./sysutils/consul, Tool for service discovery, monitoring and configuration

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.0.0, Package name: consul-1.0.0, Maintainer: filip

Consul is a tool for service discovery and configuration. Consul
is distributed, highly available, and extremely scalable.

Required to build:

Master sites:

SHA1: db8fe3f4d491425ecee3555654d308f640515b48
RMD160: f74157f9eb9d1ca8401cfb52f5f51d57cee1dd56
Filesize: 7181.926 KB

Version history: (Expand)

CVS history: (Expand)

   2017-10-17 13:39:57 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/consul to 1.0.0


- Fixed an XSS issue with Consul's built-in web UI where node names
  were not being properly escaped.


- Raft Protocol Now Defaults to 3
- Config Files Require an Extension
- Deprecated Options Have Been Removed
- `statsite_prefix` Renamed to `metrics_prefix`
- `advertise_addrs` Removed
- Escaping Behavior Changed for go-discover Configs
- HTTP Verbs are Enforced in Many HTTP APIs
- Unauthorized KV Requests Return 403
- Config Section of Agent Self Endpoint has Changed
- Deprecated `configtest` Command Removed
- Undocumented Flags in `validate` Command Removed
- Metric Names Updated
- Checks Validated On Agent Startup


- Support for HCL Config Files
- Support for Binding to Multiple Addresses
- Support for RFC1434 DNS TXT records
- Support for Running Subproccesses Directly Without a Shell
- Sentinel Integration


- agent: Added support to detect public IPv4 and IPv6 addresses on
- agent: Improved /v1/operator/raft/configuration endpoint which
  allows Consul to avoid an extra agent RPC call for the `consul
  operator raft list-peers` command.
- agent: Improved ACL system for the KV store to support list
  permissions. This behavior can be opted in. For more information,
  see the ACL Guide].
- agent: Updates miekg/dns library to later version to pick up bug
  fixes and improvements.
- agent: Added automatic retries to the RPC path, and a brief RPC
  drain time when servers leave. These changes make Consul more robust
  during graceful leaves of Consul servers, such as during upgrades, and
  help shield applications from "no leader" errors. These are configured
  with new `performance` options.
- agent: Added a new `discard_check_output` agent-level configuration
  option that can be used to trade off write load to the Consul
  servers vs. visibility of health check output. This is reloadable so
  it can be toggled without fully restarting the agent.
- api: Updated the API client to ride out network errors when
  monitoring locks and semaphores.
- build: Updated Go toolchain to version 1.9.1.
- cli: `consul lock` and `consul watch` commands will forward `TERM`
  and `KILL` signals to their child subprocess.
- cli: Added support for autocompletion].
- server: Updated BoltDB to final version 1.3.1.
- server: Improved dead member reap algorithm to fix edge cases where
  servers could get left behind.


- agent: Fixed an issue where disabling both the http and https
  interfaces would cause a watch-related error on agent startup, even
  when no watches were defined.
- agent: Added an additional step to kill health check scripts that
  timeout on all platforms except Windows, and added a wait so that
  it's not possible to run multiple instances of the same health check
  script at the same time.
- cli: If the `consul operator raft list-peers` command encounters an
  error it will now exit with a non-zero exit code.
- cli: CLI commands will now show help for all of their arguments.
- server: Fixed an issue where the leader server could get into a
  state where it was no longer performing the periodic leader loop
  duties and unable to serve consistent reads after a barrier timeout

Full (unabridged) changelog:

  https://github.com/hashicorp/consul/blo … ANGELOG.md
   2017-09-22 12:24:11 by Jonathan Perkin | Files touched by this commit (1)
Log message:
consul: Fix checksums.
   2017-09-11 13:53:06 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/consul to 0.9.3.

