Patch looks very trivial:

	// validate and set interface
	if args["interface"] != "" {
		if params.Interface, err = net.InterfaceByName(args["interface"]); err != nil {
			return nil, fmt.Errorf("discover-mdns: Failed to discover host interface(%s): %s", args["interface"], err)
		}
	}

Hello! I'm getting a failure during installation on macOS 10.15. Any ideas? Thank you 😃

$ go get -u github.com/hashicorp/go-discover/cmd/discover          
                                                                                                                                         
# github.com/hashicorp/go-discover/provider/azure
../src/github.com/hashicorp/go-discover/provider/azure/azure_discover.go:93:19: cannot assign "github.com/Azure/go-autorest/autorest".Authorizer to authorizer (type "github.com/hashicorp/go-discover/provider/azure/vendor/github.com/Azure/go-autorest/autorest".Authorizer) in multiple assignment:
	"github.com/Azure/go-autorest/autorest".Authorizer does not implement "github.com/hashicorp/go-discover/provider/azure/vendor/github.com/Azure/go-autorest/autorest".Authorizer (wrong type for WithAuthorization method)
		have WithAuthorization() "github.com/Azure/go-autorest/autorest".PrepareDecorator
		want WithAuthorization() "github.com/hashicorp/go-discover/provider/azure/vendor/github.com/Azure/go-autorest/autorest".PrepareDecorator
../src/github.com/hashicorp/go-discover/provider/azure/azure_discover.go:99:19: cannot assign "github.com/Azure/go-autorest/autorest".Authorizer to authorizer (type "github.com/hashicorp/go-discover/provider/azure/vendor/github.com/Azure/go-autorest/autorest".Authorizer) in multiple assignment:
	"github.com/Azure/go-autorest/autorest".Authorizer does not implement "github.com/hashicorp/go-discover/provider/azure/vendor/github.com/Azure/go-autorest/autorest".Authorizer (wrong type for WithAuthorization method)
		have WithAuthorization() "github.com/Azure/go-autorest/autorest".PrepareDecorator
		want WithAuthorization() "github.com/hashicorp/go-discover/provider/azure/vendor/github.com/Azure/go-autorest/autorest".PrepareDecorator```

https://www.joyent.com/blog/joyent-announces-strategic-change-to-their-public-cloud-business

This is to keep track of this and decide if we want to still support Triton.

Running the gce example in the command line doesn't work, it fails to find any matching zones.

# Google Cloud provider=gce project_name=... zone_pattern=eu-west-* tag_value=consul credentials_file=...

The prefix should be "europe-west" and it is missing a dot before the wildcard. It needs to be changed to something like:

# Google Cloud provider=gce project_name=... zone_pattern=europe-west3-.* tag_value=consul credentials_file=...

I'm trying to use go-discover as part of the cloud-auto-joining feature for Consul. After not being able to configure the retry_join parameter in the agent configuration successfully, I decided to use the discover binary as documented here.

What's strange is that every time I try to run the command, it doesn't seem to like the secret_access_key parameter, and returns discover: secret_access_key: as shown in the screenshot below:

Am I missing something here? I currently have an Azure virtual machine scale set created in the guided-swine resource group. The name of the VMSS is consul.

I'm not sure if this is useful, but here's some additional information from go env:

GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/jasonwalsh/Library/Caches/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/jasonwalsh/go"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/ph/0kqwdgqd5jj9flj8qjw9732c0000gn/T/go-build406674888=/tmp/go-build -gno-record-gcc-switches -fno-common"

Any help would be much appreciated. In the meantime, I'll check out the source code to see if I can identify the issue.

Thanks.

The annotation consul.hashicorp.com/auto-join-port seems to break the connection between the consul servers and clients.

