add diagram and restructure for clarity 2015-02-10 17:34:23 -08:00
Yicheng Qin 54bef0d2cd Merge pull request #2233 from yichengq/315
docs: add allow_legacy_mode.md
2015-02-10 15:46:52 -08:00
Yicheng Qin d0677a24dd docs: add allow_legacy_mode.md 2015-02-10 15:46:26 -08:00
gabesullice df2a689d1c documentation: fix typo in Documentation/clustering.md
just an extra space needed to be removed.

Fixes #2279
2015-02-10 16:18:51 -07:00
Xiang Li 8d663078bf Documentation: document kv api change 2015-02-09 15:35:15 -08:00
Yicheng Qin c990099008 docs: fix stats response in api.md 2015-02-09 11:48:54 -08:00
Peter Rosell c8b5d47f24 Documentation: Correct defaults for heartbeat and election
Defaults for hearbeat-interval and election-timeout is updated according to configuration documentation.
2015-02-06 10:13:57 +01:00
Brandon Philips 860a8c8717 Documentation: grammar fixup in admin guide
Rephrase to avoid "becomes".
2015-02-04 21:28:43 -08:00
Rob Szumski b6936a0079 docs: fix broken link 2015-01-30 15:37:26 -08:00
Rob Szumski 87a8ebd222 docs: expand description of -initial-cluster-state 2015-01-30 14:14:51 -08:00
Rob Szumski 27e5b9a394 docs: clarify reconfig options 2015-01-30 14:14:28 -08:00
Omer Katz f5afe3cc34 Fixed typo in API documentation. 2015-01-30 14:14:18 -08:00
Rob Szumski 0945e487e7 docs: fix static clustering example
When using very similar flags to our examples, the cluster doesn't bootstrap due to mismatched protocols (`http` vs `https`) in the `-initial-advertise-peer-urls` and `initial-cluster` list:

```
./etcd -name infra0 -initial-advertise-peer-urls https://127.0.0.1:2380 \
>   -listen-peer-urls https://127.0.0.1:2380 \
>   -initial-cluster-token etcd-cluster-1 \
>   -initial-cluster infra0=http://127.0.0.1:2380,infra1=http://127.0.0.1:2381,infra2=http://127.0.0.1:2382 \
>   -initial-cluster-state new
2015/01/29 10:32:16 no data-dir provided, using default data-dir ./infra0.etcd
2015/01/29 10:32:16 etcd: listening for peers on https://127.0.0.1:2380
2015/01/29 10:32:16 etcd: listening for client requests on http://localhost:2379
2015/01/29 10:32:16 etcd: listening for client requests on http://localhost:4001
2015/01/29 10:32:16 etcd: stopping listening for client requests on http://localhost:4001
2015/01/29 10:32:16 etcd: stopping listening for client requests on http://localhost:2379
2015/01/29 10:32:16 etcd: stopping listening for peers on https://127.0.0.1:2380
2015/01/29 10:32:16 etcd: infra0 has different advertised URLs in the cluster and advertised peer URLs list
```
2015-01-29 13:44:13 -08:00
Yicheng Qin 0f2582e0be Merge pull request #2042 from yichengq/279
docs: improve doc for server timeout
2015-01-27 14:12:42 -08:00
Yicheng Qin a03c906e9d docs: improve doc for server timeout 2015-01-27 14:12:27 -08:00