version: bump up to 2.3.8

test: skip govet tests in CI
etcdhttp: fix govet
2017-02-15 19:25:01 -08:00 · 2017-02-15 19:24:37 -08:00 · 2017-02-15 19:17:38 -08:00 · 2017-02-15 19:11:23 -08:00 · 2017-02-15 17:02:50 -08:00 · 2017-02-15 10:24:58 -08:00
2673 changed files with 369284 additions and 239447 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1 @@
+.git
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -1,2 +0,0 @@
-
-Please read https://etcd.io/docs/latest/reporting_bugs/
--- a/.github/ISSUE_TEMPLATE/distributors-application.md
+++ b/.github/ISSUE_TEMPLATE/distributors-application.md
@ -1,28 +0,0 @@
---
-name: Distributors Application
-title: Distributors Application for <YOUR DISTRIBUTION HERE>
-about: Apply for membership of security@etcd.io
---
-
-<!--
-Please answer the following questions and provide supporting evidence for
-meeting the membership criteria.
-->
-
-**Actively monitored security email alias for our project:**
-
-**1. Have a user base not limited to your own organization.**
-
-**2. Have a publicly verifiable track record up to present day of fixing security issues.**
-
-**3. Not be a downstream or rebuild of another distribution.**
-
-**4. Be a participant and active contributor in the community.**
-
-**5. Accept the Embargo Policy.**
-<!-- https://github.com/etcd-io/etcd/blob/main/security/security-release-process.md#disclosures -->
-
-**6. Be willing to contribute back.**
-<!-- Per https://github.com/etcd-io/etcd/blob/main/security/security-release-process.md#patch-release-and-public-communication -->
-
-**7. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.**
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -1,2 +0,0 @@
-
-Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -1,2 +0,0 @@
-
-Please read https://github.com/etcd-io/etcd/blob/main/security/README.md.
--- a/.github/stale.yml
+++ b/.github/stale.yml
@ -1,60 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
-
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 90
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 21
-
-# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - "area/security"
-  - "Investigating"
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Comment to post when marking as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed after 21 days if no further activity
-  occurs. Thank you for your contributions.
-
-# Comment to post when removing the stale label.
-# unmarkComment: >
-#   Your comment here.
-
-# Comment to post when closing a stale Issue or Pull Request.
-# closeComment: >
-#   Your comment here.
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-# Limit to only `issues` or `pulls`
-# only: issues
-
-# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
-# pulls:
-#   daysUntilStale: 30
-#   markComment: >
-#     This pull request has been automatically marked as stale because it has not had
-#     recent activity. It will be closed if no further activity occurs. Thank you
-#     for your contributions.
-
-# issues:
-#   exemptLabels:
-#     - confirmed
--- a/.github/workflows/asset-transparency.yaml
+++ b/.github/workflows/asset-transparency.yaml
@ -1,18 +0,0 @@
-name: Publish Release Assets to Asset Transparency Log
-
-on:
-  release:
-    types: [published, created, edited, released]
-
-jobs:
-  github_release_asset_transparency_log_publish_job:
-    runs-on: ubuntu-latest
-    name: Publish GitHub release asset digests to https://beta-asset.transparencylog.net
-    steps:
-    - name: Gather URLs from GitHub release and publish
-      id: asset-transparency
-      uses: transparencylog/github-releases-asset-transparency-verify-action@v11
-    - name: List verified and published URLs
-      run: echo "Verified URLs ${{ steps.asset-transparency.outputs.verified }}"
-    - name: List failed URLs
-      run: echo "Failed URLs ${{ steps.asset-transparency.outputs.failed }}"
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,67 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ main, release-0.4, release-2.0, release-2.1, release-2.2, release-2.3, release-3.0, release-3.1 ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '20 14 * * 5'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-        # Learn more:
-        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@ -1,35 +0,0 @@
-name: E2E
-on: [push, pull_request]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        target:
-        - linux-amd64-e2e
-        - linux-386-e2e
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        go-version: "^1.16"
-    - run: date
-    - env:
-        TARGET: ${{ matrix.target }}
-      run: |
-        echo "${TARGET}"
-        case "${TARGET}" in
-          linux-amd64-e2e)
-            PASSES='build release e2e' MANUAL_VER=v3.4.7 CPU='4' EXPECT_DEBUG='true' COVER='false' RACE='true' ./test.sh 2>&1 | tee test.log
-            ! egrep "(--- FAIL:|DATA RACE|panic: test timed out|appears to have leaked)" -B50 -A10 test.log
-            ;;
-          linux-386-e2e)
-            GOARCH=386 PASSES='build e2e' CPU='4' EXPECT_DEBUG='true' COVER='false' RACE='true' ./test.sh 2>&1 | tee test.log
-            ! egrep "(--- FAIL:|DATA RACE|panic: test timed out|appears to have leaked)" -B50 -A10 test.log
-            ;;
-          *)
-            echo "Failed to find target"
-            exit 1
-            ;;
-        esac
--- a/.github/workflows/functional.yaml
+++ b/.github/workflows/functional.yaml
@ -1,29 +0,0 @@
-name: functional-tests
-on: [push, pull_request]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        target:
-        - linux-amd64-functional
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        go-version: "^1.16"
-    - run: date
-    - env:
-        TARGET: ${{ matrix.target }}
-      run: |
-        echo "${TARGET}"
-        case "${TARGET}" in
-          linux-amd64-functional)
-            GO_BUILD_FLAGS='-v -mod=readonly' ./build && GOARCH=amd64 PASSES='functional' ./test
-            ;;
-          *)
-            echo "Failed to find target"
-            exit 1
-            ;;
-        esac
--- a/.github/workflows/grpcproxy.yaml
+++ b/.github/workflows/grpcproxy.yaml
@ -1,30 +0,0 @@
-name: grpcProxy-tests
-on: [push, pull_request]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: true
-      matrix:
-        target:
-        - linux-amd64-grpcproxy
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        go-version: "^1.16"
-    - run: date
-    - env:
-        TARGET: ${{ matrix.target }}
-      run: |
-        echo "${TARGET}"
-        case "${TARGET}" in
-          linux-amd64-grpcproxy)
-            PASSES='build grpcproxy'  CPU='4' COVER='false' RACE='true' ./test.sh 2>&1 | tee test.log
-            ! egrep "(--- FAIL:|DATA RACE|panic: test timed out|appears to have leaked)" -B50 -A10 test.log
-            ;;
-          *)
-            echo "Failed to find target"
-            exit 1
-            ;;
-        esac
--- a/.github/workflows/self-hosted-linux-arm64-graviton2-tests.yml
+++ b/.github/workflows/self-hosted-linux-arm64-graviton2-tests.yml
@ -1,19 +0,0 @@
-name: Linux ARM64 Graviton2
-on: [push, pull_request]
-
-jobs:
-  test:
-    runs-on: [self-hosted, linux, ARM64, graviton2]
-    steps:
-      - uses: actions/checkout@v2
-      - name: install dependencies
-        run: |
-          sudo amazon-linux-extras install epel
-          sudo yum install -y git gcc ShellCheck
-      - uses: actions/setup-go@v2
-        with:
-          go-version: "^1.16"
-      - run: go version
-      - run: date
-      - name: Run tests
-        run: TEST_OPTS="PASSES='fmt bom dep build unit integration_e2e'" make test
--- a/.github/workflows/self-hosted-linux-arm64-graviton2-tests.yml.md
+++ b/.github/workflows/self-hosted-linux-arm64-graviton2-tests.yml.md
@ -1,142 +0,0 @@
-
-## Graviton-based self-hosted github action worker
-
-### Step 1. Create an EC2 instance with Graviton
-
-Create an AWS Graviton-based EC2 instance. For example,
-
-```
-# or download from https://github.com/aws/aws-k8s-tester/releases
-cd ${HOME}/go/src/github.com/aws/aws-k8s-tester
-go install -v ./cmd/ec2-utils
-
-# create arm64 AL2 instance
-AWS_K8S_TESTER_EC2_ON_FAILURE_DELETE=true \
-AWS_K8S_TESTER_EC2_LOG_COLOR=true \
-AWS_K8S_TESTER_EC2_REGION=us-west-2 \
-AWS_K8S_TESTER_EC2_S3_BUCKET_CREATE=true \
-AWS_K8S_TESTER_EC2_S3_BUCKET_CREATE_KEEP=true \
-AWS_K8S_TESTER_EC2_REMOTE_ACCESS_KEY_CREATE=true \
-AWS_K8S_TESTER_EC2_ASGS_FETCH_LOGS=false \
-AWS_K8S_TESTER_EC2_ASGS='{"GetRef.Name-arm64-al2-cpu":{"name":"GetRef.Name-arm64-al2-cpu","remote-access-user-name":"ec2-user","ami-type":"AL2_arm_64","image-id-ssm-parameter":"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2","instance-types":["m6g.xlarge"],"volume-size":40,"asg-min-size":1,"asg-max-size":1,"asg-desired-capacity":1}}' \
-AWS_K8S_TESTER_EC2_ROLE_CREATE=true \
-AWS_K8S_TESTER_EC2_VPC_CREATE=true \
-ec2-utils create instances --enable-prompt=true --auto-path
-```
-
-### Step 2. Install github action on the host
-
-SSH into the instance, and install the github action self-hosted runner (see [install scripts](https://github.com/etcd-io/etcd/settings/actions/runners/new?arch=arm64&os=linux)).
-
-### Step 3. Configure github action on the host
-
-SSH into the instance, and configure the github action self-hosted runner.
-
-First, we need disable ICU install (see [actions/runner issue on ARM64](https://github.com/actions/runner/issues/629)):
-
-```
-sudo yum install -y patch
-```
-
-And write this bash script:
-
-```
-#!/bin/bash -e
-
-patch -p1 <<ICU_PATCH
-diff -Naur a/bin/Runner.Listener.runtimeconfig.json b/bin/Runner.Listener.runtimeconfig.json
--- a/bin/Runner.Listener.runtimeconfig.json	2020-07-01 02:21:09.000000000 +0000
-+++ b/bin/Runner.Listener.runtimeconfig.json	2020-07-28 00:02:38.748868613 +0000
-@@ -8,7 +8,8 @@
-       }
-     ],
-     "configProperties": {
-      "System.Runtime.TieredCompilation.QuickJit": true
-+      "System.Runtime.TieredCompilation.QuickJit": true,
-+      "System.Globalization.Invariant": true
-     }
-   }
-}
-\ No newline at end of file
-+}
-diff -Naur a/bin/Runner.PluginHost.runtimeconfig.json b/bin/Runner.PluginHost.runtimeconfig.json
--- a/bin/Runner.PluginHost.runtimeconfig.json	2020-07-01 02:21:22.000000000 +0000
-+++ b/bin/Runner.PluginHost.runtimeconfig.json	2020-07-28 00:02:59.358680003 +0000
-@@ -8,7 +8,8 @@
-       }
-     ],
-     "configProperties": {
-      "System.Runtime.TieredCompilation.QuickJit": true
-+      "System.Runtime.TieredCompilation.QuickJit": true,
-+      "System.Globalization.Invariant": true
-     }
-   }
-}
-\ No newline at end of file
-+}
-diff -Naur a/bin/Runner.Worker.runtimeconfig.json b/bin/Runner.Worker.runtimeconfig.json
--- a/bin/Runner.Worker.runtimeconfig.json	2020-07-01 02:21:16.000000000 +0000
-+++ b/bin/Runner.Worker.runtimeconfig.json	2020-07-28 00:02:19.159028531 +0000
-@@ -8,7 +8,8 @@
-       }
-     ],
-     "configProperties": {
-      "System.Runtime.TieredCompilation.QuickJit": true
-+      "System.Runtime.TieredCompilation.QuickJit": true,
-+      "System.Globalization.Invariant": true
-     }
-   }
-}
-\ No newline at end of file
-+}
-ICU_PATCH
-```
-
-And now patch the github action runner:
-
-```
-cd ${HOME}/actions-runner
-bash patch.sh
-```
-
-```
-patching file bin/Runner.Listener.runtimeconfig.json
-patching file bin/Runner.PluginHost.runtimeconfig.json
-patching file bin/Runner.Worker.runtimeconfig.json
-```
-
-And now configure:
-
-```
-sudo yum install -y wget
-INSTANCE_ID=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)
-echo ${INSTANCE_ID}
-
-# get token from https://github.com/etcd-io/etcd/settings/actions/runners/new?arch=arm64&os=linux
-cd ${HOME}/actions-runner
-./config.sh \
--work "_work" \
--name ${INSTANCE_ID} \
--labels self-hosted,linux,ARM64,graviton2 \
--url https://github.com/etcd-io/etcd \
--token ...
-```
-
-And run:
-
-```
-# run this as a process in the terminal
-cd ${HOME}/actions-runner
-./run.sh
-
-# or run this as a systemd service
-cd ${HOME}/actions-runner
-sudo ./svc.sh install
-sudo ./svc.sh start
-sudo ./svc.sh status
-```
-
-### Step 4. Create github action configuration
-
-See https://github.com/etcd-io/etcd/pull/12928.
-
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@ -1,60 +0,0 @@
-name: Tests
-on: [push, pull_request]
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        target:
-        - linux-amd64-fmt
-        - linux-amd64-integration-1-cpu
-        - linux-amd64-integration-2-cpu
-        - linux-amd64-integration-4-cpu
-        - linux-amd64-unit-4-cpu-race
-        - all-build
-        - linux-386-unit-1-cpu
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-go@v2
-      with:
-        go-version: "^1.16"
-    - run: date
-    - env:
-        TARGET: ${{ matrix.target }}
-      run: |
-        echo "${TARGET}"
-        case "${TARGET}" in
-          linux-amd64-fmt)
-            GOARCH=amd64 PASSES='fmt bom dep' ./test.sh
-            ;;
-          linux-amd64-integration-1-cpu)
-            GOARCH=amd64 CPU=1 PASSES='integration' RACE='false' ./test.sh
-            ;;
-          linux-amd64-integration-2-cpu)
-            GOARCH=amd64 CPU=2 PASSES='integration' RACE='false' ./test.sh
-            ;;
-          linux-amd64-integration-4-cpu)
-            GOARCH=amd64 CPU=4 PASSES='integration' RACE='false' ./test.sh
-            ;;
-          linux-amd64-unit-4-cpu-race)
-            GOARCH=amd64 PASSES='unit' RACE='true' CPU='4' ./test.sh -p=2
-            ;;
-          all-build)
-            GOARCH=amd64 PASSES='build' ./test.sh
-            GOARCH=386 PASSES='build' ./test.sh
-            GO_BUILD_FLAGS='-v -mod=readonly' GOOS=darwin GOARCH=amd64 ./build.sh
-            GO_BUILD_FLAGS='-v -mod=readonly' GOOS=windows GOARCH=amd64 ./build.sh
-            GO_BUILD_FLAGS='-v -mod=readonly' GOARCH=arm ./build.sh
-            GO_BUILD_FLAGS='-v -mod=readonly' GOARCH=arm64 ./build.sh
-            GO_BUILD_FLAGS='-v -mod=readonly' GOARCH=ppc64le ./build.sh
-            GO_BUILD_FLAGS='-v -mod=readonly' GOARCH=s390x ./build.sh
-            ;;
-          linux-386-unit-1-cpu)
-            GOARCH=386 PASSES='unit' RACE='false' CPU='1' ./test -p=4
-            ;;
-          *)
-            echo "Failed to find target"
-            exit 1
-            ;;
-        esac
--- a/.gitignore
+++ b/.gitignore
@ -1,23 +1,13 @@
-/agent-*
 /coverage
-/covdir
 /gopath
-/gopath.proto
-/release
+/go-bindata
+/machine*
 /bin
+.vagrant
 *.etcd
-*.log
-*.swp
 /etcd
+*.swp
 /hack/insta-discovery/.env
-*.coverprofile
 *.test
+tools/functional-tester/docker/bin
 hack/tls-setup/certs
-.idea
-/contrib/raftexample/raftexample
-/contrib/raftexample/raftexample-*
-/vendor
-/tests/e2e/default.proxy
-*.tmp
-*.bak
-.gobincache/
--- a/.godir
+++ b/.godir
@ -0,0 +1 @@
+github.com/coreos/etcd
--- a/.header
+++ b/.header
@ -1,4 +1,4 @@
-// Copyright 2016 The etcd Authors
+// Copyright 2016 CoreOS, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
--- a/.travis.yml
+++ b/.travis.yml
@ -1,51 +1,12 @@
 language: go
-go_import_path: go.etcd.io/etcd/v3
-
-sudo: required
-
-services: docker
+sudo: false

