- server: Fixed a rare but serious issue where Consul servers could
panic when performing a large delete operation followed by a specific
sequence of other updates to related parts of the state store (affects
KV, sessions, prepared queries, and the catalog).
- agent: Integrated gopsutil library to use built in host UUID as node ID,
if available, instead of a randomly generated UUID. This makes it easier
for other applications on the same host to generate the same node ID
without coordinating with Consul.
- agent: Added a configuration option, tls_min_version, for setting the
minimum allowed TLS version used for the HTTP API and RPC.
- agent: Added a relay-factor option to keyring operations to allow nodes
to relay their response through N randomly-chosen other nodes in the
cluster.
- build: Consul is now built with Go 1.7.5.
- dns: Add ability to lookup Consul agents by either their Node ID or Node
Name through the node interface (e.g. DNS (node-id|node-name).node.consul).
- dns: Fixed an issue where SRV lookups for services on a node registered
with non-IP addresses were missing the CNAME record in the additional
section of the response.
FEATURES:
- KV Import/Export CLI: consul kv export and consul kv import can be
used to move parts of the KV tree between disconnected consul
clusters, using JSON as the intermediate representation.
- Node Metadata: Support for assigning user-defined metadata key/value
pairs to nodes has been added.
- Node Identifiers: Consul agents can now be configured with a unique
identifier, or they will generate one at startup that will persist
across agent restarts.
- Improved Blocking Queries: Consul's blocking query implementation was
improved to provide a much more fine-grained mechanism for detecting
changes.
- GCE auto-discovery: New -retry-join-gce configuration options added to
allow bootstrapping by automatically discovering Google Cloud
instances with a given tag at startup.
IMPROVEMENTS:
- build: Consul is now built with Go 1.7.4.
- cli: consul kv get now has a -base64 flag to base 64 encode the value.
- cli: consul kv put now has a -base64 flag for setting values which are
base 64 encoded.
- ui: Added a notice that JS is required when viewing the web UI with JS
disabled.
BUG FIXES:
- agent: Redacted the AWS access key and secret key ID from the
/v1/agent/self output so they are not disclosed.
- agent: Fixed a rare startup panic due to a Raft/Serf race condition.
- cli: Fixed a panic when an empty quoted argument was given to consul
kv put.
- tests: Fixed a race condition with check mock's map usage.
FEATURES:
- Keyring API: A new /v1/operator/keyring HTTP endpoint was added that
allows for performing operations such as list, install, use, and
remove on the encryption keys in the gossip keyring.
- Monitor API: A new /v1/agent/monitor HTTP endpoint was added to allow
for viewing streaming log output from the agent, similar to the consul
monitor command.
- Reload API: A new /v1/agent/reload HTTP endpoint was added for
triggering a reload of the agent's configuration.
- Leave API: A new /v1/agent/leave HTTP endpoint was added for causing
an agent to gracefully shutdown and leave the cluster (previously,
only force-leave was present in the HTTP API).
- Bind Address Templates (beta): Consul agents now allow
go-sockaddr/template syntax to be used for any bind address
configuration (advertise_addr, bind_addr, client_addr, and others).
- Complete ACL Coverage (beta): Consul 0.8 will feature complete ACL
coverage for all of Consul.
IMPROVEMENTS:
- agent: Defaults to ?pretty JSON for HTTP API requests when in -dev
mode.
- agent: Updated Circonus metrics library and added new Circonus
configration options for Consul for customizing check display name and
tags.
- agent: Added a checksum to UDP gossip messages to guard against packet
corruption.
- agent: Check whether a snapshot needs to be taken more often (every 5
seconds instead of 2 minutes) to keep the raft file smaller and to
avoid doing huge truncations when writing lots of entries very quickly.
- agent: Allow gossiping to suspected/recently dead nodes.
- agent: Changed the gossip suspicion timeout to grow smoothly as the
number of nodes grows.
- agent: Added a deprecation notice for Atlas features to the CLI and
docs.
- agent: Give a better error message when the given data-dir is not a
directory.
BUG FIXES:
- agent: Fixed a panic when SIGPIPE signal was received.
- api: Added missing Raft index fields to CatalogService structure.
- api: Added missing notes field to AgentServiceCheck structure.
- api: Changed type of AgentServiceCheck.TLSSkipVerify from string to
bool.