Reproduction steps:

1. Deploy the Consul Helm chart with the default values
2. Wait until you see all the clients and servers 'Running'
3. kubectl edit statefulset <helm-releasename>-consul-server and edit the pod template's annotations to include consul.hashicorp.com/auto-join-port: 8301. Since this is the default gossip port anyways, the expected behavior is that this would work.
4. The consul server pods should restart
5. Observe that the consul client pods stop running and start logging:

    2021-01-07T23:17:50.828Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:34840 error="No known Consul servers"
    2021-01-07T23:18:00.627Z [ERROR] agent: Coordinate update error: error="No known Consul servers"
    2021-01-07T23:18:00.829Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:34884 error="No known Consul servers"
    2021-01-07T23:18:03.309Z [ERROR] agent.anti_entropy: failed to sync remote state: error="No known Consul servers"
    2021-01-07T23:18:10.830Z [ERROR] agent.http: Request error: method=GET url=/v1/status/leader from=127.0.0.1:34926 error="No known Consul servers"

Use case:

When trying to join a consul cluster in Kubernetes with external client agents running on an external VM, you might want to connect on the Kubernetes node IP to the consul servers gossip and RPC ports and to the consul clients gossip ports. To do this, the consul servers in Kubernetes would have to configure their gossip port to be different from the client gossip ports for example, to 9301. For the external client agent to auto-join using the k8s provider, I'd want to add this annotation to the consul server pods to say consul.hashicorp.com/auto-join-port: "9301".

Hi,

We are using the cloud auto join in consul on AWS, but we don't have an Internet Gateway on our VPC so we can't reach the EC2 public endpoint. Instead we have a VPCe to EC2.

I've been searching but I think there's no way to specify this currently by environment variables, and the AWS go-discover provider doesn't allow a change to the endpoint.

I think this could be a useful feature.

Thanks!

A race condition was discovered in the Azure Active Directory client of github.com/Azure/go-autorest/ when refreshing auth tokens, requiring an API change to fix and the bump of the autorest major version from 9 to 10.

go-discover and therefore consul (1.7 to 1.9) are still built against a pre-10 autorest version. It would be awfully nice if they could be switched to the latest autorest 10 release and the matching azure 14.x release (which is out of beta unlike the currently vendored version)

I've no idea if the race is exploitable but in such cases it's better not to try to be smarter than attackers and just apply security fixes.

Azure now supports MSI (Credentials retrieved from Instance Metadata).

Please consider adding support for the same.

When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.

Overview of the Issue

Cloud Auto-Join does not support cases where the region is part of one of the alternative AWS Segments. For example in isob-east-1 region, Consul queries https://ec2.us-isob-east-1.amazonaws.com (this DNS record does not exist). Attempted to specify the region and received the same error.

With packer, you can level customer ec2 endpoints, but cannot with Consul.

Reproduction Steps

Steps to reproduce this issue, eg:

1. Include "retry_join": ["provider=aws tag_key=... tag_value=..."] in server.json configuration file
2. Run consul agent
3. Get error.

Consul info for both Client and Server

Attempting to create 3 node server cluster. Included in config.json "retry_join": ["provider=aws tag_key=cault tag_value=server"]

Getting
[ERR] agent: Join LAN: discover-aws: DescribeInstanceInput failed: RequestError: send request

Operating system and Environment details

Running Centos 7.5 on AWS. Same exact config.json works in us-gov-west-1 region.

Log Fragments

[ERR] agent: Join LAN: discover-aws: DescribeInstanceInput failed: RequestError: send request

Hi, it looks like there is a vulnerability in one of your dependencies: github.com/evanphx/json-patch v4.2.0

Description:

This issue was discovered in the context of an out-of-bound write that occurred when patching an Openshift object using the 'oc patch' functionality.

Link:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632

It looks like it can be fixed by upgrading to version >= 4.4.0.