 go:
-  - "1.16.3"
-  - tip
+  - 1.7.5

 notifications:
  on_success: never
  on_failure: never

-env:
-  matrix:
-    - TARGET=linux-amd64-coverage
-    - TARGET=linux-amd64-fmt-unit-go-tip-2-cpu
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    - go: "1.16.3"
-      env: TARGET=linux-amd64-coverage
-    - go: tip
-      env: TARGET=linux-amd64-fmt-unit-go-tip-2-cpu
-  exclude:
-    - go: tip
-      env: TARGET=linux-amd64-coverage
-    - go: "1.16.3"
-      env: TARGET=linux-amd64-fmt-unit-go-tip-2-cpu
-
-before_install:
-  - if [[ $TRAVIS_GO_VERSION == 1.* ]]; then docker pull gcr.io/etcd-development/etcd-test:go${TRAVIS_GO_VERSION}; fi
-
-install:
-  - date
-
 script:
-  - date
-  - echo "TRAVIS_GO_VERSION=${TRAVIS_GO_VERSION}"
-  - >
-    case "${TARGET}" in
-      linux-amd64-coverage)
-        sudo HOST_TMP_DIR=/tmp TEST_OPTS="VERBOSE='1'" make docker-test-coverage
-        ;;
-      linux-amd64-fmt-unit-go-tip-2-cpu)
-        GOARCH=amd64 PASSES='fmt unit' CPU='2' RACE='false' ./test.sh -p=2
-        ;;
-    esac
+ - ./test
--- a/.words
+++ b/.words
@ -1,116 +0,0 @@
-accessors
-addrConns
-args
-atomics
-backoff
-BackoffFunc
-BackoffLinearWithJitter
-Balancer
-BidiStreams
-blackhole
-blackholed
-CallOptions
-cancelable
-cancelation
-ccBalancerWrapper
-clientURLs
-clusterName
-cluster_proxy
-consistentIndex
-ConsistentIndexGetter
-DefaultMaxRequestBytes
-defragment
-defragmenting
-deleter
-dev
-/dev/null
-dev/null
-DNS
-errClientDisconnected
-ErrCodeEnhanceYourCalm
-ErrConnClosing
-ErrRequestTooLarge
-ErrTimeout
-etcd
-FIXME
-github
-GoAway
-goroutine
-goroutines
-gRPC
-grpcAddr
-hasleader
-healthcheck
-hostname
-iff
-inflight
-InfoLevel
-jitter
-jitter
-jitter
-keepalive
-Keepalive
-KeepAlive
-keepalives
-keyspace
-lexically
-lexicographically
-linearizable
-linearization
-linearized
-liveness
-localhost
-__lostleader
-MaxRequestBytes
-MiB
-middleware
-mutators
-mutex
-nils
-nondeterministically
-nop
-OutputWALDir
-parsedTarget
-passthrough
-PermitWithoutStream
-prefetching
-prometheus
-protobuf
-racey
-rafthttp
-rebalanced
-reconnection
-repin
-ResourceExhausted
-retriable
-retriable
-rpc
-RPC
-RPCs
-saveWALAndSnap
-serializable
-ServerStreams
-SHA
-SRV
-statusError
-subConn
-subconns
-SubConns
-teardown
-TestBalancerDoNotBlockOnClose
-todo
-too_many_pings
-transactional
-transferee
-transientFailure
-unbuffered
-uncontended
-unfreed
-unlisting
-unprefixed
-WatchProgressNotifyInterval
-WAL
-WithBackoff
-WithDialer
-WithMax
-WithRequireLeader
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,34 +1,37 @@
 # How to contribute

-etcd is Apache 2.0 licensed and accepts contributions via GitHub pull requests. This document outlines some of the conventions on commit message formatting, contact points for developers, and other resources to help get contributions into etcd.
+etcd is Apache 2.0 licensed and accepts contributions via GitHub pull requests. This document outlines some of the conventions on commit message formatting, contact points for developers and other resources to make getting your contribution into etcd easier.

 # Email and chat

 - Email: [etcd-dev](https://groups.google.com/forum/?hl=en#!forum/etcd-dev)
- IRC: #[etcd](irc://irc.freenode.org:6667/#etcd) IRC channel on freenode.org
- Slack: [#etcd](https://kubernetes.slack.com/messages/C3HD8ARJ5/details/)
+- IRC: #[coreos](irc://irc.freenode.org:6667/#coreos) IRC channel on freenode.org

 ## Getting started

 - Fork the repository on GitHub
 - Read the README.md for build instructions

-## Reporting bugs and creating issues
+## Reporting Bugs and Creating Issues

-Reporting bugs is one of the best ways to contribute. However, a good bug report has some very specific qualities, so please read over our short document on [reporting bugs](https://etcd.io/docs/latest/reporting_bugs) before submitting a bug report. This document might contain links to known issues, another good reason to take a look there before reporting a bug.
+Reporting bugs is one of the best ways to contribute. However, a good bug report
+has some very specific qualities, so please read over our short document on
+[reporting bugs](https://github.com/coreos/etcd/blob/master/Documentation/reporting_bugs.md)
+before you submit your bug report. This document might contain links known
+issues, another good reason to take a look there, before reporting your bug.

 ## Contribution flow

 This is a rough outline of what a contributor's workflow looks like:

- Create a topic branch from where to base the contribution. This is usually main.
+- Create a topic branch from where you want to base your work. This is usually master.
 - Make commits of logical units.
- Make sure commit messages are in the proper format (see below).
- Push changes in a topic branch to a personal fork of the repository.
- Submit a pull request to etcd-io/etcd.
- The PR must receive a LGTM from two maintainers found in the MAINTAINERS file.
+- Make sure your commit messages are in the proper format (see below).
+- Push your changes to a topic branch in your fork of the repository.
+- Submit a pull request to coreos/etcd.
+- Your PR must receive a LGTM from two maintainers found in the MAINTAINERS file.

-Thanks for contributing!
+Thanks for your contributions!

 ### Code style

@ -36,20 +39,17 @@ The coding style suggested by the Golang community is used in etcd. See the [sty

 Please follow this style to make etcd easy to review, maintain and develop.

