## 0.9.2 (August 9, 2017)
BUG FIXES:
- agent: Fixed an issue where the old `-retry-join-{ec2,azure,gce}`
command line flags were not being honored.
- server: Reverted the change that made unauthorized KV queries return
403 instead of 404 because it had a minor bug that affected the
operation of Vault, and in addition to fixing the bug, we identified an
additional case that needed to be covered.
## 0.9.1 (August 9, 2017)
FEATURES:
- Secure ACL Token Introduction: It's now possible to manage Consul's
ACL tokens without having to place any tokens inside configuration
files.
* A new `/v1/agent/token` API allows an agent's ACL tokens to be
* introduced without placing them into config files, and to update
* them without restarting the agent.
* A new `/v1/acl/bootstrap` allows a cluster's first management
* token to be created without using the `acl_master_token`
* configuration.
- Metrics Viewing Endpoint: A new `/v1/agent/metrics` API displays the
current values of internally tracked metrics.
IMPROVEMENTS:
- agent: Retry Join for Amazon AWS, Microsoft Azure, Google Cloud, and
(new) SoftLayer is now handled through the
https://github.com/hashicorp/go-discover library.
- agent: Reports a more detailed error message if the LAN or WAN Serf
instance fails to bind to an address.
- agent: Added NS records and corrected SOA records to allow Consul's
DNS interface to work properly with zone delegation.
- agent: Added support for sending metrics with labels/tags to supported
backends.
- agent: Added a new `prefix_filter` option in the `telemetry` config to
allow fine-grained allowing/blocking the sending of certain metrics by
prefix.
- cli: Added a `-child-exit-code` option to `consul lock` so that it
propagates an error code of 2 if the child process exits with an
error.
- docs: Added a new Geo Failover Guide showing how to use prepared
queries to implement geo failover policies for services.
- docs: Added a new Consul with Containers Guide showing critical
aspects of operating a Consul cluster that's run inside containers.
- server: Added a `RemoveEmptyTags` option to prepared query templates
which will strip out any empty strings in the tags list before
executing a query.
- server: Implemented a much faster recursive delete algorithm for the
KV store.
BUG FIXES:
- agent: Clean up temporary files during disk write errors when
persisting services and checks.
- agent: Fixed an issue where DNS and client bind address templates were
not being parsed via the go-sockaddr library.
- agent: Fixed status code on all KV store operations that fail due to
an ACL issue. They now return a 403 status code, rather than a 404.
- agent: Fixed quoting issues in script health check on Windows.
- agent: Fixed an issue where `consul monitor` would exit on any empty
log line.
- server: Updated raft library to fix issue with machine crashes causing
snapshot files to not get saved to disk
BREAKING CHANGES:
- agent: Added a new `enable_script_checks` configuration option that
defaults to `false`, meaning that in order to allow an agent to run
health checks that execute scripts, this will need to be configured
and set to `true`.
- api: Reworked `context` support in the API client to more closely
match the Go standard library, and added context support to write
requests in addition to read requests.
- ui: Since the UI is now bundled with the application we no longer
provide a separate UI package for downloading.
FEATURES:
- agent: Added a new[`block_endpoints` configuration option that
allows blocking HTTP API endpoints by prefix.
- cli: Added a new `consul catalog` command for reading datacenters,
nodes, and services from the catalog.
- server: (Consul Enterprise) Added a new `consul operator area
update` command and corresponding HTTP endpoint to allow for
transitioning the TLS setting of network areas at runtime.
- server: (Consul Enterprise) Added a new `UpgradeVersionTag` field to
the Autopilot config to allow for using the migration feature to
roll out configuration or cluster changes, without having to upgrade
Consul itself.
IMPROVEMENTS:
- agent: (Consul Enterprise) Snapshot agent rotation uses S3's
pagination API, enabling retaining more than a 100 snapshots.
- agent: Removed registration of the `consul` service from the agent
since it's already handled by the leader.
- agent: Changed /v1/acl/clone response to 403 (from 404) when trying
to clone an ACL that doesn't exist.
- agent: Changed the `consul exec` ACL resolution logic to use the
`acl_agent_token` if it's available.
- agent: Updated memberlist to get latest LAN gossip tuning based on
the Lifeguard paper published by Hashicorp Research.