My account is not empty and I still get no servers from the discover command line:

$ discover addrs provider=scaleway region=par1 organization=$SCALEWAY_ORGANIZATION token=$SCALEWAY_TOKEN
Registered providers: [aliyun aws azure digitalocean gce os packet scaleway softlayer triton vsphere]
[DEBUG] discover: Using provider "scaleway"
[INFO] discover-scaleway: Organization is "951df375-e094-4d26-97c1-ba548eeb9c42"
[INFO] discover-scaleway: Region is "par1"
[DEBUG] discover-scaleway: Found ip addresses: []

Currently, the only way to do discovery in Azure is to

An improvement would be to match the behaviour of something like the AWS discovery, that has a number of different configuration options.

The easiest to hardest would be Environmental variables, and the more complex would be with Role Assignment (ie. you'd only need to provide Tenant ID, the system itself would have the right role assignment to do lookups)

The environment part seems simpler to do so I'll see if I can contribute 👍

For the countless people deploying on Kubernetes, having first class support for this platform is key to avoid vendor-lock to AWS/GCE/Other. Platform neutrality is important to many.

I wrote an extension to support Kubernetes. This extension takes as parameters a namespace name, and label key and value, in keeping with the approaches used with other providers.

A couple questions:

1. Would you be interested in adopting the code into the project?
2. Would you advocate getting the subsequent drop into Consul?

I can work around the adoption process and support for Kubernetes by continuing to create custom builds/distros of Consul, etc. But it sure would be nice to have this part of this project.

https://github.com/continuul/go-discover

Please advise on the best approach.

-Bob

Currently if more than one CI workflow is running the provider tests will conflict with each other, causing jobs to fail. Ex: https://circleci.com/workflow-run/84fab5af-2778-4899-a631-c3ab4970ace4

Generally using CIRCLE_BUILD_NUM as the unique ID works well. 4 of the providers already use a prefix variable in their terraform config. Setting that var to include CIRCLE_BUILD_NUM may fix the problem for those tests. The others provider tests may require more changes to support the unique ID.

Yesterday, my team member need consul only run for OpenStack those have an ipv4 IP address. It would be good if go-discover can filter ipv4/ipv6.

How are you guys think?

Would it be possible to have a Proxmox Provider?

I can see that there is a merge request ready to go! #169

Will this be merged anytime soon?

This is to track progress of implementing go-discover for Packet http://packet.net

Packet has an API for device discovery at https://www.packet.net/developers/api/devices/ labelled "Provides a collection of devices for a given project."

There is a Go SDK called packngo at https://github.com/packethost/packngo
which provides a method at https://github.com/packethost/packngo/blob/master/devices.go#L128 which uses this API endpoint.

From documentation it seems that it's impossible to use Cloud Auto-Join with network segments feature that requires connecting on different port numbers.

Either documentation need to be clarified or feature to be added. :)

I am using go-discover over consul 1.0.2 with openstack and it fails to authenticate because of the by default empty Domain name:

ao := gophercloud.AuthOptions{
		// "domain_id": OS_DOMAIN_ID
		DomainID: "",
		// "domain_name": OS_DOMAIN_NAME
		DomainName:       "",
		IdentityEndpoint: url,
		Username:         username,
		Password:         password,
		TokenID:          token,
		TenantID:         projectID,
	}

2017/12/25 12:07:14 [ERR] agent: Join LAN: discover-os: Authentication failed: You must provide exactly one of DomainID or DomainName to authenticate by Username

Hi

I've tried to use the new auto-join feature in 1.6.1, and the issue is that my vault is running with TLS

my CSR looks like this

Name:               vault-csr
Signer:             kubernetes.io/legacy-unknown
Status:             Approved,Issued
Subject:
  Common Name:    vault.vault.svc
  Serial Number:
Subject Alternative Names:
         DNS Names:     vault
                        vault.vault
                        vault.vault.svc
                        vault.vault.svc.cluster.local
                        vault-0.vault-internal
                        vault-1.vault-internal
                        vault-2.vault-internal
                        localhost
         IP Addresses:  127.0.0.1

the current issue with the k8s provider here is that it returns the Pod IP address which is not in the SAN

my raft config is:

 storage "raft" {
            path = "/vault/data"
            retry_join {
              auto_join = "provider=k8s label_selector=\"app.kubernetes.io/name=vault,component=server\" namespace=\"vault\""
              auto_join_scheme = "https"
              leader_ca_cert_file = "/vault/userconfig/vault-server-tls/vault-ca.pem"
              leader_client_key_file = "/vault/userconfig/vault-server-tls/vault.key"
              leader_client_cert_file = "/vault/userconfig/vault-server-tls/vault.crt"
            }
          }

