Support Etcd v3, enhance KV support

cluster/datastore.go

@@ -76,7 +76,7 @@ func NewDataStore(ctx context.Context, kvSource staert.KvSource, object Object,
 
 func (d *Datastore) watchChanges() error {
 	stopCh := make(chan struct{})
-	kvCh, err := d.kv.Watch(d.lockKey, stopCh)
+	kvCh, err := d.kv.Watch(d.lockKey, stopCh, nil)
 	if err != nil {
 		return err
 	}

docs/configuration/backends/etcd.md

@@ -31,6 +31,16 @@ watch = true
 #
 prefix = "/traefik"
 
+# Force to use API V3 (otherwise still use API V2)
+#
+# Deprecated
+#
+# Optional
+# Default: false
+#
+useAPIV3 = true
+
+
 # Override default configuration template.
 # For advanced users :)
 #
@@ -59,3 +69,7 @@ prefix = "/traefik"
 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
 
 Please refer to the [Key Value storage structure](/user-guide/kv-config/#key-value-storage-structure) section to get documentation on Traefik KV structure.
+
+!!! note
+    The option `useAPIV3` allows using Etcd API V3 only if it's set to true.
+    This option is **deprecated** and API V2 won't be supported in the future.

docs/user-guide/kv-config.md

@@ -322,6 +322,10 @@ As a result, it may be possible for Træfik to read an intermediate configuratio
 To solve this problem, Træfik supports a special key called `/traefik/alias`.
 If set, Træfik use the value as an alternative key prefix.
 
+!!! note
+    The field `useAPIV3` allows using Etcd V3 API which should support updating multiple keys atomically with Etcd.
+    Etcd API V2 is deprecated and, in the future, Træfik will support API V3 by default.
+
 Given the key structure below, Træfik will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity).
 
 | Key                                                                     | Value                       |