- api: Added the ability to pass in a `context` as part of the
`QueryOptions` during a request.
- api: Changed signature for "done" channels on `agent.Monitor()` and
`session.RenewPeriodic` methods to make them more compatible with
`context`.
- docs: Added a complete end-to-end example of ACL bootstrapping in
the ACL Guide.
- vendor: Updated golang.org/x/sys/unix to support IBM s390 platforms.
- agent: rewrote Docker health checks without using the Docker client
and its dependencies.
BUG FIXES:
- agent: Fixed an issue where watch plans would take up to 10 minutes
to close their connections and give up their file descriptors after
reloading Consul.
- agent: (Consul Enterprise) Fixed an issue with the snapshot agent
where it could get stuck trying to obtain the leader lock after an
extended server outage.
- agent: Fixed HTTP health checks to allow them to set the `Host`
header correctly on outgoing requests.
- agent: Serf snapshots can now auto recover from disk write errors
without needing a restart.
- agent: Fixed log redacting code to properly remove tokens from log
lines with ACL tokens in the URL itself: `/v1/acl/clone/:uuid`,
`/v1/acl/destroy/:uuid`, `/v1/acl/info/:uuid`.
- agent: Fixed an issue in the Docker client where Docker checks would
get EOF errors trying to connect to a volume-mounted Docker socket.
- agent: Fixed a crash when using Azure auto discovery.
- agent: Added `node` read privileges to the `acl_agent_master_token`
by default so it can see all nodes, which enables it to be used with
operations like `consul members`.
- agent: Fixed an issue where enabling `-disable-keyring-file` would
cause gossip encryption to be disabled.
- agent: Fixed a race condition where checks that are not associated
with any existing services were allowed to persist.
- agent: Stop docker checks on service deregistration and on shutdown.
- server: Updated the Raft library to pull in a fix where servers that
are very far behind in replication can get stuck in a loop trying to
install snapshots.
- server: Fixed a rare but serious deadlock where the Consul leader
routine could get stuck with the Raft internal leader routine while
waiting for the initial barrier after a leader election.
- server: Added automatic cleanup of failed Raft snapshots.
- server: (Consul Enterprise) Fixed an issue where networks areas
would not be able to be added when the server restarts if the Raft
log contained a specific sequence of adds and deletes for network
areas with the same peer datacenter.
- ui: Provided a path to reset the ACL token when the current token is
invalid.
- ui: Removed an extra fetch of the nodes resource when loading the
UI.
- ui: Changed default ACL token type to "client" when creating ACLs.
- ui: Display a 404 error instead of a 200 when trying to load a
nonexistent node.
BREAKING CHANGES:
- agent: Parse values given to `?passing` for health endpoints.
- agent: The default value of `-disable-host-node-id` has been changed
from false to true.
IMPROVEMENTS:
- agent: Added a `-disable-keyring-file` option to prevent writing
keyring data to disk.
- agent: Added automatic notify to systemd on Linux after LAN join is
complete, which makes it easier to order services that depend on
Consul being available.
- agent: The `http_api_response_headers` config has been moved into a
new `http_config` struct, so the old form is still supported but is
deprecated.
- dns: Added support for EDNS(0) size adjustments if set in the
request frame.
- server: Added a startup warning for servers when expecting to
bootstrap with an even number of nodes.
- agent: (Consul Enterprise) Added support for non rotating,
statically named snapshots for S3 snapshots using the snapshot
agent.
BUG FIXES:
- agent: Fixed a regression where configuring -1 for the port was no
longer disabling the DNS server.
- agent: Fix `consul leave` shutdown race.
- agent: Show a better error message than 'EOF' when attempting to
join with the wrong gossip key.
- agent: Fixed an issue where the `Method` and `Header` features of
HTTP health checks were not being applied.
- agent: Fixed an issue where internally-configured watches were not
working because of an incorrect protocol error, and unified internal
watch handling during reloads of the Consul agent.
- server: Fixed an issue where the leader could return stale data
duing queries as it is starting up.
FEATURES:
- agent: Added a method for transitioning to gossip encryption on an
existing cluster
- agent: Added a method for transitioning to TLS on an existing cluster
- agent: Added support for RetryJoin on Azure
- agent: (Consul Enterprise) Added AWS server side encryption support
for S3 snapshots using the snapshot agent.