-### Format of the commit message
+### Format of the Commit Message

 We follow a rough convention for commit messages that is designed to answer two
 questions: what changed and why. The subject line should feature the what and
 the body of the commit should describe the why.

 ```
-etcdserver: add grpc interceptor to log info on incoming requests
+scripts: add the test-cluster command

-To improve debuggability of etcd v3. Added a grpc interceptor to log
-info on incoming requests to etcd server. The log output includes
-remote client info, request content (with value field redacted), request
-handling latency, response size, etc. Uses zap logger if available,
-otherwise uses capnslog.
+this uses tmux to setup a test cluster that you can easily kill and
+start for debugging.

 Fixes #38
 ```
@ -57,38 +57,14 @@ Fixes #38
 The format can be described more formally as follows:

 ```
-<package>: <what changed>
+<subsystem>: <what changed>
 <BLANK LINE>
 <why this change was made>
 <BLANK LINE>
 <footer>
 ```

-The first line is the subject and should be no longer than 70 characters, the second
-line is always blank, and other lines should be wrapped at 80 characters. This allows
-the message to be easier to read on GitHub as well as in various git tools.
-
-### Pull request across multiple files and packages
-
-If multiple files in a package are changed in a pull request for example:
-
-```
-etcdserver/config.go
-etcdserver/corrupt.go
-```
-
-At the end of the review process if multiple commits exist for a single package they
-should be squashed/rebased into a single commit before being merged.
-
-```
-etcdserver: <what changed>
-[..]
-```
-
-If a pull request spans many packages these commits should be squashed/rebased into a single
-commit using message with a more generic `*:` prefix.
-
-```
-*: <what changed>
-[..]
-```
+The first line is the subject and should be no longer than 70 characters, the
+second line is always blank, and other lines should be wrapped at 80 characters.
+This allows the message to be easier to read on GitHub as well as in various
+git tools.
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+FROM golang:onbuild
+EXPOSE 4001 7001 2379 2380
--- a/Dockerfile-release.amd64
+++ b/Dockerfile-release.amd64
@ -1,18 +0,0 @@
-FROM k8s.gcr.io/build-image/debian-base:buster-v1.4.0
-
-ADD etcd /usr/local/bin/
-ADD etcdctl /usr/local/bin/
-ADD etcdutl /usr/local/bin/
-RUN mkdir -p /var/etcd/
-RUN mkdir -p /var/lib/etcd/
-
-# Alpine Linux doesn't use pam, which means that there is no /etc/nsswitch.conf,
-# but Golang relies on /etc/nsswitch.conf to check the order of DNS resolving
-# (see https://github.com/golang/go/commit/9dee7771f561cf6aee081c0af6658cc81fac3918)
-# To fix this we just create /etc/nsswitch.conf and add the following line:
-RUN echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf
-
-EXPOSE 2379 2380
-
-# Define default command.
-CMD ["/usr/local/bin/etcd"]
--- a/Dockerfile-release.arm64
+++ b/Dockerfile-release.arm64
@ -1,13 +0,0 @@
-FROM k8s.gcr.io/build-image/debian-base-arm64:buster-v1.4.0
-
-ADD etcd /usr/local/bin/
-ADD etcdctl /usr/local/bin/
-ADD etcdutl /usr/local/bin/
-ADD var/etcd /var/etcd
-ADD var/lib/etcd /var/lib/etcd
-ENV ETCD_UNSUPPORTED_ARCH=arm64
-
-EXPOSE 2379 2380
-
-# Define default command.
-CMD ["/usr/local/bin/etcd"]
--- a/Dockerfile-release.ppc64le
+++ b/Dockerfile-release.ppc64le
@ -1,12 +0,0 @@
-FROM k8s.gcr.io/build-image/debian-base-ppc64le:buster-v1.4.0
-
-ADD etcd /usr/local/bin/
-ADD etcdctl /usr/local/bin/
-ADD etcdutl /usr/local/bin/
-ADD var/etcd /var/etcd
-ADD var/lib/etcd /var/lib/etcd
-
-EXPOSE 2379 2380
-
-# Define default command.
-CMD ["/usr/local/bin/etcd"]
--- a/Dockerfile-release.s390x
+++ b/Dockerfile-release.s390x
@ -1,12 +0,0 @@
-FROM k8s.gcr.io/build-image/debian-base-s390x:buster-v1.4.0
-
-ADD etcd /usr/local/bin/
-ADD etcdctl /usr/local/bin/
-ADD etcdutl /usr/local/bin/
-ADD var/etcd /var/etcd
-ADD var/lib/etcd /var/lib/etcd
-
-EXPOSE 2379 2380
-
-# Define default command.
-CMD ["/usr/local/bin/etcd"]
--- a/Documentation/04_to_2_snapshot_migration.md
+++ b/Documentation/04_to_2_snapshot_migration.md
@ -0,0 +1,31 @@
+# Snapshot Migration
+
+You can migrate a snapshot of your data from a v0.4.9+ cluster into a new etcd 2.2 cluster using a snapshot migration. After snapshot migration, the etcd indexes of your data will change. Many etcd applications rely on these indexes to behave correctly. This operation should only be done while all etcd applications are stopped.
+
+To get started get the newest data snapshot from the 0.4.9+ cluster:
+
+```
+curl http://cluster.example.com:4001/v2/migration/snapshot > backup.snap
+```
+
+Now, import the snapshot into your new cluster:
+
+```
+etcdctl --endpoint new_cluster.example.com import --snap backup.snap
+```
+
+If you have a large amount of data, you can specify more concurrent works to copy data in parallel by using `-c` flag.
+If you have hidden keys to copy, you can use `--hidden` flag to specify. For example fleet uses `/_coreos.com/fleet` so to import those keys use `--hidden /_coreos.com`.
+
+And the data will quickly copy into the new cluster:
+
+```
+entering dir: /
+entering dir: /foo
+entering dir: /foo/bar
+copying key: /foo/bar/1 1
+entering dir: /
+entering dir: /foo2
+entering dir: /foo2/bar2
+copying key: /foo2/bar2/2 2
+```
--- a/Documentation/README.md
+++ b/Documentation/README.md
@ -1,6 +0,0 @@
-# The etcd documentation
-
-etcd is a distributed key-value store designed to reliably and quickly preserve and provide access to critical data. It enables reliable distributed coordination through distributed locking, leader elections, and write barriers. An etcd cluster is intended for high availability and permanent data storage and retrieval.
-
-These documents have moved to the [etcd-io/website repo](https://github.com/etcd-io/website/), and can be viewed live at [https://etcd.io/docs/latest/](https://etcd.io/docs/latest/).
-
--- a/Documentation/admin_guide.md
+++ b/Documentation/admin_guide.md
@ -0,0 +1,309 @@
+# Administration
+
+## Data Directory
+
+### Lifecycle
+
+When first started, etcd stores its configuration into a data directory specified by the data-dir configuration parameter.
+Configuration is stored in the write ahead log and includes: the local member ID, cluster ID, and initial cluster configuration.
+The write ahead log and snapshot files are used during member operation and to recover after a restart.
+
+Having a dedicated disk to store wal files can improve the throughput and stabilize the cluster. 
+It is highly recommended to dedicate a wal disk and set `--wal-dir` to point to a directory on that device for a production cluster deployment.
+
+If a member’s data directory is ever lost or corrupted then the user should [remove][remove-a-member] the etcd member from the cluster using `etcdctl` tool.
+
+A user should avoid restarting an etcd member with a data directory from an out-of-date backup.
+Using an out-of-date data directory can lead to inconsistency as the member had agreed to store information via raft then re-joins saying it needs that information again.
+For maximum safety, if an etcd member suffers any sort of data corruption or loss, it must be removed from the cluster.
+Once removed the member can be re-added with an empty data directory.
+
+### Contents
+
+The data directory has two sub-directories in it:
+
+1. wal: write ahead log files are stored here. For details see the [wal package documentation][wal-pkg]
+2. snap: log snapshots are stored here. For details see the [snap package documentation][snap-pkg]
+
+If `--wal-dir` flag is set, etcd will write the write ahead log files to the specified directory instead of data directory.
+
+## Cluster Management
+
+### Lifecycle
+
+If you are spinning up multiple clusters for testing it is recommended that you specify a unique initial-cluster-token for the different clusters.
+This can protect you from cluster corruption in case of mis-configuration because two members started with different cluster tokens will refuse members from each other.
+
+### Monitoring
+
+It is important to monitor your production etcd cluster for healthy information and runtime metrics.
+
+#### Health Monitoring
+
+At lowest level, etcd exposes health information via HTTP at `/health` in JSON format. If it returns `{"health": "true"}`, then the cluster is healthy. Please note the `/health` endpoint is still an experimental one as in etcd 2.2.
+
+```
+$ curl -L http://127.0.0.1:2379/health
+
+{"health": "true"}
+```
+
+You can also use etcdctl to check the cluster-wide health information. It will contact all the members of the cluster and collect the health information for you.
+
+```
+$./etcdctl cluster-health 
+member 8211f1d0f64f3269 is healthy: got healthy result from http://127.0.0.1:12379
+member 91bc3c398fb3c146 is healthy: got healthy result from http://127.0.0.1:22379
+member fd422379fda50e48 is healthy: got healthy result from http://127.0.0.1:32379
+cluster is healthy
+```
+
+#### Runtime Metrics
+
+etcd uses [Prometheus][prometheus] for metrics reporting in the server. You can read more through the runtime metrics [doc][metrics].
+
+### Debugging
+
+Debugging a distributed system can be difficult. etcd provides several ways to make debug
+easier.
+
+#### Enabling Debug Logging
+
+When you want to debug etcd without stopping it, you can enable debug logging at runtime.
+etcd exposes logging configuration at `/config/local/log`.
+
+```
+$ curl http://127.0.0.1:2379/config/local/log -XPUT -d '{"Level":"DEBUG"}'
+$ # debug logging enabled
+$
+$ curl http://127.0.0.1:2379/config/local/log -XPUT -d '{"Level":"INFO"}'
+$ # debug logging disabled
+```
+
+#### Debugging Variables
+
+Debug variables are exposed for real-time debugging purposes. Developers who are familiar with etcd can utilize these variables to debug unexpected behavior. etcd exposes debug variables via HTTP at `/debug/vars` in JSON format. The debug variables contains
+`cmdline`, `file_descriptor_limit`, `memstats` and `raft.status`.
+
+`cmdline` is the command line arguments passed into etcd.
+
+`file_descriptor_limit` is the max number of file descriptors etcd can utilize.
+
+`memstats` is explained in detail in the [Go runtime documentation][golang-memstats].
+
+`raft.status` is useful when you want to debug low level raft issues if you are familiar with raft internals. In most cases, you do not need to check `raft.status`.
+
+```json
+{
+"cmdline": ["./etcd"],
+"file_descriptor_limit": 0,
+"memstats": {"Alloc":4105744,"TotalAlloc":42337320,"Sys":12560632,"...":"..."},
+"raft.status": {"id":"ce2a822cea30bfca","term":5,"vote":"ce2a822cea30bfca","commit":23509,"lead":"ce2a822cea30bfca","raftState":"StateLeader","progress":{"ce2a822cea30bfca":{"match":23509,"next":23510,"state":"ProgressStateProbe"}}}
+}
+```
+
+### Optimal Cluster Size
+
+The recommended etcd cluster size is 3, 5 or 7, which is decided by the fault tolerance requirement. A 7-member cluster can provide enough fault tolerance in most cases. While larger cluster provides better fault tolerance the write performance reduces since data needs to be replicated to more machines.
+
+#### Fault Tolerance Table
+
+It is recommended to have an odd number of members in a cluster. Having an odd cluster size doesn't change the number needed for majority, but you gain a higher tolerance for failure by adding the extra member. You can see this in practice when comparing even and odd sized clusters:
+
+| Cluster Size | Majority   | Failure Tolerance |
+|--------------|------------|-------------------|
+| 1 | 1 | 0 |
+| 3 | 2 | 1 |
+| 4 | 3 | 1 |
+| 5 | 3 | **2** |
+| 6 | 4 | 2 |
+| 7 | 4 | **3** |
+| 8 | 5 | 3 |
+| 9 | 5 | **4** |
+
+As you can see, adding another member to bring the size of cluster up to an odd size is always worth it. During a network partition, an odd number of members also guarantees that there will almost always be a majority of the cluster that can continue to operate and be the source of truth when the partition ends.
+
+#### Changing Cluster Size
+
