|
|
|
|
@ -16,6 +16,55 @@ upgrade flow.
|
|
|
|
|
|
|
|
|
|
## Consul 1.11.0 |
|
|
|
|
|
|
|
|
|
### Deprecated Agent Config Options |
|
|
|
|
|
|
|
|
|
The `master` and `agent_master` ACL tokens in the `acl.tokens` config block |
|
|
|
|
have been renamed to `initial_management` and `agent_recovery` respectively. |
|
|
|
|
The old names have been deprecated and will be removed at a future date. |
|
|
|
|
|
|
|
|
|
Consul 1.11.0 is compiled with Go 1.17 and now the ordering of |
|
|
|
|
`tls_cipher_suites` will no longer be honored. Additionally |
|
|
|
|
`tls_prefer_server_cipher_suites` is now ignored. |
|
|
|
|
|
|
|
|
|
### Deprecated Agent Config Options <EnterpriseAlert inline /> |
|
|
|
|
|
|
|
|
|
The config key `audit.sink[].name` is now deprecated. |
|
|
|
|
|
|
|
|
|
### Deprecated CLI Subcommands |
|
|
|
|
|
|
|
|
|
The `consul acl set-agent-token master` subcommand has been replaced with |
|
|
|
|
`consul acl set-agent-token recovery`. The old subcommand is deprecated. |
|
|
|
|
|
|
|
|
|
### Legacy ACL System Removal |
|
|
|
|
|
|
|
|
|
The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. |
|
|
|
|
Before upgrading you should verify that nothing is still using the legacy ACL |
|
|
|
|
system. See the [Migrate Legacy ACL Tokens Learn |
|
|
|
|
Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) |
|
|
|
|
for more information. |
|
|
|
|
|
|
|
|
|
Due to this removal the following endpoints no longer function: |
|
|
|
|
|
|
|
|
|
- [`PUT /v1/acl/create`](/api-docs/acl/legacy#create-acl-token) |
|
|
|
|
- [`PUT /v1/acl/update`](/api-docs/acl/legacy#update-acl-token) |
|
|
|
|
- [`PUT /v1/acl/destroy/`](/api-docs/acl/legacy#delete-acl-token) |
|
|
|
|
- [`GET /v1/acl/info/`](/api-docs/acl/legacy#read-acl-token) |
|
|
|
|
- [`PUT /v1/acl/clone/`](/api-docs/acl/legacy#clone-acl-token) |
|
|
|
|
- [`GET /v1/acl/list`](/api-docs/acl/legacy#list-acls) |
|
|
|
|
- [`GET,POST /v1/acl/rules/translate`](/api-docs/acl#translate-rules) |
|
|
|
|
|
|
|
|
|
### Raft Storage Changes |
|
|
|
|
|
|
|
|
|
The underlying library used for persisting the Raft log to persistent storage |
|
|
|
|
was [upgraded](https://github.com/hashicorp/consul/issues/11720)] from |
|
|
|
|
[`boltdb`](https://pkg.go.dev/github.com/boltdb/bolt) to |
|
|
|
|
[`bbolt`](https://pkg.go.dev/go.etcd.io/bbolt). |
|
|
|
|
|
|
|
|
|
The newer `bbolt` library is compatible with the persisted format generated by |
|
|
|
|
`boltdb` but the reverse is not necessarily guaranteed. Like any Consul upgrade |
|
|
|
|
it is strongly recommended that you take a snapshot of your database if you |
|
|
|
|
expect that you will need to downgrade. |
|
|
|
|
|
|
|
|
|
### Envoy xDS Protocol Upgrades |
|
|
|
|
|
|
|
|
|
As noted in earlier upgrades, previous versions of Consul supported both v2 and v3 |
|
|
|
|
|
R.B. Boyer
3 years ago