Consul calling home?
1,249 views
Skip to first unread message
Diego Zamboni
Sep 12, 2014, 2:55:11 PM9/12/14
to consu...@googlegroups.com, Diego Zamboni
Hi,
Doing some testing with Consul on an isolated network, I saw this error in consul's output:
==> Failed to check for updates: Get https://checkpoint-api.hashicorp.com/v1/check/consul?arch=amd64&os=linux&signature=a016fdac-4c96-b6b8-5776-9ba187cd5c60&version=0.4.0: dial tcp: lookup checkpoint-api.hashicorp.com: no such host
I could find no mention nor documentation for this "update check". Can this be disabled?
Thank you,
--Diego
Doing some testing with Consul on an isolated network, I saw this error in consul's output:
==> Failed to check for updates: Get https://checkpoint-api.hashicorp.com/v1/check/consul?arch=amd64&os=linux&signature=a016fdac-4c96-b6b8-5776-9ba187cd5c60&version=0.4.0: dial tcp: lookup checkpoint-api.hashicorp.com: no such host
I could find no mention nor documentation for this "update check". Can this be disabled?
Thank you,
--Diego
Armon Dadgar
Sep 12, 2014, 3:01:37 PM9/12/14
to consu...@googlegroups.com, Diego Zamboni, Diego Zamboni
Hey Diego,
This is part of our Checkpoint service (https://checkpoint.hashicorp.com). It is a new feature we are
rolling out to notify users of updates and critical security alerts. It was mentioned in the change log:
Additionally, we have documentation about how to disable the update checks here:
Specifically, see the “disable_update_check” option.
Hope that helps!
Best Regards,
Armon Dadgar
--
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Diego Zamboni
Sep 12, 2014, 3:05:52 PM9/12/14
to Armon Dadgar, Diego Zamboni, consu...@googlegroups.com
Hi Armon,
Thank you! This is the information I was looking for.
--Diego
Mitchell Hashimoto
Sep 12, 2014, 3:07:10 PM9/12/14
to Armon Dadgar, consu...@googlegroups.com, Diego Zamboni
Diego,
I want to make an additional note in addition to what Armon said. This
information is all in the checkpoint library README, but I just want
to repeat it for the mailing list.
Nothing sent as data in the request (you can see the full request in
your error message) is personally identifiable. The "signature" is
just a random UUID that is generated to avoid duplicate messages being
sent back for security notices within a period of time. If you're
really concerned about this UUID somehow being identifiable, or you
don't want this cookie-like behavior, you can specify the
`disable_anonymous_signature` configuration to generate a new UUID
every request.
You can disable it, but we recommend keeping it on if you can since it
will put notices in your logs of potential security issues, critical
bug fixes, etc.
Best,
Mitchell
I want to make an additional note in addition to what Armon said. This
information is all in the checkpoint library README, but I just want
to repeat it for the mailing list.
Nothing sent as data in the request (you can see the full request in
your error message) is personally identifiable. The "signature" is
just a random UUID that is generated to avoid duplicate messages being
sent back for security notices within a period of time. If you're
really concerned about this UUID somehow being identifiable, or you
don't want this cookie-like behavior, you can specify the
`disable_anonymous_signature` configuration to generate a new UUID
every request.
You can disable it, but we recommend keeping it on if you can since it
will put notices in your logs of potential security issues, critical
bug fixes, etc.
Best,
Mitchell
Diego Zamboni
Sep 12, 2014, 3:22:00 PM9/12/14
to Mitchell Hashimoto, Diego Zamboni, Armon Dadgar, consu...@googlegroups.com
Hi Mitchell,
Thank you for the additional information.
It might be a good idea to add a note about this to the Consul documentation. At the moment it only seems to be mentioned in the Changelog (and tangentially in the agent options page), but that doesn't include any of the details Armon and you posted just now. A section under "Upgrading and compatibility" would be useful.
Best regards,
--Diego
Thank you for the additional information.
It might be a good idea to add a note about this to the Consul documentation. At the moment it only seems to be mentioned in the Changelog (and tangentially in the agent options page), but that doesn't include any of the details Armon and you posted just now. A section under "Upgrading and compatibility" would be useful.
Best regards,
--Diego
Reply all
Reply to author
Forward
0 new messages