+After your cluster is up and running, adding or removing members is done via [runtime reconfiguration][runtime-reconfig], which allows the cluster to be modified without downtime. The `etcdctl` tool has `member list`, `member add` and `member remove` commands to complete this process.
+
+### Member Migration
+
+When there is a scheduled machine maintenance or retirement, you might want to migrate an etcd member to another machine without losing the data and changing the member ID.
+
+The data directory contains all the data to recover a member to its point-in-time state. To migrate a member:
+
+* Stop the member process.
+* Copy the data directory of the now-idle member to the new machine.
+* Update the peer URLs for the replaced member to reflect the new machine according to the [runtime reconfiguration instructions][update-a-member].
+* Start etcd on the new machine, using the same configuration and the copy of the data directory.
+
+This example will walk you through the process of migrating the infra1 member to a new machine:
+
+|Name|Peer URL|
+|------|--------------|
+|infra0|10.0.1.10:2380|
+|infra1|10.0.1.11:2380|
+|infra2|10.0.1.12:2380|
+
+```sh
+$ export ETCDCTL_ENDPOINT=http://10.0.1.10:2379,http://10.0.1.11:2379,http://10.0.1.12:2379
+```
+
+```sh
+$ etcdctl member list
+84194f7c5edd8b37: name=infra0 peerURLs=http://10.0.1.10:2380 clientURLs=http://127.0.0.1:2379,http://10.0.1.10:2379
+b4db3bf5e495e255: name=infra1 peerURLs=http://10.0.1.11:2380 clientURLs=http://127.0.0.1:2379,http://10.0.1.11:2379
+bc1083c870280d44: name=infra2 peerURLs=http://10.0.1.12:2380 clientURLs=http://127.0.0.1:2379,http://10.0.1.12:2379
+```
+
+#### Stop the member etcd process
+
+```sh
+$ ssh 10.0.1.11
+```
+
+```sh
+$ kill `pgrep etcd`
+```
+
+#### Copy the data directory of the now-idle member to the new machine
+
+```
+$ tar -cvzf infra1.etcd.tar.gz %data_dir%
+```
+
+```sh
+$ scp infra1.etcd.tar.gz 10.0.1.13:~/
+```
+
+#### Update the peer URLs for that member to reflect the new machine
+
+```sh
+$ curl http://10.0.1.10:2379/v2/members/b4db3bf5e495e255 -XPUT \
+-H "Content-Type: application/json" -d '{"peerURLs":["http://10.0.1.13:2380"]}'
+```
+
+Or use `etcdctl member update` command
+
+```sh
+$ etcdctl member update b4db3bf5e495e255 http://10.0.1.13:2380
+```
+
+#### Start etcd on the new machine, using the same configuration and the copy of the data directory
+
+```sh
+$ ssh 10.0.1.13
+```
+
+```sh
+$ tar -xzvf infra1.etcd.tar.gz -C %data_dir%
+```
+
+```
+etcd -name infra1 \
+-listen-peer-urls http://10.0.1.13:2380 \
+-listen-client-urls http://10.0.1.13:2379,http://127.0.0.1:2379 \
+-advertise-client-urls http://10.0.1.13:2379,http://127.0.0.1:2379
+```
+
+### Disaster Recovery
+
+etcd is designed to be resilient to machine failures. An etcd cluster can automatically recover from any number of temporary failures (for example, machine reboots), and a cluster of N members can tolerate up to _(N-1)/2_ permanent failures (where a member can no longer access the cluster, due to hardware failure or disk corruption). However, in extreme circumstances, a cluster might permanently lose enough members such that quorum is irrevocably lost. For example, if a three-node cluster suffered two simultaneous and unrecoverable machine failures, it would be normally impossible for the cluster to restore quorum and continue functioning.
+
+To recover from such scenarios, etcd provides functionality to backup and restore the datastore and recreate the cluster without data loss.
+
+#### Backing up the datastore
+
+**NB:** Windows users must stop etcd before running the backup command.
+
+The first step of the recovery is to backup the data directory and wal directory, if stored separately, on a functioning etcd node. To do this, use the `etcdctl backup` command, passing in the original data (and wal) directory used by etcd. For example:
+
+```sh
+    etcdctl backup \
+      --data-dir %data_dir% \
+      [--wal-dir %wal_dir%] \
+      --backup-dir %backup_data_dir%
+      [--backup-wal-dir %backup_wal_dir%]
+```
+
+This command will rewrite some of the metadata contained in the backup (specifically, the node ID and cluster ID), which means that the node will lose its former identity. In order to recreate a cluster from the backup, you will need to start a new, single-node cluster. The metadata is rewritten to prevent the new node from inadvertently being joined onto an existing cluster.
+
+#### Restoring a backup
+
+To restore a backup using the procedure created above, start etcd with the `-force-new-cluster` option and pointing to the backup directory. This will initialize a new, single-member cluster with the default advertised peer URLs, but preserve the entire contents of the etcd data store. Continuing from the previous example:
+
+```sh
+    etcd \
+      -data-dir=%backup_data_dir% \
+      [-wal-dir=%backup_wal_dir%] \
+      -force-new-cluster \
+      ...
+```
+
+Now etcd should be available on this node and serving the original datastore.
+
+Once you have verified that etcd has started successfully, shut it down and move the data and wal, if stored separately, back to the previous location (you may wish to make another copy as well to be safe):
+
+```sh
+    pkill etcd
+    rm -fr %data_dir%
+    rm -fr %wal_dir%
+    mv %backup_data_dir% %data_dir%
+    mv %backup_wal_dir% %wal_dir%
+    etcd \
+      -data-dir=%data_dir% \
+      [-wal-dir=%wal_dir%] \
+      ...
+```
+
+#### Restoring the cluster
+
+Now that the node is running successfully, [change its advertised peer URLs][update-a-member], as the `--force-new-cluster` option has set the peer URL to the default listening on localhost.
+
+You can then add more nodes to the cluster and restore resiliency. See the [add a new member][add-a-member] guide for more details. **NB:** If you are trying to restore your cluster using old failed etcd nodes, please make sure you have stopped old etcd instances and removed their old data directories specified by the data-dir configuration parameter.
+
+### Client Request Timeout
+
+etcd sets different timeouts for various types of client requests. The timeout value is not tunable now, which will be improved soon (https://github.com/coreos/etcd/issues/2038).
+
+#### Get requests
+
+Timeout is not set for get requests, because etcd serves the result locally in a non-blocking way.
+
+**Note**: QuorumGet request is a different type, which is mentioned in the following sections.
+
+#### Watch requests
+
+Timeout is not set for watch requests. etcd will not stop a watch request until client cancels it, or the connection is broken.
+
+#### Delete, Put, Post, QuorumGet requests
+
+The default timeout is 5 seconds. It should be large enough to allow all key modifications if the majority of cluster is functioning.
+
+If the request times out, it indicates two possibilities:
+
+1. the server the request sent to was not functioning at that time.
+2. the majority of the cluster is not functioning.
+
+If timeout happens several times continuously, administrators should check status of cluster and resolve it as soon as possible.
+
+### Best Practices
+
+#### Maximum OS threads
+
+By default, etcd uses the default configuration of the Go 1.4 runtime, which means that at most one operating system thread will be used to execute code simultaneously. (Note that this default behavior [has changed in Go 1.5][golang1.5-runtime]).
+
+When using etcd in heavy-load scenarios on machines with multiple cores it will usually be desirable to increase the number of threads that etcd can utilize. To do this, simply set the environment variable GOMAXPROCS to the desired number when starting etcd. For more information on this variable, see the [Go runtime documentation][golang-runtime].
+
+[add-a-member]: runtime-configuration.md#add-a-new-member
+[golang1.5-runtime]: https://golang.org/doc/go1.5#runtime
+[golang-memstats]: https://golang.org/pkg/runtime/#MemStats
+[golang-runtime]: https://golang.org/pkg/runtime
+[metrics]: metrics.md
+[prometheus]: http://prometheus.io/
+[remove-a-member]: runtime-configuration.md#remove-a-member
+[runtime-reconfig]: runtime-configuration.md#cluster-reconfiguration-operations
+[snap-pkg]: http://godoc.org/github.com/coreos/etcd/snap
+[update-a-member]: runtime-configuration.md#update-a-member
+[wal-pkg]: http://godoc.org/github.com/coreos/etcd/wal
--- a/Documentation/api.md
+++ b/Documentation/api.md
--- a/Documentation/api_v3.md
+++ b/Documentation/api_v3.md
@ -0,0 +1,92 @@
+# etcd3 API
+
+TODO: API doc
+
+## Data Model
+
+etcd is designed to reliably store infrequently updated data and provide reliable watch queries. etcd exposes previous versions of key-value pairs to support inexpensive snapshots and watch history events (“time travel queries”). A persistent, multi-version, concurrency-control data model is a good fit for these use cases.
+
+etcd stores data in a multiversion [persistent][persistent-ds] key-value store. The persistent key-value store preserves the previous version of a key-value pair when its value is superseded with new data. The key-value store is effectively immutable; its operations do not update the structure in-place, but instead always generates a new updated structure. All past versions of keys are still accessible and watchable after modification. To prevent the data store from growing indefinitely over time from maintaining old versions, the store may be compacted to shed the oldest versions of superseded data.
+
+### Logical View
+
+The store’s logical view is a flat binary key space. The key space has a lexically sorted index on byte string keys so range queries are inexpensive.
+
+The key space maintains multiple revisions. Each atomic mutative operation (e.g., a transaction operation may contain multiple operations) creates a new revision on the key space. All data held by previous revisions remains unchanged. Old versions of key can still be accessed through previous revisions. Likewise, revisions are indexed as well; ranging over revisions with watchers is efficient. If the store is compacted to recover space, revisions before the compact revision will be removed.
+
+A key’s lifetime spans a generation. Each key may have one or multiple generations. Creating a key increments the generation of that key, starting at 1 if the key never existed. Deleting a key generates a key tombstone, concluding the key’s current generation. Each modification of a key creates a new version of the key. Once a compaction happens, any generation ended before the given revision will be removed and values set before the compaction revision except the latest one will be removed.
+
+### Physical View
+
+etcd stores the physical data as key-value pairs in a persistent [b+tree][b+tree]. Each revision of the store’s state only contains the delta from its previous revision to be efficient. A single revision may correspond to multiple keys in the tree. 
+
+The key of key-value pair is a 3-tuple (major, sub, type). Major is the store revision holding the key. Sub differentiates among  keys within the same revision. Type is an optional suffix for special value (e.g., `t` if the value contains a tombstone). The value of the key-value pair contains the modification from previous revision, thus one delta from previous revision. The b+tree is ordered by key in lexical byte-order. Ranged lookups over revision deltas are fast; this enables quickly finding modifications from one specific revision to another. Compaction removes out-of-date keys-value pairs.
+
+etcd also keeps a secondary in-memory [btree][btree] index to speed up range queries over keys. The keys in the btree index are the keys of the store exposed to user. The value is a pointer to the modification of the persistent b+tree. Compaction removes dead pointers.
+
+## KV API Guarantees
+
+etcd is a consistent and durable key value store with mini-transaction(TODO: link to txn doc when we have it) support. The key value store is exposed through the KV APIs. etcd tries to ensure the strongest consistency and durability guarantees for a distributed system. This specification enumerates the KV API guarantees made by etcd.
+
+### APIs to consider
+
+* Read APIs
+    * range
+    * watch
+* Write APIs
+    * put
+    * delete
+* Combination (read-modify-write) APIs
+    * txn
+