IMPROVEMENTS:
- agent: Added a check which prevents advertising or setting a service
to a zero address (`0.0.0.0`, `[::]`, `::`).
- agent: Allow binding to any public IPv6 address with `::`
- agent: Removed SCADA-related code for Atlas and deprecated all
Atlas-related configuration options.
- agent: Added support for custom check id and name when registering
checks along with a service.
- agent: Updated go-sockaddr library to add support for new helper
functions in bind address templates (`GetPrivateIPs`, `GetPublicIPs`),
new math functions, and to pick up fixes for issues with detecting
addresses on multi-homed hosts.
- agent: Watches now reset their index back to zero after an error, or
if the index goes backwards, which allows watches to recover after a
server restart with fresh state.
- agent: HTTP health checks now upport custom method and headers.
- agent: Increased the graceful leave timeout from 5 to 15 seconds.
- agent: Added additional logging when the agent handles signals and
when it exits.
- build: Added support for linux/arm64 binaries.
- build: Consul now builds with Go 1.8.3.
- ui: Added a sticky scroll to the KV side panel so the KV edit box
always stays in place.
BUG FIXES:
- agent: Added defensive code to prevent agents from infecting the
network coordinates with `NaN` or `Inf` values, and added code to
clean up in environments where this has happened.
- api: Added code to always read from the body of a request so that
connections will always be returned to the pool.
- build: Added a vendor fix to allow compilation on Illumos.
- cli: Fixed an issue where `consul exec` would return a 0 exit code,
even when there were nodes that didn't respond.
- agent: Fixed an issue where NAT-configured agents with a non-routable
advertise address would refuse to make RPC connections to Consul
servers. This was a regression related to GH-2822 in Consul 0.8.2.
BREAKING CHANGES:
- api: HttpClient now defaults to nil in the client config and will be
generated if left blank. A NewHttpClient function has been added for
creating an HttpClient with a custom Transport or TLS config.
IMPROVEMENTS:
- agent: Added an error at agent startup time if both -ui and -ui-dir
are configured together.
- agent: Added the datacenter of a node to the catalog, health, and
query API endpoints which contain a Node structure.
- agent: Added the ca_path, tls_cipher_suites, and
tls_prefer_server_cipher_suites options to give more flexibility
around configuring TLS.
- agent: Reduced the timeouts for the -dev server mode so that the
development server starts up almost instantly.
- agent: Added verify_incoming_rpc and verify_incoming_https options
for more granular control over incoming TLS enforcement.
- agent: Use bind address as source for outgoing connections.
- api: Added the ACL replication status endpoint to the Go API client
library.
- cli: Added Raft protocol version to output of operator raft
list-peers command.
- ui: Added optional JSON validation when editing KV entries in the
web UI.
- ui: Updated ACL guide links and made guides open in a new tab.
BUG FIXES:
- server: Fixed a panic when the tombstone garbage collector was
stopped.
- server: Fixed a panic in Autopilot that could occur when a node is
elected but cannot complete leader establishment and steps back
down.
- server: Added a new peers.json format that allows outage recovery
when using Raft protocol version 3 and higher. Previously, you'd
have to set the Raft protocol version back to 2 in order to manually
recover a cluster.
- ui: Add and update favicons
IMPROVEMENTS:
- agent: Node IDs derived from host information are now hashed to
prevent things like common server hardware from generating IDs with
a common prefix across nodes.
- agent: Added new -disable-host-node-id CLI flag and
disable_host_node_id config option to the Consul agent to prevent it
from using information from the host when generating a node ID.
- agent: Removed useless "==> Caught signal: broken pipe" logging
since that often results from problems sending telemetry or broken
incoming client connections; operators don't need to be alerted to
these.
- cli: Added TLS options for setting the client/CA certificates to use
when communicating with Consul.
- build: Consul is now built with Go 1.8.1.
- ui: Updates Consul assets to new branding.
BUG FIXES:
- api: Added missing Raft index fields to AgentService and Node
structures.
- server: Fixed an issue where flood joins would not work with IPv6
addresses.
- server: Fixed an issue where electing a 0.8.x leader during an
upgrade would cause a panic in older servers.