- LAN Network Segments: (Consul Enterprise) Added a new Network Segments
  capability which allows users to configure Consul to support segmented
  LAN topologies with multiple, distinct gossip pools.
- WAN Join for Cloud Providers: Added WAN support for retry join for
  cloud providers via go-discover, including Amazon AWS, Microsoft
  Azure, Google Cloud, and SoftLayer. This uses the same "provider" syntax
  supported for `-retry-join` via the `-retry-join-wan` configuration.
- RPC Rate Limiter: Consul agents in client mode have a new `limits`
  configuration that enables a rate limit on RPC calls the agent makes
  to Consul servers.

- agent: Switched to using a read lock for the agent's RPC dispatcher,
  which prevents RPC calls from getting serialized.
- agent: When joining a cluster, Consul now skips the unique node ID
  constraint for Consul members running Consul older than 0.8.5. This
  makes it easier to upgrade to newer versions of Consul in an existing
  cluster with non-unique node IDs.
- build: Upgraded Go version to 1.9.
- server: Consul servers can re-establish quorum after all of them
  change their IP addresses upon a restart.

- agent: Fixed an issue with consul watches not triggering when ACLs are
- agent: Updated memberlist library for a deadlock fix.
- agent: Fixed a panic when retrieving NS or SOA records on Consul
  clients (non-servers). This also changed the Consul server list to
  come from the catalog and not the agent's local state when serving these
  requests, so the results are consistent across a cluster.
- cli: Updated the CLI library to pull in a fix that prevents all
  subcommands from being shown when showing the agent's usage list; now
  just top-level commands are shown.
- server: Fixed an issue with Consul snapshots not saving on Windows
  because of errors with the `fsync` syscall.
   2017-08-17 09:33:28 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/consul to 0.9.2.

## 0.9.2 (August 9, 2017)


- agent: Fixed an issue where the old `-retry-join-{ec2,azure,gce}`
  command line flags were not being honored.
- server: Reverted the change that made unauthorized KV queries return
  403 instead of 404 because it had a minor bug that affected the
  operation of Vault, and in addition to fixing the bug, we identified an
  additional case that needed to be covered.

## 0.9.1 (August 9, 2017)


- Secure ACL Token Introduction: It's now possible to manage Consul's
  ACL tokens without having to place any tokens inside configuration
    * A new `/v1/agent/token` API allows an agent's ACL tokens to be
    * introduced without placing them into config files, and to update
    * them without restarting the agent.
    * A new `/v1/acl/bootstrap` allows a cluster's first management
    * token to be created without using the `acl_master_token`
    * configuration.
- Metrics Viewing Endpoint: A new `/v1/agent/metrics` API displays the
  current values of internally tracked metrics.


- agent: Retry Join for Amazon AWS, Microsoft Azure, Google Cloud, and
  (new) SoftLayer is now handled through the
  https://github.com/hashicorp/go-discover library.
- agent: Reports a more detailed error message if the LAN or WAN Serf
  instance fails to bind to an address.
- agent: Added NS records and corrected SOA records to allow Consul's
  DNS interface to work properly with zone delegation.
- agent: Added support for sending metrics with labels/tags to supported
- agent: Added a new `prefix_filter` option in the `telemetry` config to
  allow fine-grained allowing/blocking the sending of certain metrics by
- cli: Added a `-child-exit-code` option to `consul lock` so that it
  propagates an error code of 2 if the child process exits with an
- docs: Added a new Geo Failover Guide showing how to use prepared
  queries to implement geo failover policies for services.
- docs: Added a new Consul with Containers Guide showing critical
  aspects of operating a Consul cluster that's run inside containers.
- server: Added a `RemoveEmptyTags` option to prepared query templates
  which will strip out any empty strings in the tags list before
  executing a query.
- server: Implemented a much faster recursive delete algorithm for the
  KV store.


- agent: Clean up temporary files during disk write errors when
  persisting services and checks.
- agent: Fixed an issue where DNS and client bind address templates were
  not being parsed via the go-sockaddr library.
- agent: Fixed status code on all KV store operations that fail due to
  an ACL issue. They now return a 403 status code, rather than a 404.
- agent: Fixed quoting issues in script health check on Windows.
- agent: Fixed an issue where `consul monitor` would exit on any empty
  log line.
- server: Updated raft library to fix issue with machine crashes causing
  snapshot files to not get saved to disk
   2017-08-02 19:57:02 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/consul to 0.9.0.