If we could get the pod name with the service name like vault-0.vault-internal that would work

let me know if there a way to use autojoin with TLS for k8s

None of the refs in: https://github.com/hashicorp/go-discover/blob/master/provider/azure/vendor/vendor.json exist. Is this because Azure has rearranged their repos since this repo used it?

go: verifying k8s.io/[email protected]+incompatible: checksum mismatch
downloaded: h1:tTI4hRmb1DRMl4fG6Vclfdi6nTM82oIrTT7HfitmxC4=
go.sum: h1:7Zl+OVXn0bobcsi4NEZGdoQDTE9ij1zPMfM21+yqQsM=

Consul agent AWS cloud autojoin is working fine on the ECS container instance, but doesn't work when I start the agent in a task with task networking. Presumably this is because the vendored version of aws-sdk-go isn't recent enough to support obtaining credentials via Task Metadata Endpoint version 3, which was only introduced about 14 days ago.

So I was looking through the licenses in hashicorp/consul and noticed that it vendors go-discover which in turn vendors hasicorp/vic (fork of vmware/vic) which has a rather complex license that appears to include GPL style license components. I'm not a lawyer, but I think this is problematic for my use of consul.

Could we consider making vSphere discovery be in a second repository instead of included in this repository? That way people can choose to use vSphere and its licensing if they need it and can feel comfortable with its implications.

It looks like this license issue was introduced in 22221ed (#97). Maybe during the forking of vmware/vic the vendored library was upgraded?

Hello !

I'm trying to build this kind of cluster :

     +------------------+Scaleway PAR1+-----+
     |                                      |
     |                                      |
     |                                      |
     |                                      |
     |        +--------------+              |
     |        |   Consul 1   |              |
     |        +--------------+              |
     |                                      |
+----+------+           +----------------+  |
| Jump host |           |    Consul 2    |  |
+----+------+           +----------------+  |
     |                                      |
     |         +-------------+              |
     |         |   Consul 3  |              |
     |         +-------------+              |
     |                                      |
     |                                      |
     |                                      |
     |                                      |
     +--------------------------------------+

Here, when Consul server is trying to execute retry_join, I've this kind of message in monitor :

agent: Join LAN: discover-scaleway: Head https://cp-ams1.scaleway.com/servers?: dial tcp 51.15.33.64:443: i/o timeout
2018/06/09 15:33:12 [WARN] agent: Join LAN failed: No servers to join, retrying in 30s

That's true, 51.x seems to be a public IP that are not available because as you can see in my quick schema, only Jump Host can access to public.

I don't know why discover is trying to query ams1 server ?

Simple ping seems to be enough to troubleshot :

root@packer-consul-start1s-2018-06-09-14-47-09:~# ping cp-ams1.scaleway.com
PING cp-ams1.scaleway.com (51.15.33.64) 56(84) bytes of data.
^C



root@packer-consul-start1s-2018-06-09-14-47-09:~# ping cp-par1.scaleway.com
PING cp-par1.scaleway.com (212.47.225.64) 56(84) bytes of data.
64 bytes from 64-225-47-212.int.cloud.online.net (212.47.225.64): icmp_seq=1 ttl=59 time=0.498 ms
64 bytes from 64-225-47-212.int.cloud.online.net (212.47.225.64): icmp_seq=2 ttl=59 time=0.579 ms
^C


root@packer-consul-start1s-2018-06-09-14-47-09:~# ping api.scaleway.com
PING api.scaleway.com (212.47.225.64) 56(84) bytes of data.
64 bytes from 64-225-47-212.int.cloud.online.net (212.47.225.64): icmp_seq=1 ttl=59 time=0.480 ms
64 bytes from 64-225-47-212.int.cloud.online.net (212.47.225.64): icmp_seq=2 ttl=59 time=0.664 ms
^C

I think the best may be to use api.scaleway.com, which should be available in all datacenters.