- server: Fixed an issue where tracking of leadership changes could
become incorrect when changes occurred very rapidly.
- server: Fixed a panic when checking ACLs on a session that doesn't
exist.
BREAKING CHANGES:
- Command-Line Interface RPC Deprecation: The RPC client interface has
been removed.
- Version 8 ACLs Are Now Opt-Out: The acl_enforce_version_8
configuration now defaults to true to enable full version 8 ACL
support by default.
- Remote Exec Is Now Opt-In: The default for disable_remote_exec was
changed to "true", so now operators need to opt-in to having agents
support running commands remotely via consul exec.
- Raft Protocol Compatibility: When upgrading to Consul 0.8.0 from a
version lower than 0.7.0, users will need to set the -raft-protocol
option to 1 in order to maintain backwards compatibility with the old
servers during the upgrade.
FEATURES:
- Autopilot: A set of features has been added to allow for automatic
operator-friendly management of Consul servers.
- Dead Server Cleanup: Dead servers will periodically be cleaned up and
removed from the Raft peer set
- Server Health Checking: An internal health check has been added to
track the stability of servers.
- New Server Stabilization: When a new server is added to the cluster,
there will be a waiting period where it must be healthy and stable for
a certain amount of time before being promoted to a full, voting member.
- Advanced Redundancy: (Consul Enterprise) A new -non-voting-server
option flag has been added for Consul servers to configure a server
that does not participate in the Raft quorum.
- Upgrade Orchestration: (Consul Enterprise) Autopilot will
automatically orchestrate an upgrade strategy for Consul servers
- Network Areas: (Consul Enterprise) A new capability has been added
which allows operators to define network areas that join together two
Consul datacenters.
- WAN Soft Fail: Request routing between servers in the WAN is now more
robust by treating Serf failures as advisory but not final.
- WAN Join Flooding: A new routine was added that looks for Consul
servers in the LAN and makes sure that they are joined into the WAN as
well.
- Validate command: To provide consistency across our products, the
configtest command has been deprecated and replaced with the validate
command
IMPROVEMENTS:
- agent: Fixed a missing case where gossip would stop flowing to dead
nodes for a short while.
- agent: Changed agent to seed Go's random number generator.
- agent: Serf snapshots no longer have the executable bit set on the
file.
- agent: Consul is now built with Go 1.8.
- agent: Updated aws-sdk-go version (used for EC2 auto join) for Go 1.8
compatibility.
- agent: User-supplied node IDs are now normalized to lower-case.
- agent: Added checks to enforce uniqueness of agent node IDs at cluster
join time and when registering with the catalog.
- cli: Standardized handling of CLI options for connecting to the Consul
agent.
- cli: Updated go-cleanhttp library for better HTTP connection handling
between CLI commands and the Consul agent
- cli: The operator raft subcommand has had its two modes split into the
list-peers and remove-peer subcommands.
- cli: Added an -id flag to the operator raft remove-peer command to
allow removing a peer by ID.
- dns: Allows the .service tag to be optional in RFC 2782 lookups.
- server: Changed the internal EnsureRegistration RPC endpoint to
prevent registering checks that aren't associated with the top-level
node being registered.
BUG FIXES:
- agent: Fixed an issue with consul watch not working when http was
listening on a unix socket.
- agent: Fixed an issue where checks and services could not sync
deregister operations back to the catalog when version 8 ACL support
is enabled.
- agent: Fixed an issue where agents could use the ACL token registered
with a service when registering checks for the same service that were
registered with a different ACL token.
- cli: Fixed consul kv commands not reading the CONSUL_HTTP_TOKEN
environment variable.
- cli: Fixed an issue where prefixing an address with a protocol (such
as 'http://' or 'https://') in -http-addr or CONSUL_HTTP_ADDR would
give an error.
- cli: Fixed an issue where error messages would get printed to stdout
instead of stderr.
- server: Fixed an issue with version 8 ACLs where servers couldn't
deregister nodes from the catalog during reconciliation.
- server: Fixed an issue where servers could temporarily roll back
changes to a node's metadata or tagged addresses when making updates
to the node's health checks.
- server: Fixed an issue where the service name consul was not subject
to service ACL policies with version 8 ACLs enabled.