- agent: Added a new `enable_script_checks` configuration option that
  defaults to `false`, meaning that in order to allow an agent to run
  health checks that execute scripts, this will need to be configured
  and set to `true`.
- api: Reworked `context` support in the API client to more closely
  match the Go standard library, and added context support to write
  requests in addition to read requests.
- ui: Since the UI is now bundled with the application we no longer
  provide a separate UI package for downloading.


- agent: Added a new[`block_endpoints` configuration option that
  allows blocking HTTP API endpoints by prefix.
- cli: Added a new `consul catalog` command for reading datacenters,
  nodes, and services from the catalog.
- server: (Consul Enterprise) Added a new `consul operator area
  update` command and corresponding HTTP endpoint to allow for
  transitioning the TLS setting of network areas at runtime.
- server: (Consul Enterprise) Added a new `UpgradeVersionTag` field to
  the Autopilot config to allow for using the migration feature to
  roll out configuration or cluster changes, without having to upgrade
  Consul itself.


- agent: (Consul Enterprise) Snapshot agent rotation uses S3's
  pagination API, enabling retaining more than a 100 snapshots.
- agent: Removed registration of the `consul` service from the agent
  since it's already handled by the leader.
- agent: Changed /v1/acl/clone response to 403 (from 404) when trying
  to clone an ACL that doesn't exist.
- agent: Changed the `consul exec` ACL resolution logic to use the
  `acl_agent_token` if it's available.
- agent: Updated memberlist to get latest LAN gossip tuning based on
  the Lifeguard paper published by Hashicorp Research.
- api: Added the ability to pass in a `context` as part of the
  `QueryOptions` during a request.
- api: Changed signature for "done" channels on `agent.Monitor()` and
  `session.RenewPeriodic` methods to make them more compatible with
- docs: Added a complete end-to-end example of ACL bootstrapping in
  the ACL Guide.
- vendor: Updated golang.org/x/sys/unix to support IBM s390 platforms.
- agent: rewrote Docker health checks without using the Docker client
  and its dependencies.


- agent: Fixed an issue where watch plans would take up to 10 minutes
  to close their connections and give up their file descriptors after
  reloading Consul.
- agent: (Consul Enterprise) Fixed an issue with the snapshot agent
  where it could get stuck trying to obtain the leader lock after an
  extended server outage.
- agent: Fixed HTTP health checks to allow them to set the `Host`
  header correctly on outgoing requests.
- agent: Serf snapshots can now auto recover from disk write errors
  without needing a restart.
- agent: Fixed log redacting code to properly remove tokens from log
  lines with ACL tokens in the URL itself: `/v1/acl/clone/:uuid`,
  `/v1/acl/destroy/:uuid`, `/v1/acl/info/:uuid`.
- agent: Fixed an issue in the Docker client where Docker checks would
  get EOF errors trying to connect to a volume-mounted Docker socket.
- agent: Fixed a crash when using Azure auto discovery.
- agent: Added `node` read privileges to the `acl_agent_master_token`
  by default so it can see all nodes, which enables it to be used with
  operations like `consul members`.
- agent: Fixed an issue where enabling `-disable-keyring-file` would
  cause gossip encryption to be disabled.
- agent: Fixed a race condition where checks that are not associated
  with any existing services were allowed to persist.
- agent: Stop docker checks on service deregistration and on shutdown.
- server: Updated the Raft library to pull in a fix where servers that
  are very far behind in replication can get stuck in a loop trying to
  install snapshots.
- server: Fixed a rare but serious deadlock where the Consul leader
  routine could get stuck with the Raft internal leader routine while
  waiting for the initial barrier after a leader election.
- server: Added automatic cleanup of failed Raft snapshots.
- server: (Consul Enterprise) Fixed an issue where networks areas
  would not be able to be added when the server restarts if the Raft
  log contained a specific sequence of adds and deletes for network
  areas with the same peer datacenter.
- ui: Provided a path to reset the ACL token when the current token is
- ui: Removed an extra fetch of the nodes resource when loading the
- ui: Changed default ACL token type to "client" when creating ACLs.
- ui: Display a 404 error instead of a 200 when trying to load a
  nonexistent node.
   2017-08-01 16:59:08 by Thomas Klausner | Files touched by this commit (211)
Log message:
Follow some http -> https redirects.
   2017-07-03 23:25:03 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update sysutils/consul to 0.8.5.