I've tried to look into sources of go-discover. I think we just have to edit this line https://github.com/nicolai86/scaleway-sdk/blob/master/server.go#L196 to use api.scaleway.com (seems to be the same IP than cp.par1.scaleway.com)

I'm OK to test some fixes, but in this case I'll need your help, my last Go code was wrote in 2015... + How to build consul with the fixed discover inside ?

• ping @nicolai86

Thanks for your help !

Why we are using only private ip here? https://github.com/hashicorp/go-discover/blob/master/provider/digitalocean/digitalocean_discover.go#L107
Maybe use public also?

It would be great to have a Consul provider. On clusters where consul is already available, having the ability to discover nodes using the consul catalog nodes API would help avoiding to require cloud-specific providers and cloud-specific credentials.

Could we get an updated readme that lays out the required permissions for each provider.

I am looking at what level of permissions are needed on the service account to use the GCE provider.

https://circleci.com/gh/hashicorp/go-discover/1334

Error: node_version and min_master_version must be set to equivalent values on create

  on main.tf line 14, in resource "google_container_cluster" "cluster":
  14: resource "google_container_cluster" "cluster" {

Hello there!

For those of us, that aren't comfortable with walking through the code, can some note be left about BUS-es?

All i need, really is:

• compile binary (ok)
• run it against aws/gce, providing credentials to list instances (not ok)

Running discover results in "discover: Bus not found" err, couldn't find any examples.

Tried like this:

discover -v -e ata -e pci provider=gce  credentials_file=myfile.json
discover -v -d ata -d pci provider=gce  credentials_file=myfile.json

Thanks a lot in advance!

Azure/autorest-go has support for this but it was added in v12.1.0. go-discover currently ships with v10.7.0.

I tossed up #139 but it is a pretty ignorant go at the issue, anyone is welcome to obsolete that PR.

I can't seem to install this, no doubt because I don't understand how to use Go. But since Hashicorp is recommending it in their vault / consul docs, and it seems like a good tool, I'd like to use it.

I'm on ubuntu, I've done this:

sudo apt-get update
sudo apt-get install golang
sudo go get -u github.com/hashicorp/go-discover/cmd/discover

First, I got an error about not having a gopath setup, then I tried this:

sudo mkdir -p /opt/go-discover
sudo GOPATH=/opt/go-discover go get -u github.com/hashicorp/go-discover/cmd/discover

Which outputs:

package github.com/hashicorp/go-discover/cmd/discover
	imports context: unrecognized import path "context"

And then I still don't have an executable discover. I'm sure this is something silly that would be plainly obvious if I were a go dev, but as someone who just wants to use the tool, I have no idea where to even go from here.

Thanks!

Hi,

Witht the latest releases of:
github.com/dgrijalva/jwt-go (3.1.0)
github.com/Azure/go-autorest (9.7.0)
github.com/Azure/azure-sdk-for-go (12.1.1)

github.com/hashicorp/go-discover/provider/azure

provider/azure/azure_discover.go:49:39: azure.PublicCloud.OAuthConfigForTenant undefined (type azure.Environment has no field or method OAuthConfigForTenant)
provider/azure/azure_discover.go:55:14: undefined: azure.NewServicePrincipalToken
FAIL github.com/hashicorp/go-discover [build failed]

Currently, using consul's cloud auto-join feature allows for only one tag/value pair to be supplied.