+### etcd Specific Definitions
+
+#### operation completed
+
+An etcd operation is considered complete when it is committed through consensus, and therefore “executed” -- permanently stored -- by the etcd storage engine. The client knows an operation is completed when it receives a response from the etcd server. Note that the client may be uncertain about the status of an operation if it times out, or there is a network disruption between the client and the etcd member. etcd may also abort operations when there is a leader election. etcd does not send `abort` responses to  clients’ outstanding requests in this event.
+
+#### revision
+
+An etcd operation that modifies the key value store is assigned with a single increasing revision. A transaction operation might modifies the key value store multiple times, but only one revision is assigned. The revision attribute of a key value pair that modified by the operation has the same value as the revision of the operation. The revision can be used as a logical clock for key value store. A key value pair that has a larger revision is modified after a key value pair with a smaller revision. Two key value pairs that have the same revision are modified by an operation "concurrently".
+
+### Guarantees Provided
+
+#### Atomicity
+
+All API requests are atomic; an operation either completes entirely or not at all. For watch requests, all events generated by one operation will be in one watch response. Watch never observes partial events for a single operation.
+
+#### Consistency
+
+All API calls ensure [sequential consistency][seq_consistency], the strongest consistency guarantee available from distributed systems. No matter which etcd member server a client makes requests to, a client reads the same events in the same order. If two members complete the same number of operations, the state of the two members is consistent.
+
+For watch operations, etcd guarantees to return the same value for the same key across all members for the same revision. For range operations, etcd has a similar guarantee for [linearized][Linearizability] access; serialized access may be behind the quorum state, so that the later revision is not yet available.
+
+As with all distributed systems, it is impossible for etcd to ensure [strict consistency][strict_consistency]. etcd does not guarantee that it will return to a read the “most recent” value (as measured by a wall clock when a request is completed) available on any cluster member.
+
+#### Isolation
+
+etcd ensures [serializable isolation][serializable_isolation], which is the highest isolation level available in distributed systems. Read operations will never observe any intermediate data.
+
+#### Durability
+
+Any completed operations are durable. All accessible data is also durable data. A read will never return data that has not been made durable.
+
+#### Linearizability
+
+Linearizability (also known as Atomic Consistency or External Consistency) is a consistency level between strict consistency and sequential consistency. 
+
+For linearizability, suppose each operation receives a timestamp from a loosely synchronized global clock. Operations are linearized if and only if they always complete as though they were executed in a sequential order and each operation appears to complete in the order specified by the program. Likewise, if an operation’s timestamp precedes another, that operation must also precede the other operation in the sequence.
+
+For example, consider a client completing a write at time point 1 (*t1*). A client issuing a read at *t2* (for *t2* > *t1*) should receive a value at least as recent as the previous write, completed at *t1*. However, the read might actually complete only by *t3*, and the returned value, current at *t2* when the read began, might be "stale" by *t3*.
+
+etcd does not ensure linearizability for watch operations. Users are expected to verify the revision of watch responses to ensure correct ordering.
+
+etcd ensures linearizability for all other operations by default. Linearizability comes with a cost, however, because linearized requests must go through the Raft consensus process. To obtain lower latencies and higher throughput for read requests, clients can configure a request’s consistency mode to `serializable`, which may access stale data with respect to quorum, but removes the performance penalty of linearized accesses' reliance on live consensus.
+
+[persistent-ds]: [https://en.wikipedia.org/wiki/Persistent_data_structure]
+[btree]: [https://en.wikipedia.org/wiki/B-tree]
+[b+tree]: [https://en.wikipedia.org/wiki/B%2B_tree]
+[seq_consistency]: [https://en.wikipedia.org/wiki/Consistency_model#Sequential_consistency]
+[strict_consistency]: [https://en.wikipedia.org/wiki/Consistency_model#Strict_consistency]
+[serializable_isolation]: [https://en.wikipedia.org/wiki/Isolation_(database_systems)#Serializable]
+[Linearizability]: [#Linearizability]
--- a/Documentation/auth_api.md
+++ b/Documentation/auth_api.md
@ -0,0 +1,511 @@
+# v2 Auth and Security
+
+## etcd Resources 
+There are three types of resources in etcd
+
+1. permission resources: users and roles in the user store
+2. key-value resources: key-value pairs in the key-value store
+3. settings resources: security settings, auth settings, and dynamic etcd cluster settings (election/heartbeat)
+
+### Permission Resources 
+
+#### Users
+A user is an identity to be authenticated. Each user can have multiple roles. The user has a capability (such as reading or writing) on the resource if one of the roles has that capability.
+
+A user named `root` is required before authentication can be enabled, and it always has the ROOT role. The ROOT role can be granted to multiple users, but `root` is required for recovery purposes.
+
+#### Roles
+Each role has exact one associated Permission List. An permission list exists for each permission on key-value resources. 
+
+The special static ROOT (named `root`) role has a full permissions on all key-value resources, the permission to manage user resources and settings resources. Only the ROOT role has the permission to manage user resources and modify settings resources. The ROOT role is built-in and does not need to be created.
+
+There is also a special GUEST role, named 'guest'. These are the permissions given to unauthenticated requests to etcd. This role will be created automatically, and by default allows access to the full keyspace due to backward compatibility. (etcd did not previously authenticate any actions.). This role can be modified by a ROOT role holder at any time, to reduce the capabilities of unauthenticated users.
+
+#### Permissions
+
+There are two types of permissions, `read` and `write`. All management and settings require the ROOT role.
+
+A Permission List is a list of allowed patterns for that particular permission (read or write). Only ALLOW prefixes are supported. DENY becomes more complicated and is TBD.
+
+### Key-Value Resources
+A key-value resource is a key-value pairs in the store. Given a list of matching patterns, permission for any given key in a request is granted if any of the patterns in the list match.
+
+Only prefixes or exact keys are supported. A prefix permission string ends in `*`. 
+A permission on `/foo` is for that exact key or directory, not its children or recursively. `/foo*` is a prefix that matches `/foo` recursively, and all keys thereunder, and keys with that prefix (eg. `/foobar`. Contrast to the prefix `/foo/*`). `*` alone is permission on the full keyspace. 
+
+### Settings Resources
+
+Specific settings for the cluster as a whole. This can include adding and removing cluster members, enabling or disabling authentication, replacing certificates, and any other dynamic configuration by the administrator (holder of the ROOT role).
+
+## v2 Auth
+
+### Basic Auth
+We only support [Basic Auth][basic-auth] for the first version. Client needs to attach the basic auth to the HTTP Authorization Header.
+
+### Authorization field for operations
+Added to requests to /v2/keys, /v2/auth
+Add code 401 Unauthorized to the set of responses from the v2 API
+Authorization: Basic {encoded string}
+
+### Future Work
+Other types of auth can be considered for the future (eg, signed certs, public keys) but the `Authorization:` header allows for other such types
+
+### Things out of Scope for etcd Permissions
+
+* Pluggable AUTH backends like LDAP (other Authorization tokens generated by LDAP et al may be a possibility)
+* Very fine-grained access controls (eg: users modifying keys outside work hours)
+
+
+
+## API endpoints
+
+An Error JSON corresponds to:
+{
+  "name": "ErrErrorName",
+  "description" : "The longer helpful description of the error."
+}
+
+#### Enable and Disable Authentication
+        
+**Get auth status**
+
+GET  /v2/auth/enable
+
+    Sent Headers:
+    Possible Status Codes:
+        200 OK
+    200 Body:
+        {
+          "enabled": true
+        }
+
+
+**Enable auth**
+
+PUT  /v2/auth/enable
+
+    Sent Headers:
+    Put Body: (empty)
+    Possible Status Codes:
+        200 OK
+        400 Bad Request (if root user has not been created)
+        409 Conflict (already enabled)
+    200 Body: (empty)
+
+**Disable auth**
+
+DELETE  /v2/auth/enable
+
+    Sent Headers:
+        Authorization: Basic <RootAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized (if not a root user)
+        409 Conflict (already disabled)
+    200 Body: (empty)
+
+
+#### Users
+
+The User JSON object is formed as follows:
+
+```
+{
+  "user": "userName",
+  "password": "password",
+  "roles": [
+    "role1",
+    "role2"
+  ],
+  "grant": [],
+  "revoke": []
+}
+```
+
+Password is only passed when necessary.
+
+**Get a List of Users**
+
+GET/HEAD  /v2/auth/users
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized
+    200 Headers:
+        Content-type: application/json
+    200 Body:
+        {
+          "users": [
+            {
+              "user": "alice",
+              "roles": [
+                {
+                  "role": "root",
+                  "permissions": {
+                    "kv": {
+                      "read": ["/*"],
+                      "write": ["/*"]
+                    }
+                  }
+                }
+              ]
+            },
+            {
+              "user": "bob",
+              "roles": [
+                {
+                  "role": "guest",
+                  "permissions": {
+                    "kv": {
+                      "read": ["/*"],
+                      "write": ["/*"]
+                    }
+                  }
+                }
+              ]
+            }
+          ]
+        }
+
+**Get User Details**
+
+GET/HEAD  /v2/auth/users/alice
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized
+        404 Not Found
+    200 Headers:
+        Content-type: application/json
+    200 Body:
+        {
+          "user" : "alice",
+          "roles" : [
+            {
+              "role": "fleet",
+              "permissions" : {
+                "kv" : {
+                  "read": [ "/fleet/" ],
+                  "write": [ "/fleet/" ]
+                }
+              }
+            },
+            {
+              "role": "etcd",
+              "permissions" : {
+                "kv" : {
+                  "read": [ "/*" ],
+                  "write": [ "/*" ]
+                }
+              }
+            }
+          ]
+        }
+
+**Create Or Update A User**
+
+A user can be created with initial roles, if filled in. However, no roles are required; only the username and password fields
+
+PUT  /v2/auth/users/charlie
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Put Body:
+        JSON struct, above, matching the appropriate name 
+          * Starting password and roles when creating. 
+          * Grant/Revoke/Password filled in when updating (to grant roles, revoke roles, or change the password).
+    Possible Status Codes:
+        200 OK
+        201 Created
+        400 Bad Request
+        401 Unauthorized
+        404 Not Found (update non-existent users)
+        409 Conflict (when granting duplicated roles or revoking non-existent roles)
+    200 Headers:
+        Content-type: application/json
+    200 Body:
+        JSON state of the user
+
+**Remove A User**
+
+DELETE  /v2/auth/users/charlie
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized
+        403 Forbidden (remove root user when auth is enabled)
+        404 Not Found
+    200 Headers:
+    200 Body: (empty)
+
+#### Roles
+
+A full role structure may look like this. A Permission List structure is used for the "permissions", "grant", and "revoke" keys.
+```
+{
+  "role" : "fleet",
+  "permissions" : {
+    "kv" : {
+      "read" : [ "/fleet/" ],
+      "write": [ "/fleet/" ]
+    }
+  },
+  "grant" : {"kv": {...}},
+  "revoke": {"kv": {...}}
+}
+```
+
+**Get Role Details**
+
+GET/HEAD  /v2/auth/roles/fleet
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized
+        404 Not Found
+    200 Headers:
+        Content-type: application/json
+    200 Body:
+        {
+          "role" : "fleet",
+          "permissions" : {
+            "kv" : {
+              "read": [ "/fleet/" ],
+              "write": [ "/fleet/" ]
+            }
+          }
+        }
+
+**Get a list of Roles**
+
+GET/HEAD  /v2/auth/roles
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized
+    200 Headers:
+        Content-type: application/json
+    200 Body:
+        {
+          "roles": [
+            {
+              "role": "fleet",
+              "permissions": {
+                "kv": {
+                  "read": ["/fleet/"],
+                  "write": ["/fleet/"]
+                }
+              }
+            },
+            {
+              "role": "etcd",
+              "permissions": {
+                "kv": {
+                  "read": ["/*"],
+                  "write": ["/*"]
+                }
+              }
+            },
+            {
+              "role": "quay",
+              "permissions": {
+                "kv": {
+                  "read": ["/*"],
+                  "write": ["/*"]
+                }
+              }
+            }
+          ]
+        }
+
+**Create Or Update A Role**
+
+PUT  /v2/auth/roles/rkt
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Put Body:
+        Initial desired JSON state, including the role name for verification and:
+          * Starting permission set if creating
+          * Granted/Revoked permission set if updating
+    Possible Status Codes:
+        200 OK
+        201 Created
+        400 Bad Request
+        401 Unauthorized
+        404 Not Found (update non-existent roles)
+        409 Conflict (when granting duplicated permission or revoking non-existent permission)
+    200 Body: 
+        JSON state of the role
+
+**Remove A Role**
+
+DELETE  /v2/auth/roles/rkt
+
+    Sent Headers:
+        Authorization: Basic <BasicAuthString>
+    Possible Status Codes:
+        200 OK
+        401 Unauthorized
+        403 Forbidden (remove root)
+        404 Not Found
+    200 Headers:
+    200 Body: (empty)
+
+
+## Example Workflow
+
+Let's walk through an example to show two tenants (applications, in our case) using etcd permissions.
+
+### Create root role
+
+```
+PUT  /v2/auth/users/root
+    Put Body:
+        {"user" : "root", "password": "betterRootPW!"}
+```
+
+### Enable auth
+
+```
+PUT  /v2/auth/enable
+```
+
+### Modify guest role (revoke write permission)
+
+```
+PUT  /v2/auth/roles/guest
+    Headers:
+        Authorization: Basic <root:betterRootPW!>
+    Put Body:
+        {
+          "role" : "guest",
+          "revoke" : {
+            "kv" : {
+              "write": [
+                "/*"
+              ]
+            }
+          }
+        }
+```
+
+
+### Create Roles for the Applications
+
+Create the rkt role fully specified:
+
+```
+PUT /v2/auth/roles/rkt
+    Headers:
+        Authorization: Basic <root:betterRootPW!>
+    Body:
+        {
+          "role" : "rkt",
+          "permissions" : {
+            "kv": {
+              "read": [
+                "/rkt/*"
+              ],
+              "write": [
+                "/rkt/*"
+              ]
+            }
+          }
+        }
+```
+
+But let's make fleet just a basic role for now:
+
+```
+PUT /v2/auth/roles/fleet
+    Headers:
+      Authorization: Basic <root:betterRootPW!>
+    Body:
+        {
+          "role" : "fleet"
+        }
+```
+
+### Optional: Grant some permissions to the roles
+
+Well, we finally figured out where we want fleet to live. Let's fix it.
+(Note that we avoided this in the rkt case. So this step is optional.)
+
+
+```
+PUT /v2/auth/roles/fleet
+    Headers:
+        Authorization: Basic <root:betterRootPW!>
+    Put Body:
+        {
+          "role" : "fleet",
+          "grant" : {
+            "kv" : {
+              "read": [
+                "/rkt/fleet",
+                "/fleet/*"
+              ]
+            }
+          }
+        }
+```
+
+### Create Users
+
+Same as before, let's use rocket all at once and fleet separately
+
+```
+PUT /v2/auth/users/rktuser
+    Headers:
+        Authorization: Basic <root:betterRootPW!>
+    Body:
+        {"user" : "rktuser", "password" : "rktpw", "roles" : ["rkt"]}
+```
+
+```
+PUT /v2/auth/users/fleetuser
+    Headers:
+        Authorization: Basic <root:betterRootPW!>
+    Body:
+        {"user" : "fleetuser", "password" : "fleetpw"}
+```
+
+### Optional: Grant Roles to Users
+
+Likewise, let's explicitly grant fleetuser access.
+
+```
+PUT /v2/auth/users/fleetuser
+    Headers:
+        Authorization: Basic <root:betterRootPW!>
+    Body:
+        {"user": "fleetuser", "grant": ["fleet"]}
+```
+
+#### Start to use fleetuser and rktuser
+
+
+For example:
+
+```
+PUT /v2/keys/rkt/RktData
+    Headers:
+        Authorization: Basic <rktuser:rktpw>
+    Body:
+        value=launch
+```
+
+Reads and writes outside the prefixes granted will fail with a 401 Unauthorized.
+
+[basic-auth]: https://en.wikipedia.org/wiki/Basic_access_authentication
--- a/Documentation/authentication.md
+++ b/Documentation/authentication.md
@ -0,0 +1,180 @@
+# Authentication Guide
+
+## Overview
+
+Authentication -- having users and roles in etcd -- was added in etcd 2.1. This guide will help you set up basic authentication in etcd.
+
+etcd before 2.1 was a completely open system; anyone with access to the API could change keys. In order to preserve backward compatibility and upgradability, this feature is off by default.
+
+For a full discussion of the RESTful API, see [the authentication API documentation][auth-api]
+
+## Special Users and Roles
+
+There is one special user, `root`, and there are two special roles, `root` and `guest`.
+
+### User `root`
+
+User `root` must be created before security can be activated. It has the `root` role and allows for the changing of anything inside etcd. The idea behind the `root` user is for recovery purposes -- a password is generated and stored somewhere -- and the root role is granted to the administrator accounts on the system. In the future, for troubleshooting and recovery, we will need to assume some access to the system, and future documentation will assume this root user (though anyone with the role will suffice). 
+
+### Role `root`
+
+Role `root` cannot be modified, but it may be granted to any user. Having access via the root role not only allows global read-write access (as was the case before 2.1) but allows modification of the authentication policy and all administrative things, like modifying the cluster membership.
+
+### Role `guest`
+
+The `guest` role defines the permissions granted to any request that does not provide an authentication. This will be created on security activation (if it doesn't already exist) to have full access to all keys, as was true in etcd 2.0. It may be modified at any time, and cannot be removed.
+
+## Working with users
+
+The `user` subcommand for `etcdctl` handles all things having to do with user accounts.
+
+A listing of users can be found with
+
+```
+$ etcdctl user list
+```
+
+Creating a user is as easy as
+
+```
+$ etcdctl user add myusername
+```
+
+And there will be prompt for a new password.
+
+Roles can be granted and revoked for a user with
+
+```
+$ etcdctl user grant myusername -roles foo,bar,baz
+$ etcdctl user revoke myusername -roles bar,baz
+```
+
+We can look at this user with
+
+```
+$ etcdctl user get myusername
+```
+
+And the password for a user can be changed with
+
+```
+$ etcdctl user passwd myusername
+```
+
+Which will prompt again for a new password.
+
+To delete an account, there's always
+```
+$ etcdctl user remove myusername
+```
+
+
+## Working with roles
+
+The `role` subcommand for `etcdctl` handles all things having to do with access controls for particular roles, as were granted to individual users.
+
+A listing of roles can be found with
+
+```
+$ etcdctl role list
+```
+
+A new role can be created with
+
+```
+$ etcdctl role add myrolename
+```
+
+A role has no password; we are merely defining a new set of access rights.
+
+Roles are granted access to various parts of the keyspace, a single path at a time.
+
+Reading a path is simple; if the path ends in `*`, that key **and all keys prefixed with it**, are granted to holders of this role. If it does not end in `*`, only that key and that key alone is granted.
+
+Access can be granted as either read, write, or both, as in the following examples:
+
+```
+# Give read access to keys under the /foo directory
+$ etcdctl role grant myrolename -path '/foo/*' -read
+
+# Give write-only access to the key at /foo/bar
+$ etcdctl role grant myrolename -path '/foo/bar' -write
+
+# Give full access to keys under /pub
+$ etcdctl role grant myrolename -path '/pub/*' -readwrite
+```
+
+Beware that 
+
+```
+# Give full access to keys under /pub??
+$ etcdctl role grant myrolename -path '/pub*' -readwrite
+```
+
+Without the slash may include keys under `/publishing`, for example. To do both, grant `/pub` and `/pub/*`
+
+To see what's granted, we can look at the role at any time:
+
+```
+$ etcdctl role get myrolename
+```
+
+Revocation of permissions is done the same logical way:
+
+```
+$ etcdctl role revoke myrolename -path '/foo/bar' -write
+```
+
+As is removing a role entirely
+
+```
+$ etcdctl role remove myrolename
+```
+
+## Enabling authentication
+
+The minimal steps to enabling auth are as follows. The administrator can set up users and roles before or after enabling authentication, as a matter of preference. 
+
+Make sure the root user is created:
+
+```
+$ etcdctl user add root 
+New password:
+```
+
+And enable authentication
+
+```
+$ etcdctl auth enable
+```
+
+After this, etcd is running with authentication enabled. To disable it for any reason, use the reciprocal command:
+
+```
+$ etcdctl -u root:rootpw auth disable
+```
+
+It would also be good to check what guests (unauthenticated users) are allowed to do:
+```
+$ etcdctl -u root:rootpw role get guest
+```
+
+And modify this role appropriately, depending on your policies.
+
+## Using `etcdctl` to authenticate
+
+`etcdctl` supports a similar flag as `curl` for authentication.
+
+```
+$ etcdctl -u user:password get foo
+```
+
+or if you prefer to be prompted:
+
+```
+$ etcdctl -u user get foo
+```
+
+Otherwise, all `etcdctl` commands remain the same. Users and roles can still be created and modified, but require authentication by a user with the root role.
+
+[auth-api]: auth_api.md
--- a/Documentation/backward_compatibility.md
+++ b/Documentation/backward_compatibility.md
@ -0,0 +1,71 @@
+# Backward Compatibility
+
+The main goal of etcd 2.0 release is to improve cluster safety around bootstrapping and dynamic reconfiguration. To do this, we deprecated the old error-prone APIs and provide a new set of APIs.
+
+The other main focus of this release was a more reliable Raft implementation, but as this change is internal it should not have any notable effects to users.
+
+## Command Line Flags Changes
+
+The major flag changes are to mostly related to bootstrapping. The `initial-*` flags provide an improved way to specify the required criteria to start the cluster. The advertised URLs now support a list of values instead of a single value, which allows etcd users to gracefully migrate to the new set of IANA-assigned ports (2379/client and 2380/peers) while maintaining backward compatibility with the old ports.