- server: Fixed a rare but serious issue where Consul servers could
panic when performing a large delete operation followed by a specific
sequence of other updates to related parts of the state store (affects
KV, sessions, prepared queries, and the catalog).
- agent: Integrated gopsutil library to use built in host UUID as node ID,
if available, instead of a randomly generated UUID. This makes it easier
for other applications on the same host to generate the same node ID
without coordinating with Consul.
- agent: Added a configuration option, tls_min_version, for setting the
minimum allowed TLS version used for the HTTP API and RPC.
- agent: Added a relay-factor option to keyring operations to allow nodes
to relay their response through N randomly-chosen other nodes in the
cluster.
- build: Consul is now built with Go 1.7.5.
- dns: Add ability to lookup Consul agents by either their Node ID or Node
Name through the node interface (e.g. DNS (node-id|node-name).node.consul).
- dns: Fixed an issue where SRV lookups for services on a node registered
with non-IP addresses were missing the CNAME record in the additional
section of the response.
FEATURES:
- KV Import/Export CLI: consul kv export and consul kv import can be
used to move parts of the KV tree between disconnected consul
clusters, using JSON as the intermediate representation.
- Node Metadata: Support for assigning user-defined metadata key/value
pairs to nodes has been added.
- Node Identifiers: Consul agents can now be configured with a unique
identifier, or they will generate one at startup that will persist
across agent restarts.
- Improved Blocking Queries: Consul's blocking query implementation was
improved to provide a much more fine-grained mechanism for detecting
changes.
- GCE auto-discovery: New -retry-join-gce configuration options added to
allow bootstrapping by automatically discovering Google Cloud
instances with a given tag at startup.
IMPROVEMENTS:
- build: Consul is now built with Go 1.7.4.
- cli: consul kv get now has a -base64 flag to base 64 encode the value.
- cli: consul kv put now has a -base64 flag for setting values which are
base 64 encoded.
- ui: Added a notice that JS is required when viewing the web UI with JS
disabled.
BUG FIXES:
- agent: Redacted the AWS access key and secret key ID from the
/v1/agent/self output so they are not disclosed.
- agent: Fixed a rare startup panic due to a Raft/Serf race condition.
- cli: Fixed a panic when an empty quoted argument was given to consul
kv put.
- tests: Fixed a race condition with check mock's map usage.
FEATURES:
- Keyring API: A new /v1/operator/keyring HTTP endpoint was added that
allows for performing operations such as list, install, use, and
remove on the encryption keys in the gossip keyring.
- Monitor API: A new /v1/agent/monitor HTTP endpoint was added to allow
for viewing streaming log output from the agent, similar to the consul
monitor command.
- Reload API: A new /v1/agent/reload HTTP endpoint was added for
triggering a reload of the agent's configuration.
- Leave API: A new /v1/agent/leave HTTP endpoint was added for causing
an agent to gracefully shutdown and leave the cluster (previously,
only force-leave was present in the HTTP API).
- Bind Address Templates (beta): Consul agents now allow
go-sockaddr/template syntax to be used for any bind address
configuration (advertise_addr, bind_addr, client_addr, and others).
- Complete ACL Coverage (beta): Consul 0.8 will feature complete ACL
coverage for all of Consul.
IMPROVEMENTS:
- agent: Defaults to ?pretty JSON for HTTP API requests when in -dev
mode.
- agent: Updated Circonus metrics library and added new Circonus
configration options for Consul for customizing check display name and
tags.
- agent: Added a checksum to UDP gossip messages to guard against packet
corruption.
- agent: Check whether a snapshot needs to be taken more often (every 5
seconds instead of 2 minutes) to keep the raft file smaller and to
avoid doing huge truncations when writing lots of entries very quickly.
- agent: Allow gossiping to suspected/recently dead nodes.
- agent: Changed the gossip suspicion timeout to grow smoothly as the
number of nodes grows.
- agent: Added a deprecation notice for Atlas features to the CLI and
docs.
- agent: Give a better error message when the given data-dir is not a
directory.
BUG FIXES:
- agent: Fixed a panic when SIGPIPE signal was received.
- api: Added missing Raft index fields to CatalogService structure.
- api: Added missing notes field to AgentServiceCheck structure.
- api: Changed type of AgentServiceCheck.TLSSkipVerify from string to
bool.