Perhaps we should allow for multiple pairs to be supplied for more precise joining to existing clusters. This is useful when there are multiple Consul environments available that share some tags (ie app=consul), but are also differentiated by multiple other tags, for example.

Two possibilities on usage:

"provider=aws tag_key=app tag_value=consul, tag_key=env tag_value=staging"

# Similar to Prometheus' tags:

"provider=aws tag_keys=app;env tag_values=consul;staging"

Hello people,

I've just realized that this project depends on an unexpected version of tencentcloud: https://github.com/hashicorp/go-discover/blob/master/go.mod#L33 :

github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible

The tag v3.0.83 in their repo seems to be gone. I can still build locally because I imagine https://proxy.golang.org still has the cached version. However, it won't build using a configuration like this:

GOPROXY="direct"

So, I was wondering if you have plans for a new version of go-discover using an existing tag for tencentcloud?
In go-discover currently there are no tags (I know you are aware) so, a default v0.0.0 version is used in repos dependent on this one (eg, https://github.com/hashicorp/vault/blob/master/go.mod#L63 )

github.com/hashicorp/go-discover v0.0.0-20201029210230-738cb3105cd0

Edit:
go-kms-wrapping seems to have the same problem. I also created an issue over there.

Thanks a lot

Hello. I have such config to init auto join in consul 1.2.3, 1.3.0

"retry_join": ["provider=digitalocean region=fra1 tag_name=cnslmaster api_token=my-token-here]"],

But on consul agent I have errors

    2018/10/23 07:49:48 [WARN] agent: Join LAN failed: No servers to join, retrying in 30s
    2018/10/23 07:49:59 [ERR] agent: Coordinate update error: No cluster leader
    2018/10/23 07:50:18 [ERR] agent: Join LAN: discover-digitalocean: GET https://api.digitalocean.com/v2/droplets?page=1&per_page=200&tag_name=cnslmaster: 401 Unable to authenticate you.

Checked API answer with curl and it works

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer my-token-here" "https://api.digitalocean.com/v2/droplets?page=1&per_page=1"
...
Response here

Is it possible to fix?

UPD CLI is working

discover addrs provider=digitalocean region=fra1 api_token=my-token-here
Registered providers: [aliyun aws azure digitalocean gce os packet scaleway softlayer triton vsphere]
[DEBUG] discover: Using provider "digitalocean"
[DEBUG] discover-digitalocean: Using region=fra1 tag_name=
[INFO] discover-digitalocean: Found instance consul-serv1 (116188472)
[INFO] discover-digitalocean: Found instance consul-serv2 (116188611) 
[INFO] discover-digitalocean: Found instance consul-serv3 (116188612) 

OpenStack has both "tags" and "metadata". A tag is a single word that can be attached to a server for grouping and searching. Metadata is a key and value that can be assigned to the server for a variety of uses.
The OpenStack provider appears to want metadata since it is a key and a value, but the documentation uses the word "tag" to describe this functionality. Which is it, and how do we get the documentation updated?

Hi,

When migrating from Consul version 0.9.3 to version 1.1.0, Azure join stops working.
From what I could tell the issue is that the Azure management API that is being hit is now hard-coded to an older version.

Using the same configuration files, here is the output I receive from Consul 0.9.3:

2018/06/12 08:56:12 Sending GET https://management.azure.com/subscriptions/{subscriptionID}/providers/Microsoft.Network/networkInterfaces?api-version=2016-09-01

From Consul 1.0.7 (tested to see if there was different behavior):

[ERR] agent: Join LAN: discover-azure: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/{tenantID}/oauth2/token?api-version=1.0 failed with 401 Unauthorized: StatusCode=401

From Consul 1.1.0:

[ERR] agent: Join LAN: discover-azure: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://management.azure.com/subscriptions/{subscriptionID}/providers/Microsoft.Network/networkInterfaces?api-version=2015-06-15: StatusCode=401 -- Original Error: adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 0a5a562e-5ca6-492e-8dce-cabb9b630900\r\nCorrelation ID: 1632a003-32f5-40e3-b95f-5054fa263468\r\nTimestamp: 2018-06-12 08:56:53Z","error_codes":[70002,50012],"timestamp":"2018-06-12 08:56:53Z","trace_id":"0a5a562e-5ca6-492e-8dce-cabb9b630900","correlation_id":"1632a003-32f5-40e3-b95f-5054fa263468"}

The most I could tell is that version 0.9.3 and 1.1.0 use the same authentication method, however version 0.9.3 connects to Azure API version 2016-09-01, whereas latest Consul 1.1.0 - connects to 2015-06-15.

This seems to be hard-coded here:

Azure and Azure China using different endpoint
Could we add support for Azure China

OpenStack provides the ability to create application credentials where a secret, ID & name is created. Gophercloud supports this authentication and the go-discover library would benefit from having this functionality added.

I am using go-discover as a package from within my go application.
Even when I am passing ioutil.Discard to log, I am getting the following debug outputs.

2020/07/12 21:32:40 [DEBUG] discover-aws: Using region=<> tag_key=<> tag_value=asg_1 addr_type=<>
2020/07/12 21:32:40 [DEBUG] discover-aws: Static credentials provided

This is related to #110 .

do i need rebuild consul with the new provider by myself before i can use it ? thanks:)

Using go-discover with go mod lead to interesting errors related to using github.com/Sirupsen/logrus casing in github.com/vmware/vic library.

Steps to reproduce:

mkdir /tmp/go-discover-mod-repo
cd /tmp/go-discover-mod-repo

cat <<'EOF' > main.go
package main
import (
        "fmt"
        "github.com/hashicorp/go-discover"
)
func main() {
        fmt.Println(discover.Discover{})
}
EOF

go mod init example.com/go-discover-mod-repro
go get -u
go get -u

Behavior

I expected go get -u works idempotently and exits successfully, but second command fails:

+ go mod init example.com/go-discover-mod-repro
go: creating new go.mod: module example.com/go-discover-mod-repro
+ go get -u
go: finding github.com/hashicorp/go-discover latest
+ go get -u
go: finding github.com/google/gofuzz latest
go: finding github.com/denverdino/aliyungo latest
go: finding github.com/gopherjs/gopherjs latest
go: finding golang.org/x/sync latest
go: finding k8s.io/api latest
go: finding github.com/jarcoal/httpmock latest
go: finding github.com/smartystreets/assertions latest
go: finding github.com/gophercloud/gophercloud latest
go: github.com/Sirupsen/[email protected]: parsing go.mod: unexpected module path "github.com/sirupsen/logrus"
go: finding golang.org/x/net latest
go: finding golang.org/x/time latest
go: finding github.com/modern-go/concurrent latest
go: finding github.com/tent/http-link-go latest
go get: error loading module requirements

Would it be possible? Hetzner Cloud API supports custom labels.

I've built consul with the latest go-discover including mdns provider and I've tried following:

consul agent -retry-join-wan "provider=mdns service=consul domain=local" -server -data-dir data -bootstrap-expect=3

But I'm node can't see other nodes in the cluster.

This is the output:
`
consul agent -retry-join-wan "provider=mdns service=consul domain=local" -server -data-dir data -bootstrap-expect=3

bootstrap_expect > 0: expecting 3 servers

==> Starting Consul agent...
==> Consul agent running!
Version: '1.4.4-dev'
Node ID: 'f1c85d45-25a2-cf31-7478-99443667a8d4'
Node name: 'PARA-TEST1'
Datacenter: 'dc1' (Segment: '')
Server: true (Bootstrap: false)
Client Addr: [127.0.0.1] (HTTP: 8500, HTTPS: -1, gRPC: -1, DNS: 8600)
Cluster Addr: 10.37.129.6 (LAN: 8301, WAN: 8302)
Encrypt: Gossip: false, TLS-Outgoing: false, TLS-Incoming: false