- api: Added new HealthChecks.AggregatedStatus() method that makes it
easy get an overall health status from a list of checks.
- api: Changed type of KVTxnOp.Verb from string to KVOp.
- cli: Fixed an issue with the consul kv put command where a negative
value would be interpreted as an argument to read from standard input.
- ui: Fixed an issue where extra commas would be shown around service
tags.
- ui: Customized Bootstrap config to avoid missing font file references.
- ui: Removed "Deregister" button as removing nodes from the catalog
isn't a common operation and leads to lots of user confusion.
BACKWARDS INCOMPATIBILITIES:
- Child process reaping support has been removed, along with the reap
configuration option.
- The default for max_stale has been increased to a near-indefinite
threshold (10 years) to allow DNS queries to continue to be served in
the event of a long outage with no leader.
- The api package's PreparedQuery.Delete() method now takes WriteOptions
instead of QueryOptions.
FEATURES:
- Key/Value Store Command Line Interface: New consul kv commands were
added for easy access to all basic key/value store operations.
- Snapshot/Restore: A new /v1/snapshot HTTP endpoint and corresponding
set of consul snapshot commands were added for easy point-in-time
snapshots for disaster recovery.
- AWS auto-discovery: New -retry-join-ec2 configuration options added to
allow bootstrapping by automatically discovering AWS instances with a
given tag key/value at startup.
IMPROVEMENTS:
- api: All session options can now be set when using api.Lock().
- agent: Added the ability to bind Serf WAN and LAN to different
interfaces than the general bind address.
- agent: Added a new tls_skip_verify configuration option for HTTP
checks.
- agent: Consul is now built with Go 1.7.3.
BUG FIXES:
- agent: Fixed a Go race issue with log buffering at startup.
- agent: Fixed a panic during anti-entropy sync for services and checks.
- agent: Fixed an issue on Windows where "wsarecv" errors were logged
when CLI commands accessed the RPC interface.
- agent: Syslog initialization will now retry on errors for up to 60
seconds to avoid a race condition at system startup.
- agent: Fixed a panic when both -dev and -bootstrap-expect flags were
provided.
- agent: Added a retry with backoff when a session fails to invalidate
after expiring.
- agent: Fixed an issue where Consul would fail to start because of
leftover malformed check/service state files.
- agent: Fixed agent crashes on macOS Sierra by upgrading Go.
- agent: Log a warning instead of success when attempting to deregister
a nonexistent service.
- api: Trim leading slashes from keys/prefixes when querying KV
endpoints to avoid a bug with redirects in Go 1.7 (golang/go#4800).
- dns: Fixed external services that pointed to consul addresses (CNAME
records) not resolving to A-records.
- dns: Fixed an issue with SRV lookups where the service address was
different from the node's.
- dns: Fixed an issue where truncated records from a recursor query were
improperly reported as errors.
- server: Fixed the port numbers in the sample JSON inside peers.info.
- server: Squashes ACL datacenter name to lower case and checks for
proper formatting at startup.
- ui: Fixed an XSS issue with the display of sessions and ACLs in the
web UI.
BREAKING CHANGES:
- The default behavior of leave_on_terminate and skip_leave_on_interrupt are
now dependent on whether or not the agent is acting as a server or client.
- The allow_stale configuration for DNS queries to the Consul agent now
defaults to true, allowing for better utilization of available Consul
servers and higher throughput at the expense of weaker consistency.
- Output from HTTP checks is truncated to 4k when stored on the servers,
similar to script check output.
- Consul's Go API client will now send ACL tokens using HTTP headers instead
of query parameters, requiring Consul 0.6.0 or later.
- Removed support for protocol version 1, so Consul 0.7 is no longer
compatible with Consul versions prior to 0.3.
- The Raft peers information in consul info has changed format and includes
information about the suffrage of a server, which will be used in future
versions of Consul.
- New translate_wan_addrs behavior from [GH-2118] translates addresses in
HTTP responses and could break clients that are expecting local addresses.
- The behavior of the peers.json file is different in this version of
Consul. This file won't normally be present and is used only during outage
recovery.
- Consul's default Raft timing is now set to work more reliably on
lower-performance servers, which allows small clusters to use lower cost
compute at the expense of reduced performance for failed leader detection
and leader elections.