+
+ - `-addr` is replaced by `-advertise-client-urls`.
+ - `-bind-addr` is replaced by `-listen-client-urls`.
+ - `-peer-addr` is replaced by `-initial-advertise-peer-urls`.
+ - `-peer-bind-addr` is replaced by `-listen-peer-urls`.
+ - `-peers` is replaced by `-initial-cluster`.
+ - `-peers-file` is replaced by `-initial-cluster`.
+ - `-peer-heartbeat-interval` is replaced by `-heartbeat-interval`.
+ - `-peer-election-timeout` is replaced by `-election-timeout`.
+
+The documentation of new command line flags can be found at
+https://github.com/coreos/etcd/blob/master/Documentation/configuration.md.
+
+## Data Directory Naming
+
+The default data dir location has changed from {$hostname}.etcd to {name}.etcd.
+
+## Key-Value API
+
+### Read consistency flag
+
+The consistent flag for read operations is removed in etcd 2.0.0. The normal read operations provides the same consistency guarantees with the 0.4.6 read operations with consistent flag set.
+
+The read consistency guarantees are:
+
+The consistent read guarantees the sequential consistency within one client that talks to one etcd server. Read/Write from one client to one etcd member should be observed in order. If one client write a value to an etcd server successfully, it should be able to get the value out of the server immediately. 
+
+Each etcd member will proxy the request to leader and only return the result to user after the result is applied on the local member. Thus after the write succeed, the user is guaranteed to see the value on the member it sent the request to.
+
+Reads do not provide linearizability. If you want linearizable read, you need to set quorum option to true.
+
+**Previous behavior**
+
+We added an option for a consistent read in the old version of etcd since etcd 0.x redirects the write request to the leader. When the user get back the result from the leader, the member it sent the request to originally might not apply the write request yet. With the consistent flag set to true, the client will always send read request to the leader. So one client should be able to see its last write when consistent=true is enabled. There is no order guarantees among different clients.
+
+
+## Standby
+
+etcd 0.4’s standby mode has been deprecated. [Proxy mode][proxymode] is introduced to solve a subset of problems standby was solving.
+
+Standby mode was intended for large clusters that had a subset of the members acting in the consensus process. Overall this process was too magical and allowed for operators to back themselves into a corner.
+
+Proxy mode in 2.0 will provide similar functionality, and with improved control over which machines act as proxies due to the operator specifically configuring them. Proxies also support read only or read/write modes for increased security and durability.
+
+[proxymode]: proxy.md
+
+## Discovery Service
+
+A size key needs to be provided inside a [discovery token][discoverytoken].
+[discoverytoken]: clustering.md#custom-etcd-discovery-service
+
+## HTTP Admin API
+
+`v2/admin` on peer url and `v2/keys/_etcd` are unified under the new [v2/members API][members-api] to better explain which machines are part of an etcd cluster, and to simplify the keyspace for all your use cases.
+
+[members-api]: members_api.md
+
+## HTTP Key Value API
+- The follower can now transparently proxy write requests to the leader. Clients will no longer see 307 redirections to the leader from etcd.
+
+- Expiration time is in UTC instead of local time.
+
--- a/Documentation/benchmarks/README.md
+++ b/Documentation/benchmarks/README.md
@ -0,0 +1,18 @@
+# Benchmarks
+
+etcd benchmarks will be published regularly and tracked for each release below:
+
+- [etcd v2.1.0-alpha][2.1]
+- [etcd v2.2.0-rc][2.2]
+- [etcd v3 demo][3.0]
+
+# Memory Usage Benchmarks
+
+It records expected memory usage in different scenarios.
+
+- [etcd v2.2.0-rc][2.2-mem]
+
+[2.1]: etcd-2-1-0-alpha-benchmarks.md
+[2.2]: etcd-2-2-0-rc-benchmarks.md
+[2.2-mem]: etcd-2-2-0-rc-memory-benchmarks.md
+[3.0]: etcd-3-demo-benchmarks.md
--- a/Documentation/benchmarks/etcd-2-1-0-alpha-benchmarks.md
+++ b/Documentation/benchmarks/etcd-2-1-0-alpha-benchmarks.md
@ -0,0 +1,52 @@
+## Physical machines
+
+GCE n1-highcpu-2 machine type
+
+- 1x dedicated local SSD mounted under /var/lib/etcd
+- 1x dedicated slow disk for the OS
+- 1.8 GB memory
+- 2x CPUs
+- etcd version 2.1.0 alpha
+
+## etcd Cluster
+
+3 etcd members, each runs on a single machine
+
+## Testing
+
+Bootstrap another machine and use the [boom HTTP benchmark tool][boom] to send requests to each etcd member. Check the [benchmark hacking guide][hack-benchmark] for detailed instructions.
+
+## Performance
+
+### reading one single key
+
+| key size in bytes | number of clients | target etcd server | read QPS | 90th Percentile Latency (ms) |
+|-------------------|-------------------|--------------------|----------|---------------|
+| 64                | 1                 | leader only        | 1534     | 0.7        |
+| 64                | 64                | leader only        | 10125    | 9.1      |
+| 64                | 256               | leader only        | 13892    | 27.1      |
+| 256               | 1                 | leader only        | 1530     | 0.8       |
+| 256               | 64                | leader only        | 10106    | 10.1      |
+| 256               | 256               | leader only        | 14667    | 27.0      |
+| 64                | 64                | all servers        | 24200    | 3.9      |
+| 64                | 256               | all servers        | 33300    | 11.8      |
+| 256               | 64                | all servers        | 24800    | 3.9      |
+| 256               | 256               | all servers        | 33000    | 11.5      |
+
+### writing one single key
+
+| key size in bytes | number of clients | target etcd server | write QPS | 90th Percentile Latency (ms) |
+|-------------------|-------------------|--------------------|-----------|---------------|
+| 64                | 1                 | leader only        | 60        | 21.4 |
+| 64                | 64                | leader only        | 1742      | 46.8 |
+| 64                | 256               | leader only        | 3982      | 90.5 |
+| 256               | 1                 | leader only        | 58        | 20.3 |
+| 256               | 64                | leader only        | 1770      | 47.8 |
+| 256               | 256               | leader only        | 4157      | 105.3 |
+| 64                | 64                | all servers        | 1028      | 123.4 |
+| 64                | 256               | all servers        | 3260      | 123.8 |
+| 256               | 64                | all servers        | 1033      | 121.5 |
+| 256               | 256               | all servers        | 3061      | 119.3 |
+
+[boom]: https://github.com/rakyll/boom
+[hack-benchmark]: /hack/benchmark/
--- a/Documentation/benchmarks/etcd-2-2-0-benchmarks.md
+++ b/Documentation/benchmarks/etcd-2-2-0-benchmarks.md
@ -0,0 +1,69 @@
+# Benchmarking etcd v2.2.0
+
+## Physical Machines
+
+GCE n1-highcpu-2 machine type
+
+- 1x dedicated local SSD mounted as etcd data directory
+- 1x dedicated slow disk for the OS
+- 1.8 GB memory
+- 2x CPUs
+
+## etcd Cluster
+
+3 etcd 2.2.0 members, each runs on a single machine.
+
+Detailed versions:
+
+```
+etcd Version: 2.2.0
+Git SHA: e4561dd
+Go Version: go1.5
+Go OS/Arch: linux/amd64
+```
+
+## Testing
+
+Bootstrap another machine, outside of the etcd cluster, and run the [`boom` HTTP benchmark tool](https://github.com/rakyll/boom) with a connection reuse patch to send requests to each etcd cluster member. See the [benchmark instructions](../../hack/benchmark/) for the patch and the steps to reproduce our procedures.
+
+The performance is calulated through results of 100 benchmark rounds.
+
+## Performance
+
+### Single Key Read Performance
+
+| key size in bytes | number of clients | target etcd server | average read QPS | read QPS stddev | average 90th Percentile Latency (ms) | latency stddev |
+|-------------------|-------------------|--------------------|------------------|-----------------|--------------------------------------|----------------|
+| 64 | 1 | leader only | 2303 | 200 | 0.49 | 0.06 |
+| 64 | 64 | leader only | 15048 | 685 | 7.60 | 0.46 |
+| 64 | 256 | leader only | 14508 | 434 | 29.76 | 1.05 |
+| 256 | 1 | leader only | 2162 | 214 | 0.52 | 0.06 |
+| 256 | 64 | leader only | 14789 | 792 | 7.69| 0.48 |
+| 256 | 256 | leader only | 14424 | 512 | 29.92 | 1.42 |
+| 64 | 64 | all servers | 45752 | 2048 | 2.47 | 0.14 |
+| 64 | 256 | all servers | 46592 | 1273 | 10.14 | 0.59 |
+| 256 | 64 | all servers | 45332 | 1847 | 2.48| 0.12 |
+| 256 | 256 | all servers | 46485 | 1340 | 10.18 | 0.74 |
+
+### Single Key Write Performance
+
+| key size in bytes | number of clients | target etcd server | average write QPS | write QPS stddev | average 90th Percentile Latency (ms) | latency stddev |
+|-------------------|-------------------|--------------------|------------------|-----------------|--------------------------------------|----------------|
+| 64 | 1 | leader only | 55 | 4 | 24.51 | 13.26 |
+| 64 | 64 | leader only | 2139 | 125 | 35.23 | 3.40 |
+| 64 | 256 | leader only | 4581 | 581 | 70.53 | 10.22 |
+| 256 | 1 | leader only | 56 | 4 | 22.37| 4.33 |
+| 256 | 64 | leader only | 2052 | 151 | 36.83 | 4.20 |
+| 256 | 256 | leader only | 4442 | 560 | 71.59 | 10.03 |
+| 64 | 64 | all servers | 1625 | 85 | 58.51 | 5.14 |
+| 64 | 256 | all servers | 4461 | 298 | 89.47 | 36.48 |
+| 256 | 64 | all servers | 1599 | 94 | 60.11| 6.43 |
+| 256 | 256 | all servers | 4315 | 193 | 88.98 | 7.01 |
+
+## Performance Changes
+
+- Because etcd now records metrics for each API call, read QPS performance seems to see a minor decrease in most scenarios. This minimal performance impact was judged a reasonable investment for the breadth of monitoring and debugging information returned.
+
+- Write QPS to cluster leaders seems to be increased by a small margin. This is because the main loop and entry apply loops were decoupled in the etcd raft logic, eliminating several blocks between them.
+
+- Write QPS to all members seems to be increased by a significant margin, because followers now receive the latest commit index sooner, and commit proposals more quickly.
--- a/Documentation/benchmarks/etcd-2-2-0-rc-benchmarks.md
+++ b/Documentation/benchmarks/etcd-2-2-0-rc-benchmarks.md
@ -0,0 +1,72 @@
+## Physical machines
+
+GCE n1-highcpu-2 machine type
+
+- 1x dedicated local SSD mounted under /var/lib/etcd
+- 1x dedicated slow disk for the OS
+- 1.8 GB memory
+- 2x CPUs
+
+## etcd Cluster
+
+3 etcd 2.2.0-rc members, each runs on a single machine.
+
+Detailed versions:
+
+```
+etcd Version: 2.2.0-alpha.1+git
+Git SHA: 59a5a7e
+Go Version: go1.4.2
+Go OS/Arch: linux/amd64
+```
+
+Also, we use 3 etcd 2.1.0 alpha-stage members to form cluster to get base performance. etcd's commit head is at [c7146bd5][c7146bd5], which is the same as the one that we use in [etcd 2.1 benchmark][etcd-2.1-benchmark].
+
+## Testing
+
+Bootstrap another machine and use the [boom HTTP benchmark tool][boom] to send requests to each etcd member. Check the [benchmark hacking guide][hack-benchmark] for detailed instructions.
+
+## Performance
+
+### reading one single key
+
+| key size in bytes | number of clients | target etcd server | read QPS | 90th Percentile Latency (ms) |
+|-------------------|-------------------|--------------------|----------|---------------|
+| 64                | 1                 | leader only        | 2804 (-5%) | 0.4 (+0%) |
+| 64                | 64                | leader only        | 17816 (+0%) | 5.7 (-6%) |
+| 64                | 256               | leader only        | 18667 (-6%) | 20.4 (+2%) |
+| 256               | 1                 | leader only        | 2181 (-15%) | 0.5 (+25%) |
+| 256               | 64                | leader only        | 17435 (-7%) | 6.0 (+9%) |
+| 256               | 256               | leader only        | 18180 (-8%) | 21.3 (+3%) |
+| 64                | 64                | all servers        | 46965 (-4%) | 2.1 (+0%) |