- api: Added new HealthChecks.AggregatedStatus() method that makes it
easy get an overall health status from a list of checks.
- api: Changed type of KVTxnOp.Verb from string to KVOp.
- cli: Fixed an issue with the consul kv put command where a negative
value would be interpreted as an argument to read from standard input.
- ui: Fixed an issue where extra commas would be shown around service
tags.
- ui: Customized Bootstrap config to avoid missing font file references.
- ui: Removed "Deregister" button as removing nodes from the catalog
isn't a common operation and leads to lots of user confusion.
BACKWARDS INCOMPATIBILITIES:
- Child process reaping support has been removed, along with the reap
configuration option.
- The default for max_stale has been increased to a near-indefinite
threshold (10 years) to allow DNS queries to continue to be served in
the event of a long outage with no leader.
- The api package's PreparedQuery.Delete() method now takes WriteOptions
instead of QueryOptions.
FEATURES:
- Key/Value Store Command Line Interface: New consul kv commands were
added for easy access to all basic key/value store operations.
- Snapshot/Restore: A new /v1/snapshot HTTP endpoint and corresponding
set of consul snapshot commands were added for easy point-in-time
snapshots for disaster recovery.
- AWS auto-discovery: New -retry-join-ec2 configuration options added to
allow bootstrapping by automatically discovering AWS instances with a
given tag key/value at startup.
IMPROVEMENTS:
- api: All session options can now be set when using api.Lock().
- agent: Added the ability to bind Serf WAN and LAN to different
interfaces than the general bind address.
- agent: Added a new tls_skip_verify configuration option for HTTP
checks.
- agent: Consul is now built with Go 1.7.3.
BUG FIXES:
- agent: Fixed a Go race issue with log buffering at startup.
- agent: Fixed a panic during anti-entropy sync for services and checks.
- agent: Fixed an issue on Windows where "wsarecv" errors were logged
when CLI commands accessed the RPC interface.
- agent: Syslog initialization will now retry on errors for up to 60
seconds to avoid a race condition at system startup.
- agent: Fixed a panic when both -dev and -bootstrap-expect flags were
provided.
- agent: Added a retry with backoff when a session fails to invalidate
after expiring.
- agent: Fixed an issue where Consul would fail to start because of
leftover malformed check/service state files.
- agent: Fixed agent crashes on macOS Sierra by upgrading Go.
- agent: Log a warning instead of success when attempting to deregister
a nonexistent service.
- api: Trim leading slashes from keys/prefixes when querying KV
endpoints to avoid a bug with redirects in Go 1.7 (golang/go#4800).
- dns: Fixed external services that pointed to consul addresses (CNAME
records) not resolving to A-records.
- dns: Fixed an issue with SRV lookups where the service address was
different from the node's.
- dns: Fixed an issue where truncated records from a recursor query were
improperly reported as errors.
- server: Fixed the port numbers in the sample JSON inside peers.info.
- server: Squashes ACL datacenter name to lower case and checks for
proper formatting at startup.
- ui: Fixed an XSS issue with the display of sessions and ACLs in the
web UI.
BREAKING CHANGES:
- The default behavior of leave_on_terminate and skip_leave_on_interrupt are
now dependent on whether or not the agent is acting as a server or client.
- The allow_stale configuration for DNS queries to the Consul agent now
defaults to true, allowing for better utilization of available Consul
servers and higher throughput at the expense of weaker consistency.
- Output from HTTP checks is truncated to 4k when stored on the servers,
similar to script check output.
- Consul's Go API client will now send ACL tokens using HTTP headers instead
of query parameters, requiring Consul 0.6.0 or later.
- Removed support for protocol version 1, so Consul 0.7 is no longer
compatible with Consul versions prior to 0.3.
- The Raft peers information in consul info has changed format and includes
information about the suffrage of a server, which will be used in future
versions of Consul.
- New translate_wan_addrs behavior from [GH-2118] translates addresses in
HTTP responses and could break clients that are expecting local addresses.
- The behavior of the peers.json file is different in this version of
Consul. This file won't normally be present and is used only during outage
recovery.
- Consul's default Raft timing is now set to work more reliably on
lower-performance servers, which allows small clusters to use lower cost
compute at the expense of reduced performance for failed leader detection
and leader elections.