FEATURES:
- Transactional Key/Value API: A new /v1/txn API was added that allows for
atomic updates to and fetches from multiple entries in the key/value store
inside of an atomic transaction.
- Native ACL Replication: Added a built-in full replication capability for
ACLs.
- Server Connection Rebalancing: Consul agents will now periodically
reconnect to available Consul servers in order to redistribute their RPC
query load.
- Raft Updates and Consul Operator Interface: This version of Consul
upgrades to "stage one" of the v2 HashiCorp Raft library.
- Consul's default Raft timing is now set to work more reliably on
lower-performance servers, which allows small clusters to use lower cost
compute at the expense of reduced performance for failed leader detection
and leader elections.
- Servers will now abort bootstrapping if they detect an existing cluster
with configured Raft peers.
- Added new consul operator command, HTTP endpoint, and associated ACL to
allow Consul operators to view and update the Raft configuration.
- Serf Lifeguard Updates: Implemented a new set of feedback controls for the
gossip layer that help prevent degraded nodes that can't meet the soft
real-time requirements from erroneously causing serfHealth flapping in
other, healthy nodes
- Prepared Query Near Parameter: Prepared queries support baking in a new
Near sorting parameter.
- Automatic Service Deregistration: Added a new
deregister_critical_service_after timeout field for health checks which
will cause the service associated with that check to get deregistered if the
check is critical for longer than the timeout.
- WAN Address Translation Everywhere: Extended the translate_wan_addrs
config option to also translate node addresses in HTTP responses, making
it easy to use this feature from non-DNS clients.
- RPC Retries: Consul will now retry RPC calls that result in "no leader"
errors for up to 5 seconds.
- Circonus Telemetry Support: Added support for Circonus as a telemetry
destination.
IMPROVEMENTS:
- agent: Reap time for failed nodes is now configurable via new
reconnect_timeout and reconnect_timeout_wan config options (use with
caution).
- agent: Joins based on a DNS lookup will use TCP and attempt to join with
the full list of returned addresses.
- agent: Consul will now refuse to start with a helpful message if the same
UNIX socket is used for more than one listening endpoint.
- agent: Removed an obsolete warning message when Consul starts on Windows.
- agent: Defaults bind address to 127.0.0.1 when running in -dev mode.
- agent: Added version information to the log when Consul starts up.
- agent: Added timing metrics for HTTP requests in the form of
consul.http.<verb>.<path>.
- build: Updated all vendored dependencies.
- build: Consul releases are now built with Go 1.6.3.
- checks: Script checks now support an optional timeout parameter.
- checks: HTTP health checks limit saved output to 4K to avoid performance
issues.
- cli: Added a -stale mode for watchers to allow them to pull data from any
Consul server, not just the leader.
- dns: Consul agents can now limit the number of UDP answers returned via
the DNS interface.
- dns: Consul now compresses all DNS responses by default.
- dns: Added a new recursor_timeout configuration option to set the timeout
for Consul's internal DNS client that's used for recursing queries to
upstream DNS servers.
- dns: Added a new -dns-port command line option so this can be set without
a config file.
- ui: Added a new network tomography visualization to the UI.
BUG FIXES:
- agent: Fixed an issue where a health check's output never updates if the
check status doesn't change after the Consul agent starts.
- agent: External services can now be registered with ACL tokens.
- agent: Fixed an issue where large events affecting many nodes could cause
infinite intent rebroadcasts, leading to many log messages about intent
queue overflows.
- agent: Gossip encryption keys are now validated before being made
persistent in the keyring, avoiding delayed feedback at runtime.
- dns: Fixed an issue where DNS requests for SRV records could be
incorrectly trimmed, resulting in an ADDITIONAL section that was out of
sync with the ANSWER.
- dns: Fixed two issues where DNS requests for SRV records on a prepared
query that failed over would report the wrong domain and fail to translate
addresses.
- server: Fixed a deadlock related to sorting the list of available
datacenters by round trip time.
- server: Fixed an issue with the state store's immutable radix tree that
would prevent it from using cached modified objects during transactions,
leading to extra copies and increased memory / GC pressure.
- server: Upgraded Bolt DB to v1.2.1 to fix an issue on Windows where Consul
would sometimes fail to start due to open user-mapped sections.
fhajny