diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index aae14b6097..b14ce1d92e 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -16,6 +16,62 @@ upgrade flow. ## Consul 1.11.0 +### Deprecated Agent Config Options + +Consul 1.11.0 is compiled with Go 1.17 and now the ordering of +`tls_cipher_suites` will no longer be honored. Additionally +`tls_prefer_server_cipher_suites` is now ignored. + +The `master` and `agent_master` ACL tokens in the `acl.tokens` config block +have been renamed to `initial_management` and `agent_recovery` respectively. +The old names have been deprecated and will be removed at a future date. + +Due to this rename the following endpoint is also deprecated: + +- [`PUT /v1/agent/token/agent_master`](/api-docs/agent#update-acl-tokens) + +### Deprecated Agent Config Options + +These config keys are now deprecated: + + - `audit.sink[].name` + - [`dns_config.dns_prefer_namespace`](/docs/agent/options#dns_prefer_namespace) + +### Deprecated CLI Subcommands + +The `consul acl set-agent-token master` subcommand has been replaced with +`consul acl set-agent-token recovery`. The old subcommand is deprecated. + +### Legacy ACL System Removal + +The legacy ACL system that was deprecated in Consul 1.4.0 has been removed. +Before upgrading you should verify that nothing is still using the legacy ACL +system. See the [Migrate Legacy ACL Tokens Learn +Guide](https://learn.hashicorp.com/tutorials/consul/access-control-token-migration) +for more information. + +Due to this removal the following endpoints no longer function: + + - [`PUT /v1/acl/create`](/api-docs/acl/legacy#create-acl-token) + - [`PUT /v1/acl/update`](/api-docs/acl/legacy#update-acl-token) + - [`PUT /v1/acl/destroy/`](/api-docs/acl/legacy#delete-acl-token) + - [`GET /v1/acl/info/`](/api-docs/acl/legacy#read-acl-token) + - [`PUT /v1/acl/clone/`](/api-docs/acl/legacy#clone-acl-token) + - [`GET /v1/acl/list`](/api-docs/acl/legacy#list-acls) + - [`GET,POST /v1/acl/rules/translate`](/api-docs/acl#translate-rules) + +### Raft Storage Changes + +The underlying library used for persisting the Raft log to persistent storage +was [upgraded](https://github.com/hashicorp/consul/issues/11720) from +[`boltdb`](https://pkg.go.dev/github.com/boltdb/bolt) to +[`bbolt`](https://pkg.go.dev/go.etcd.io/bbolt). + +The newer `bbolt` library is compatible with the persisted format generated by +`boltdb` but the reverse is not necessarily guaranteed. Like any Consul upgrade +it is strongly recommended that you take a snapshot of your database if you +expect that you will need to downgrade. + ### Envoy xDS Protocol Upgrades As noted in earlier upgrades, previous versions of Consul supported both v2 and v3