Consul DNS tag targetting doesn't work

Hello,

I have two services that manage their own configuration and tags (patroni and vault).
e.g. patroni service:

$ curl "http://127.0.0.1:8500/v1/catalog/services"
{"consul":[],"patroni":["replica","master","primary"],"rabbitmq":[],"vault":["active","initialized","standby"]}

$ curl "http://127.0.0.1:8500/v1/agent/services"
{"patroni/master":{"ID":"patroni/master","Service":"patroni","Tags":["master","primary"],"Meta":{},"Port":5432,"Address":"master.node.consul","Weights":{"Passing":1,"Warning":1},"EnableTagOverride":true,"Datacenter":"dc1"}}

But none of my dns requests using tags works like it should.

$ dig patroni.service.consul srv +short
1 1 5432 slave-2.node.consul.
1 1 5432 slave-1.node.consul.
1 1 5432 master.node.consul.
$ dig primary.patroni.service.consul srv +short
1 1 5432 slave-2.node.consul.
1 1 5432 master.node.consul.
1 1 5432 slave-1.node.consul.
$ dig active.vault.service.consul srv +short
1 1 8200 orchestrator-2.node.consul.
1 1 8200 orchestrator-1.node.consul.
1 1 8200 orchestrator-3.node.consul.

Am I missing something ? Here is my configuration:

# consul.conf
advertise_addr = "..."
bootstrap_expect = 3
client_addr = "0.0.0.0"
data_dir = "/consul/data"
node_name = "orchestrator-1"
retry_join = [
 ...
]
server = true

auto_encrypt {
  allow_tls = true
}

tls {
  defaults {
    ca_file = "/etc/certs/rootCA.pem"
    cert_file = "/etc/certs/orchestrator-1.pem"
    key_file = "/etc/certs/orchestrator-1.key"
    verify_incoming = true
    verify_outgoing = true
    verify_server_hostname = true
  }
}

enable_agent_tls_for_checks = true

ui_config = {
  enabled = true
}

@Nelson, what version of Consul are you using?

There was a regression in a recent release that caused tags to be ignored when performing DNS lookups.

This was fixed in Consul 1.18.3 and Consul 1.19.1.

That was it ! I updated from version 1.19 to 1.19.1.
Thank you very much.

This topic was automatically closed 62 days after the last reply. New replies are no longer allowed.