==> Log data will now stream in as it occurs:

2019/03/21 17:19:51 [INFO] raft: Initial configuration (index=0): []
2019/03/21 17:19:51 [INFO] serf: EventMemberJoin: PARA-TEST1.dc1 10.37.129.6
2019/03/21 17:19:51 [INFO] serf: EventMemberJoin: PARA-TEST1 10.37.129.6
2019/03/21 17:19:51 [INFO] raft: Node at 10.37.129.6:8300 [Follower] entering Follower state (Leader: "")
2019/03/21 17:19:51 [WARN] serf: Failed to re-join any previously known node
2019/03/21 17:19:51 [INFO] consul: Adding LAN server PARA-TEST1 (Addr: tcp/10.37.129.6:8300) (DC: dc1)
2019/03/21 17:19:51 [WARN] serf: Failed to re-join any previously known node
2019/03/21 17:19:51 [INFO] consul: Handled member-join event for server "PARA-TEST1.dc1" in area "wan"
2019/03/21 17:19:51 [INFO] agent: Started DNS server 127.0.0.1:8600 (tcp)
2019/03/21 17:19:51 [INFO] agent: Started DNS server 127.0.0.1:8600 (udp)
2019/03/21 17:19:51 [INFO] agent: Started HTTP server on 127.0.0.1:8500 (tcp)
2019/03/21 17:19:51 [INFO] agent: started state syncer
2019/03/21 17:19:51 [INFO] agent: Retry join WAN is supported for: aliyun aws azure digitalocean gce k8s mdns os packet scaleway softlayer triton vsphere
2019/03/21 17:19:51 [INFO] agent: Joining WAN cluster...
2019/03/21 17:19:56 [INFO] agent: Discovered WAN servers:
2019/03/21 17:19:56 [WARN] agent: Join WAN failed: No servers to join, retrying in 30s
2019/03/21 17:19:58 [ERR] agent: failed to sync remote state: No cluster leader
2019/03/21 17:20:01 [WARN] raft: no known peers, aborting election

==> Failed to check for updates: Get https://checkpoint-api.hashicorp.com/v1/check/consul?arch=amd64&os=windows&signature=8bb40575-0e14-dfae-bab3-57764b7270cf&version=1.4.4-dev: dial tcp: lookup checkpoint-api.hashicorp.com: getaddrinfow: The requested name is valid, but no data of the requested type was found.
`
Same command is running on other nodes.

Hi,

It makes no sense to use access_secret for auto-joining, is it possible to use ecs ram role instead? Thanks.

func (p *Provider) SetUserAgent(s string) {
	p.userAgent = s
}

func (p *Provider) Help() string {
	return `Aliyun(Alibaba Cloud):
    provider:          "aliyun"
    region:            The Aliyun region.
    tag_key:           The tag key to filter on
    tag_value:         The tag value to filter on
    access_key_id:     The Aliyun access key to use
    access_key_secret: The Aliyun access key secret to use
	The required RAM permission is 'ecs:DescribeInstances'.
	It is recommended you make a dedicated key used only for auto-joining.
`
}

This commit added extra debug logging but it uses log.Printf instead of l.Printf so the -q quiet flag is ignored and these lines are written out.

Is it possible to fetch tag value for EC2 instances running in different accounts?
https://www.consul.io/docs/agent/cloud-auto-join.html#amazon-ec2

Let's say that consul servers are running on the same shared account and all agents are in several different AWS accounts, is it possible in some way to discover these instances by sending requests to the local EC2 metadata service (HTTP metadata API) or auto-join feature can be used only in the same AWS account?

Thanks

Please refer to this issue:

hashicorp/consul#4491

Aug 08 12:26:00 ****** consul[5229]:     2018/08/08 12:26:00 [ERR] agent: Join LAN: discover-os: Authentication failed: You must provide exactly one of DomainID or DomainName to authenticate by Username