Merge tag 'v1.6.3' into master

provider/acme/account.go

@@ -7,7 +7,7 @@ import (
 	"crypto/x509"
 
 	"github.com/containous/traefik/log"
-	acme "github.com/xenolf/lego/acmev2"
+	"github.com/xenolf/lego/acme"
 )
 
 // Account is used to store lets encrypt registration info

provider/acme/challenge.go

@@ -8,7 +8,7 @@ import (
 	"github.com/containous/flaeg"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
-	acme "github.com/xenolf/lego/acmev2"
+	"github.com/xenolf/lego/acme"
 )
 
 func dnsOverrideDelay(delay flaeg.Duration) error {

provider/acme/local_store.go

@@ -60,6 +60,7 @@ func (s *LocalStore) get() (*StoredData, error) {
 					return nil, err
 				}
 				if isOldRegistration {
+					log.Debug("Reset ACME account.")
 					s.storedData.Account = nil
 					s.SaveDataChan <- s.storedData
 				}

provider/acme/provider.go

@@ -22,8 +22,10 @@ import (
 	"github.com/containous/traefik/safe"
 	traefiktls "github.com/containous/traefik/tls"
 	"github.com/containous/traefik/types"
+	"github.com/containous/traefik/version"
 	"github.com/pkg/errors"
-	acme "github.com/xenolf/lego/acmev2"
+	"github.com/xenolf/lego/acme"
+	legolog "github.com/xenolf/lego/log"
 	"github.com/xenolf/lego/providers/dns"
 )
 
@@ -86,10 +88,11 @@ func (p *Provider) SetConfigListenerChan(configFromListenerChan chan types.Confi
 }
 
 func (p *Provider) init() error {
+	acme.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version)
 	if p.ACMELogging {
-		acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
+		legolog.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
 	} else {
-		acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
+		legolog.Logger = fmtlog.New(ioutil.Discard, "", 0)
 	}
 
 	var err error
@@ -103,6 +106,11 @@ func (p *Provider) init() error {
 		return fmt.Errorf("unable to get ACME account : %v", err)
 	}
 
+	// Reset Account if caServer changed, thus registration URI can be updated
+	if p.account != nil && p.account.Registration != nil && !strings.HasPrefix(p.account.Registration.URI, p.CAServer) {
+		p.account = nil
+	}
+
 	p.certificates, err = p.Store.GetCertificates()
 	if err != nil {
 		return fmt.Errorf("unable to get ACME certificates : %v", err)
@@ -227,7 +235,7 @@ func (p *Provider) resolveCertificate(domain types.Domain, domainFromConfigurati
 	}
 	p.addCertificateForDomain(domain, certificate.Certificate, certificate.PrivateKey)
 
-	return &certificate, nil
+	return certificate, nil
 }
 
 func (p *Provider) getClient() (*acme.Client, error) {
@@ -299,7 +307,6 @@ func (p *Provider) getClient() (*acme.Client, error) {
 		}
 		p.client = client
 	}
-
 	return p.client, nil
 }
 

provider/consulcatalog/consul_catalog.go

@@ -2,6 +2,7 @@ package consulcatalog
 
 import (
 	"errors"
+	"fmt"
 	"strconv"
 	"strings"
 	"sync"
@@ -255,7 +256,8 @@ func (p *Provider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[s
 
 	safe.Go(func() {
 		// variable to hold previous state
-		var flashback []string
+		var flashback map[string][]string
+		var flashbackMaintenance []string
 
 		options := &api.QueryOptions{WaitTime: DefaultWatchWaitTime}
 
@@ -267,19 +269,31 @@ func (p *Provider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[s
 			}
 
 			// Listening to changes that leads to `passing` state or degrades from it.
-			healthyState, meta, err := health.State("passing", options)
+			healthyState, meta, err := health.State("any", options)
 			if err != nil {
 				log.WithError(err).Error("Failed to retrieve health checks")
 				notifyError(err)
 				return
 			}
 
-			var current []string
+			var current = make(map[string][]string)
+			var currentFailing = make(map[string]*api.HealthCheck)
+			var maintenance []string
 			if healthyState != nil {
 				for _, healthy := range healthyState {
-					current = append(current, healthy.ServiceID)
+					key := fmt.Sprintf("%s-%s", healthy.Node, healthy.ServiceID)
+					_, failing := currentFailing[key]
+					if healthy.Status == "passing" && !failing {
+						current[key] = append(current[key], healthy.Node)
+					} else if strings.HasPrefix(healthy.CheckID, "_service_maintenance") || strings.HasPrefix(healthy.CheckID, "_node_maintenance") {
+						maintenance = append(maintenance, healthy.CheckID)
+					} else {
+						currentFailing[key] = healthy
+						if _, ok := current[key]; ok {
+							delete(current, key)
+						}
+					}
 				}
-
 			}
 