examples/cluster/docker-compose.yml

@@ -0,0 +1,210 @@
+version: '2'
+
+services:
+
+  ## KV part ##
+
+  # CONSUL
+
+  consul:
+      image: progrium/consul
+      command: -server -bootstrap -log-level debug -ui-dir /ui
+      ports:
+        - "8400:8400"
+        - "8500:8500"
+        - "8600:53/udp"
+      expose:
+        - "8300"
+        - "8301"
+        - "8301/udp"
+        - "8302"
+        - "8302/udp"
+      networks:
+        net:
+          ipv4_address: 10.0.1.2
+
+  # ETCD V3
+
+  etcd3:
+      image: quay.io/coreos/etcd:v3.2.9
+      command: /usr/local/bin/etcd --data-dir=/etcd-data --name node1 --initial-advertise-peer-urls http://10.0.1.12:2380 --listen-peer-urls http://10.0.1.12:2380 --advertise-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --listen-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001  --initial-cluster node1=http://10.0.1.12:2380 --debug
+      ports:
+        - "4001:4001"
+        - "2380:2380"
+        - "2379:2379"
+      networks:
+        net:
+          ipv4_address: 10.0.1.12
+
+  etcdctl-ping:
+      image: tenstartups/etcdctl
+      command: --endpoints=[10.0.1.12:2379] get "traefik/acme/storagefile"
+      environment:
+          ETCDCTL_DIAL_: "TIMEOUT 10s"
+          ETCDCTL_API : "3"
+      networks:
+        - net
+
+  etcdctl-rm:
+      image: tenstartups/etcdctl
+      command: --endpoints=[10.0.1.12:2379] del "/traefik/acme/storagefile"
+      environment:
+          ETCDCTL_DIAL_: "TIMEOUT 10s"
+          ETCDCTL_API : "3"
+      networks:
+        - net
+
+  ## BOULDER part ##
+
+  boulder:
+      image: containous/boulder:release
+      environment:
+          FAKE_DNS: 172.17.0.1
+          PKCS11_PROXY_SOCKET: tcp://boulder-hsm:5657
+      extra_hosts:
+        - le.wtf:127.0.0.1
+        - boulder:127.0.0.1
+      ports:
+        - 4000:4000 # ACME
+        - 4002:4002 # OCSP
+        - 4003:4003 # OCSP
+        - 4500:4500 # ct-test-srv
+        - 8000:8000 # debug ports
+        - 8001:8001
+        - 8002:8002
+        - 8003:8003
+        - 8004:8004
+        - 8055:8055 # dns-test-srv updates
+        - 9380:9380 # mail-test-srv
+        - 9381:9381 # mail-test-srv
+      restart: unless-stopped
+      depends_on:
+        - bhsm
+        - bmysql
+        - brabbitmq
+      networks:
+        net:
+          ipv4_address: 10.0.1.3
+
+  bhsm:
+      image: letsencrypt/boulder-tools:2016-11-02
+      hostname: boulder-hsm
+      environment:
+          PKCS11_DAEMON_SOCKET: tcp://0.0.0.0:5657
+      command: /usr/local/bin/pkcs11-daemon /usr/lib/softhsm/libsofthsm.so
+      expose:
+        - 5657
+      networks:
+        net:
+          ipv4_address: 10.0.1.4
+          aliases:
+            - boulder-hsm
+  bmysql:
+      image: mariadb:10.1
+      hostname: boulder-mysql
+      environment:
+          MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
+      networks:
+        net:
+          ipv4_address: 10.0.1.5
+          aliases:
+            - boulder-mysql
+
+  brabbitmq:
+      image: rabbitmq:3-alpine
+      hostname: boulder-rabbitmq
+      environment:
+          RABBITMQ_NODE_IP_ADDRESS: "0.0.0.0"
+      networks:
+        net:
+          ipv4_address: 10.0.1.6
+          aliases:
+            - boulder-rabbitmq
+
+  ## TRAEFIK part ##
+
+  traefik-storeconfig:
+      build:
+        context: ../..
+      image: containous/traefik
+      volumes:
+        - "./traefik.toml:/traefik.toml:ro"
+        - "./acme.json:/acme.json:ro"
+      command: storeconfig --debug
+      networks:
+        - net
+
+  traefik01:
+      build:
+        context: ../..
+      image: containous/traefik
+      command: ${TRAEFIK_CMD}
+      extra_hosts:
+        - traefik.boulder.com:172.17.0.1
+      volumes:
+        - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      expose:
+        - "443"
+        - "5001"
+      ports:
+        - "80:80"
+        - "8080:8080"
+        - "443:443"
+        - "5001:443" # Needed for SNI challenge
+      networks:
+        net:
+          ipv4_address: 10.0.1.8
+
+  traefik02:
+      build:
+        context: ../..
+      image: containous/traefik
+      command: ${TRAEFIK_CMD}
+      extra_hosts:
+        - traefik.boulder.com:172.17.0.1
+      volumes:
+        - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      expose:
+        - "443"
+        - "5001"
+      ports:
+        - "88:80"
+        - "8888:8080"
+        - "8443:443"
+      depends_on:
+        - traefik01
+      networks:
+        net:
+          ipv4_address: 10.0.1.9
+
+  whoami01:
+      image: emilevauge/whoami
+      expose:
+        - "80"
+      labels:
+        - "traefik.port=80"
+        - "traefik.backend=wam01"
+        - "traefik.frontend.rule=Host:who01.localhost.com"
+        - "traefik.enable=true"
+      networks:
+        net:
+          ipv4_address: 10.0.1.10
+
+  whoami02:
+      image: emilevauge/whoami
+      expose:
+        - "80"
+      labels:
+        - "traefik.port=80"
+        - "traefik.backend=wam02"
+        - "traefik.frontend.rule=Host:who02.localhost.com"
+        - "traefik.enable=true"
+      networks:
+        - net
+
+networks:
+  net:
+    driver: bridge
+    ipam:
+     config:
+       - subnet: 10.0.1.0/26