- agent: Parse values given to `?passing` for health endpoints.
- agent: The default value of `-disable-host-node-id` has been changed
  from false to true.


- agent: Added a `-disable-keyring-file` option to prevent writing
  keyring data to disk.
- agent: Added automatic notify to systemd on Linux after LAN join is
  complete, which makes it easier to order services that depend on
  Consul being available.
- agent: The `http_api_response_headers` config has been moved into a
  new `http_config` struct, so the old form is still supported but is
- dns: Added support for EDNS(0) size adjustments if set in the
  request frame.
- server: Added a startup warning for servers when expecting to
  bootstrap with an even number of nodes.
- agent: (Consul Enterprise) Added support for non rotating,
  statically named snapshots for S3 snapshots using the snapshot


- agent: Fixed a regression where configuring -1 for the port was no
  longer disabling the DNS server.
- agent: Fix `consul leave` shutdown race.
- agent: Show a better error message than 'EOF' when attempting to
  join with the wrong gossip key.
- agent: Fixed an issue where the `Method` and `Header` features of
  HTTP health checks were not being applied.
- agent: Fixed an issue where internally-configured watches were not
  working because of an incorrect protocol error, and unified internal
  watch handling during reloads of the Consul agent.
- server: Fixed an issue where the leader could return stale data
  duing queries as it is starting up.
   2017-06-13 08:09:25 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
## 0.8.4 (June 9, 2017)

- agent: Added a method for transitioning to gossip encryption on an
  existing cluster
- agent: Added a method for transitioning to TLS on an existing cluster
- agent: Added support for RetryJoin on Azure
- agent: (Consul Enterprise) Added AWS server side encryption support
  for S3 snapshots using the snapshot agent.

- agent: Added a check which prevents advertising or setting a service
  to a zero address (``, `[::]`, `::`).
- agent: Allow binding to any public IPv6 address with `::`
- agent: Removed SCADA-related code for Atlas and deprecated all
  Atlas-related configuration options.
- agent: Added support for custom check id and name when registering
  checks along with a service.
- agent: Updated go-sockaddr library to add support for new helper
  functions in bind address templates (`GetPrivateIPs`, `GetPublicIPs`),
  new math functions, and to pick up fixes for issues with detecting
  addresses on multi-homed hosts.
- agent: Watches now reset their index back to zero after an error, or
  if the index goes backwards, which allows watches to recover after a
  server restart with fresh state.
- agent: HTTP health checks now upport custom method and headers.
- agent: Increased the graceful leave timeout from 5 to 15 seconds.
- agent: Added additional logging when the agent handles signals and
  when it exits.
- build: Added support for linux/arm64 binaries.
- build: Consul now builds with Go 1.8.3.
- ui: Added a sticky scroll to the KV side panel so the KV edit box
  always stays in place.

- agent: Added defensive code to prevent agents from infecting the
  network coordinates with `NaN` or `Inf` values, and added code to
  clean up in environments where this has happened.
- api: Added code to always read from the body of a request so that
  connections will always be returned to the pool.
- build: Added a vendor fix to allow compilation on Illumos.
- cli: Fixed an issue where `consul exec` would return a 0 exit code,
  even when there were nodes that didn't respond.