 			// If LastIndex didn't change then it means `Get` returned
@@ -302,18 +316,26 @@ func (p *Provider) watchHealthState(stopCh <-chan struct{}, watchCh chan<- map[s
 				// A critical note is that the return of a blocking request is no guarantee of a change.
 				// It is possible that there was an idempotent write that does not affect the result of the query.
 				// Thus it is required to do extra check for changes...
-				addedKeys, removedKeys := getChangedStringKeys(current, flashback)
+				addedKeys, removedKeys, changedKeys := getChangedHealth(current, flashback)
+
+				if len(addedKeys) > 0 || len(removedKeys) > 0 || len(changedKeys) > 0 {
+					log.WithField("DiscoveredServices", addedKeys).
+						WithField("MissingServices", removedKeys).
+						WithField("ChangedServices", changedKeys).
+						Debug("Health State change detected.")
 
-				if len(addedKeys) > 0 {
-					log.WithField("DiscoveredServices", addedKeys).Debug("Health State change detected.")
 					watchCh <- data
 					flashback = current
-				}
+					flashbackMaintenance = maintenance
+				} else {
+					addedKeysMaintenance, removedMaintenance := getChangedStringKeys(maintenance, flashbackMaintenance)
 
-				if len(removedKeys) > 0 {
-					log.WithField("MissingServices", removedKeys).Debug("Health State change detected.")
-					watchCh <- data
-					flashback = current
+					if len(addedKeysMaintenance) > 0 || len(removedMaintenance) > 0 {
+						log.WithField("MaintenanceMode", maintenance).Debug("Maintenance change detected.")
+						watchCh <- data
+						flashback = current
+						flashbackMaintenance = maintenance
+					}
 				}
 			}
 		}
@@ -394,6 +416,27 @@ func getChangedStringKeys(currState []string, prevState []string) ([]string, []s
 	return fun.Keys(addedKeys).([]string), fun.Keys(removedKeys).([]string)
 }
 
+func getChangedHealth(current map[string][]string, previous map[string][]string) ([]string, []string, []string) {
+	currKeySet := fun.Set(fun.Keys(current).([]string)).(map[string]bool)
+	prevKeySet := fun.Set(fun.Keys(previous).([]string)).(map[string]bool)
+
+	addedKeys := fun.Difference(currKeySet, prevKeySet).(map[string]bool)
+	removedKeys := fun.Difference(prevKeySet, currKeySet).(map[string]bool)
+
+	var changedKeys []string
+
+	for key, value := range current {
+		if prevValue, ok := previous[key]; ok {
+			addedNodesKeys, removedNodesKeys := getChangedStringKeys(value, prevValue)
+			if len(addedNodesKeys) > 0 || len(removedNodesKeys) > 0 {
+				changedKeys = append(changedKeys, key)
+			}
+		}
+	}
+
+	return fun.Keys(addedKeys).([]string), fun.Keys(removedKeys).([]string), changedKeys
+}
+
 func getChangedIntKeys(currState []int, prevState []int) ([]int, []int) {
 	currKeySet := fun.Set(currState).(map[int]bool)
 	prevKeySet := fun.Set(prevState).(map[int]bool)

provider/kubernetes/kubernetes.go

@@ -6,8 +6,10 @@ import (
 	"errors"
 	"flag"
 	"fmt"
+	"net"
 	"os"
 	"reflect"
+	"strconv"
 	"strings"
 	"text/template"
 	"time"
@@ -319,7 +321,7 @@ func (p *Provider) loadIngresses(k8sClient Client) (*types.Configuration, error)
 									continue
 								}
 								for _, address := range subset.Addresses {
-									url := fmt.Sprintf("%s://%s:%d", protocol, address.IP, endpointPort)
+									url := protocol + "://" + net.JoinHostPort(address.IP, strconv.FormatInt(int64(endpointPort), 10))
 									name := url
 									if address.TargetRef != nil && address.TargetRef.Name != "" {
 										name = address.TargetRef.Name