Bugfix/consul service reg fails tls

[adidanes]

Pull Request description

Fix Issue #153

Description of the change

Update Consul to last available version (1.2.3) to take advantage of this Consul bug fix.

Replace TCP checks by HTTP checks for Yorc service

What I did

• Updated Consul version to 1.2.3
• Created a Health endpoint in the Yorc REST API
• Replaced the TCP check by a HTTP check that calls the Health endpoint
• Updated Yorc documentation

How to verify it

• Set-up a secured Yorc cluster (secured Consul cluster and secured Yorc instances). If you configure Yorc with ssl_verify set to true, you need to set enable_agent_tls_for_checks to true in the Consul client configuration :

{
  "domain": "yorc",
  "data_dir": "/tmp/consul",
  "client_addr": "0.0.0.0",
  "advertise_addr": "10.197.138.xxx",
  "retry_join": [ "10.197.138.yyy" ],
  "ports": {
     "https": 8543
  },
  "ca_file": "/etc/yorc/ca.pem",
  "key_file": "/etc/yorc/consul-client.key",
  "cert_file": "/etc/yorc/consul-client.pem",
  "enable_agent_tls_for_checks": true,
  "verify_outgoing": true,
  "verify_incoming_rpc": true,
  "ui": true
}

YORC	http	https	ssl_verify
Consul http	ok	ok	KO
Consul https	ok	ok	ok if enable_agent_tls_for_checks

Description for the changelog

1. Updated Consul version to 1.2.3
2. Created a Health endpoint in the Yorc REST API
3. Replaced the TCP check by a HTTP check that calls the Health endpoint
4. Update Yorc Docker file to use updated version of Consul in the generated docker image
5. Updated Yorc documentation

Applicable Issues

Fixes #153

[loicalbertin]

We should also update Consul Go API in vendor dir by running

govendor fetch github.com/hashicorp/consul/...@v1.2.3

[codecov]

Codecov Report

Merging #166 into develop will increase coverage by 0.68%.
The diff coverage is 25%.

@@            Coverage Diff             @@
##           develop    #166      +/-   ##
==========================================
+ Coverage    42.42%   43.1%   +0.68%     
==========================================
  Files          134     135       +1     
  Lines        12685   12857     +172     
==========================================
+ Hits          5381    5542     +161     
- Misses        6476    6485       +9     
- Partials       828     830       +2

Impacted Files	Coverage Δ
rest/structs.go	14.28% <ø> (ø)	⬆️
rest/health.go	0% <0%> (ø)
rest/http.go	58.26% <100%> (+0.33%)	⬆️
helper/stringutil/stringutil.go	84.37% <0%> (-15.63%)	⬇️
prov/scheduling/scheduler/scheduler.go	75.22% <0%> (ø)	⬆️
prov/monitoring/monitoring_mgr.go	64.07% <0%> (+1.11%)	⬆️
config/config.go	82.97% <0%> (+3.31%)	⬆️
commands/server.go	86.84% <0%> (+5.24%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0f161e3...a5965da. Read the comment docs.

[adidanes]

What's your feeling about using a specific constant of PubMaxRoutines only for tests: https://github.com/ystia/yorc/blob/bugfix/consul_service_reg_fails_tls/testutil/helper.go#L29

With 200 the tests are passing. I didn't test with a bigger value yet...

[loicalbertin]

What's your feeling about using a specific constant of PubMaxRoutines only for tests: https://github.com/ystia/yorc/blob/bugfix/consul_service_reg_fails_tls/testutil/helper.go#L29

With 200 the tests are passing. I didn't test with a bigger value yet...

I feel not confortable by doing this as if it could fail in tests then it will eventually fail one day in production. so we ever have to reduce the default value even for the main program or investigate why we have such issues.

That makes me think that the issue may come from the way we get the client in tests we do not tweak its configuration as we do in the main prog. I have to check this.

[loicalbertin]

Code looks good but still have some interrogation on documentation

[stefbenoist]

Consul Health checks work well in secured mode. I agree with Loic, we need our tests to stay closer to real-life.