HashiCorp Consul 0.4

HashiCorp Consul 0.4

Sep 05 2014 Armon Dadgar

Today we are proudly releasing Consul 0.4. Consul is a solution for service discovery, configuration, and orchestration. Consul is completely distributed, highly available, and scales to thousands of nodes and services across multiple datacenters.

Consul 0.3 was released two months ago and we've been busy fixing bugs, making improvements, and adding new features.

The major new features added include a fine-grained ACL system, a watch mechanism to invoke callbacks on changes, an event system for custom events such as deploys or service restarts, and remote execution for simplified administration.

Consul 0.4 can be downloaded here, and the full changelog can be viewed here.

Read on to learn more about the major new features in 0.4.

ACL System

» Allow write access to the service folder

key "service/my-app/" { policy = "write" }

» Deny all access to secrets!

key "secrets/" { policy = "deny" }

Additionally, the Web UI has been updated to support ACL management:


This is only a brief look at ACLs in Consul, but there is detailed documentation available, which should be referenced for a more in-depth look.


A common use case for Consul is to watch a list of nodes, services, keys, etc and then update an external application when there is a change. While this has always been possible using the APIs, Consul 0.4 introduces "watches", which simplify this use case.

A watch couples a "view" of data in Consul with a handler that is invoked on changes. Watches can be used to handle updates to KV data, services, nodes, health checks, user events and more. Watches can either be used by providing the proper configuration to an agent, or by using the new consul watch command.

As an example, to capture a list of nodes, the following watch could be used:

$ consul watch -type nodes /usr/local/bin/nodes-handler.sh

This will start a new watch for any changes to the list of nodes and automatically invoke the /usr/local/bin/nodes-handler.sh script on changes.

The use cases are far reaching: dynamic load balancer setup, DNS configuration, application configuration updates, deploy hooks, etc. The watch system makes it simple to interact with Consul in real time without writing code.

Event System

Consul is built on top of Serf which provides a mechanism for reliably propagating events to a cluster. This feature is finally now available in Consul as well using the event command.

By using the peer-to-peer gossip layer, events can quickly be propogated to clusters of any size in a scalable and reliable way. Using the new watch features, any number of event handlers can be setup to handle these events.

For example, an application deploy handler could be setup using a watch:

$ consul watch -type event -name web-deploy /usr/local/bin/web-deploy.sh

Then using the event command the event can be fired:

$ consul event -name web-deploy sha:24323e0

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now