FEATURES:
- Transactional Key/Value API: A new /v1/txn API was added that allows for
atomic updates to and fetches from multiple entries in the key/value store
inside of an atomic transaction.
- Native ACL Replication: Added a built-in full replication capability for
ACLs.
- Server Connection Rebalancing: Consul agents will now periodically
reconnect to available Consul servers in order to redistribute their RPC
query load.
- Raft Updates and Consul Operator Interface: This version of Consul
upgrades to "stage one" of the v2 HashiCorp Raft library.
- Consul's default Raft timing is now set to work more reliably on
lower-performance servers, which allows small clusters to use lower cost
compute at the expense of reduced performance for failed leader detection
and leader elections.
- Servers will now abort bootstrapping if they detect an existing cluster
with configured Raft peers.
- Added new consul operator command, HTTP endpoint, and associated ACL to
allow Consul operators to view and update the Raft configuration.
- Serf Lifeguard Updates: Implemented a new set of feedback controls for the
gossip layer that help prevent degraded nodes that can't meet the soft
real-time requirements from erroneously causing serfHealth flapping in
other, healthy nodes
- Prepared Query Near Parameter: Prepared queries support baking in a new
Near sorting parameter.
- Automatic Service Deregistration: Added a new
deregister_critical_service_after timeout field for health checks which
will cause the service associated with that check to get deregistered if the
check is critical for longer than the timeout.
- WAN Address Translation Everywhere: Extended the translate_wan_addrs
config option to also translate node addresses in HTTP responses, making
it easy to use this feature from non-DNS clients.
- RPC Retries: Consul will now retry RPC calls that result in "no leader"
errors for up to 5 seconds.
- Circonus Telemetry Support: Added support for Circonus as a telemetry
destination.
IMPROVEMENTS:
- agent: Reap time for failed nodes is now configurable via new
reconnect_timeout and reconnect_timeout_wan config options (use with
caution).
- agent: Joins based on a DNS lookup will use TCP and attempt to join with
the full list of returned addresses.
- agent: Consul will now refuse to start with a helpful message if the same
UNIX socket is used for more than one listening endpoint.
- agent: Removed an obsolete warning message when Consul starts on Windows.
- agent: Defaults bind address to 127.0.0.1 when running in -dev mode.
- agent: Added version information to the log when Consul starts up.
- agent: Added timing metrics for HTTP requests in the form of
consul.http.<verb>.<path>.
- build: Updated all vendored dependencies.
- build: Consul releases are now built with Go 1.6.3.
- checks: Script checks now support an optional timeout parameter.
- checks: HTTP health checks limit saved output to 4K to avoid performance
issues.
- cli: Added a -stale mode for watchers to allow them to pull data from any
Consul server, not just the leader.
- dns: Consul agents can now limit the number of UDP answers returned via
the DNS interface.
- dns: Consul now compresses all DNS responses by default.
- dns: Added a new recursor_timeout configuration option to set the timeout
for Consul's internal DNS client that's used for recursing queries to
upstream DNS servers.
- dns: Added a new -dns-port command line option so this can be set without
a config file.
- ui: Added a new network tomography visualization to the UI.
BUG FIXES:
- agent: Fixed an issue where a health check's output never updates if the
check status doesn't change after the Consul agent starts.
- agent: External services can now be registered with ACL tokens.
- agent: Fixed an issue where large events affecting many nodes could cause
infinite intent rebroadcasts, leading to many log messages about intent
queue overflows.
- agent: Gossip encryption keys are now validated before being made
persistent in the keyring, avoiding delayed feedback at runtime.
- dns: Fixed an issue where DNS requests for SRV records could be
incorrectly trimmed, resulting in an ADDITIONAL section that was out of
sync with the ANSWER.
- dns: Fixed two issues where DNS requests for SRV records on a prepared
query that failed over would report the wrong domain and fail to translate
addresses.
- server: Fixed a deadlock related to sorting the list of available
datacenters by round trip time.
- server: Fixed an issue with the state store's immutable radix tree that
would prevent it from using cached modified objects during transactions,
leading to extra copies and increased memory / GC pressure.
- server: Upgraded Bolt DB to v1.2.1 to fix an issue on Windows where Consul
would sometimes fail to start due to open user-mapped sections.