+| 64                | 256               | all servers        | 55286 (-6%) | 7.4 (+6%) |
+| 256               | 64                | all servers        | 46603 (-6%) | 2.1 (+5%) |
+| 256               | 256               | all servers        | 55291 (-6%) | 7.3 (+4%) |
+
+### writing one single key
+
+| key size in bytes | number of clients | target etcd server | write QPS | 90th Percentile Latency (ms) |
+|-------------------|-------------------|--------------------|-----------|---------------|
+| 64                | 1                 | leader only        | 76 (+22%)  | 19.4 (-15%) |
+| 64                | 64                | leader only        | 2461 (+45%) | 31.8 (-32%) |
+| 64                | 256               | leader only        | 4275 (+1%) | 69.6 (-10%) |
+| 256               | 1                 | leader only        | 64 (+20%)  | 16.7 (-30%) |
+| 256               | 64                | leader only        | 2385 (+30%) | 31.5 (-19%) |
+| 256               | 256               | leader only        | 4353 (-3%) | 74.0 (+9%) |
+| 64                | 64                | all servers        | 2005 (+81%) | 49.8 (-55%) |
+| 64                | 256               | all servers        | 4868 (+35%) | 81.5 (-40%) |
+| 256               | 64                | all servers        | 1925 (+72%) | 47.7 (-59%) |
+| 256               | 256               | all servers        | 4975 (+36%) | 70.3 (-36%) |
+
+### performance changes explanation
+
+- read QPS in most scenarios is decreased by 5~8%. The reason is that etcd records store metrics for each store operation. The metrics is important for monitoring and debugging, so this is acceptable.
+
+- write QPS to leader is increased by 20~30%. This is because we decouple raft main loop and entry apply loop, which avoids them blocking each other.
+
+- write QPS to all servers is increased by 30~80% because follower could receive latest commit index earlier and commit proposals faster.
+
+[boom]: https://github.com/rakyll/boom
+[c7146bd5]: https://github.com/coreos/etcd/commits/c7146bd5f2c73716091262edc638401bb8229144
+[etcd-2.1-benchmark]: etcd-2-1-0-alpha-benchmarks.md
+[hack-benchmark]: /hack/benchmark/
--- a/Documentation/benchmarks/etcd-2-2-0-rc-memory-benchmarks.md
+++ b/Documentation/benchmarks/etcd-2-2-0-rc-memory-benchmarks.md
@ -0,0 +1,47 @@
+## Physical machine
+
+GCE n1-standard-2 machine type
+
+- 1x dedicated local SSD mounted under /var/lib/etcd
+- 1x dedicated slow disk for the OS
+- 7.5 GB memory
+- 2x CPUs
+
+## etcd
+
+```
+etcd Version: 2.2.0-rc.0+git
+Git SHA: 103cb5c
+Go Version: go1.5
+Go OS/Arch: linux/amd64
+```
+
+## Testing
+
+Start 3-member etcd cluster, each of which uses 2 cores.
+
+The length of key name is always 64 bytes, which is a reasonable length of average key bytes.
+
+## Memory Maximal Usage
+
+- etcd may use maximal memory if one follower is dead and the leader keeps sending snapshots.
+- `max RSS` is the maximal memory usage recorded in 3 runs.
+
+| value bytes | key number  | data size(MB) | max RSS(MB) | max RSS/data rate on leader |
+|-------------|-------------|---------------|-------------|-----------------------------|
+| 128  | 50000  | 6 | 433 | 72x |
+| 128  | 100000 | 12 | 659 | 54x |
+| 128  | 200000 | 24 | 1466 | 61x |
+| 1024 | 50000  | 48 | 1253 | 26x |
+| 1024 | 100000 | 96 | 2344 | 24x |
+| 1024 | 200000 | 192 | 4361 | 22x |
+
+## Data Size Threshold
+
+- When etcd reaches data size threshold, it may trigger leader election easily and drop part of proposals.
+- At most cases, etcd cluster should work smoothly if it doesn't hit the threshold. If it doesn't work well due to insufficient resources, you need to decrease its data size.
+
+| value bytes | key number limitation | suggested data size threshold(MB) | consumed RSS(MB) |
+|-------------|-----------------------|-----------------------------------|------------------|
+| 128 | 400K | 48 | 2400 |
+| 1024 | 300K | 292 | 6500 |
--- a/Documentation/benchmarks/etcd-3-demo-benchmarks.md
+++ b/Documentation/benchmarks/etcd-3-demo-benchmarks.md
@ -0,0 +1,42 @@
+## Physical machines
+
+GCE n1-highcpu-2 machine type
+
+- 1x dedicated local SSD mounted under /var/lib/etcd
+- 1x dedicated slow disk for the OS
+- 1.8 GB memory
+- 2x CPUs
+- etcd version 2.2.0
+
+## etcd Cluster
+
+1 etcd member running in v3 demo mode
+
+## Testing
+
+Use [etcd v3 benchmark tool][etcd-v3-benchmark].
+
+## Performance
+
+### reading one single key
+
+| key size in bytes | number of clients | read QPS | 90th Percentile Latency (ms) |
+|-------------------|-------------------|----------|---------------|
+| 256               | 1                 | 2716  | 0.4      |
+| 256               | 64                | 16623 | 6.1      |
+| 256               | 256               | 16622 | 21.7     |
+
+The performance is nearly the same as the one with empty server handler.
+
+### reading one single key after putting
+
+| key size in bytes | number of clients | read QPS | 90th Percentile Latency (ms) |
+|-------------------|-------------------|----------|---------------|
+| 256               | 1                 | 2269  | 0.5      |
+| 256               | 64                | 13582 | 8.6      |
+| 256               | 256               | 13262 | 47.5     |
+
+The performance with empty server handler is not affected by one put. So the
+performance downgrade should be caused by storage package.
+
+[etcd-v3-benchmark]: /tools/benchmark/
--- a/Documentation/benchmarks/etcd-3-watch-memory-benchmark.md
+++ b/Documentation/benchmarks/etcd-3-watch-memory-benchmark.md
@ -0,0 +1,77 @@
+# Watch Memory Usage Benchmark
+
+*NOTE*: The watch features are under active development, and their memory usage may change as that development progresses. We do not expect it to significantly increase beyond the figures stated below.
+
+A primary goal of etcd is supporting a very large number of watchers doing a massively large amount of watching. etcd aims to support O(10k) clients, O(100K) watch streams (O(10) streams per client) and O(10M) total watchings (O(100) watching per stream). The memory consumed by each individual watching accounts for the largest portion of etcd's overall usage, and is therefore the focus of current and future optimizations.
+
+
+Three related components of etcd watch consume physical memory: each `grpc.Conn`, each watch stream, and each instance of the watching activity. `grpc.Conn` maintains the actual TCP connection and other gRPC connection state. Each `grpc.Conn` consumes O(10kb) of memory, and might have multiple watch streams attached. 
+
+Each watch stream is an independent HTTP2 connection which consumes another O(10kb) of memory. 
+Multiple watchings might share one watch stream. 
+
+Watching is the actual struct that tracks the changes on the key-value store. Each watching should only consume < O(1kb).
+
+```
+                                          +-------+
+                                          | watch |
+                              +---------> | foo   |
+                              |           +-------+
+                       +------+-----+
+                       |   stream   |
+      +--------------> |            |
+      |                +------+-----+     +-------+
+      |                       |           | watch |
+      |                       +---------> | bar   |
+-----+------+                            +-------+
+|            |         +------------+
+|   conn     +-------> |   stream   |
+|            |         |            |
+-----+------+         +------------+
+      |
+      |
+      |
+      |                +------------+
+      +--------------> |   stream   |
+                       |            |
+                       +------------+
+```
+
+The theoretical memory consumption of watch can be approximated with the formula:
+`memory = c1 * number_of_conn + c2 * avg_number_of_stream_per_conn + c3 * avg_number_of_watch_stream`
+
+## Testing Environment
+
+etcd version
+- git head https://github.com/coreos/etcd/commit/185097ffaa627b909007e772c175e8fefac17af3
+
+GCE n1-standard-2 machine type
+- 7.5 GB memory
+- 2x CPUs
+
+## Overall memory usage
+
+The overall memory usage captures how much [RSS][rss] etcd consumes with the client watchers. While the result may vary by as much as 10%, it is still meaningful, since the goal is to learn about the rough memory usage and the pattern of allocations.
+
+With the benchmark result, we can calculate roughly that `c1 = 17kb`, `c2 = 18kb` and `c3 = 350bytes`. So each additional client connection consumes 17kb of memory and each additional stream consumes 18kb of memory, and each additional watching only cause 350bytes. A single etcd server can maintain millions of watchings with a few GB of memory in normal case.
+
+
+| clients | streams per client | watchings per stream | total watching | memory usage |
+|---------|---------|-----------|----------------|--------------|
+| 1k |  1 |   1 |   1k |   50MB |
+| 2k |  1 |   1 |   2k |   90MB |
+| 5k |  1 |   1 |   5k |  200MB |
+| 1k | 10 |   1 |  10k |  217MB |
+| 2k | 10 |   1 |  20k |  417MB |
+| 5k | 10 |   1 |  50k |  980MB |
+| 1k | 50 |   1 |  50k | 1001MB |
+| 2k | 50 |   1 | 100k | 1960MB |
+| 5k | 50 |   1 | 250k | 4700MB |
+| 1k | 50 |  10 | 500k | 1171MB |
+| 2k | 50 |  10 |   1M | 2371MB |
+| 5k | 50 |  10 | 2.5M | 5710MB |
+| 1k | 50 | 100 |   5M | 2380MB |
+| 2k | 50 | 100 |  10M | 4672MB |
+| 5k | 50 | 100 |  50M |  *OOM* |
+
+[rss]: https://en.wikipedia.org/wiki/Resident_set_size
--- a/Documentation/benchmarks/etcd-storage-memory-benchmark.md
+++ b/Documentation/benchmarks/etcd-storage-memory-benchmark.md
@ -0,0 +1,98 @@
+# Storage Memory Usage Benchmark
+
+<!---todo: link storage to storage design doc-->
+Two components of etcd storage consume physical memory. The etcd process allocates an *in-memory index* to speed key lookup. The process's *page cache*, managed by the operating system, stores recently-accessed data from disk for quick re-use.
+
+The in-memory index holds all the keys in a [B-tree][btree] data structure, along with pointers to the on-disk data (the values). Each key in the B-tree may contain multiple pointers, pointing to different versions of its values. The theoretical memory consumption of the in-memory index can hence be approximated with the formula:
+
+`N * (c1 + avg_key_size) + N * (avg_versions_of_key) * (c2 + size_of_pointer)`
+
+where `c1` is the key metadata overhead and `c2` is the version metadata overhead.
+
+The graph shows the detailed structure of the in-memory index B-tree.
+
+```
+
+
+                                In mem index
+
+                               +------------+
+                               | key || ... |
+  +--------------+             |     ||     |
+  |              |             +------------+
+  |              |             | v1  || ... |
+  |   disk    <----------------|     ||     | Tree Node
+  |              |             +------------+
+  |              |             | v2  || ... |
+  |           <----------------+     ||     |
+  |              |             +------------+
+  +--------------+       +-----+    |   |   |
+                         |     |    |   |   |
+                         |     +------------+
+                         |
+                         |
+                         ^
+                      ------+
+                      | ... |
+                      |     |
+                      +-----+
+                      | ... | Tree Node
+                      |     |
+                      +-----+
+                      | ... |
+                      |     |
+                      ------+
+```
+
+[Page cache memory][pagecache] is managed by the operating system and is not covered in detail in this document.
+
+## Testing Environment
+
+etcd version
+- git head https://github.com/coreos/etcd/commit/776e9fb7be7eee5e6b58ab977c8887b4fe4d48db
+
+GCE n1-standard-2 machine type
+
+- 7.5 GB memory
+- 2x CPUs
+
+## In-memory index memory usage
+
+In this test, we only benchmark the memory usage of the in-memory index. The goal is to find `c1` and `c2` mentioned above and to understand the hard limit of memory consumption of the storage.
+
+We calculate the memory usage consumption via the Go runtime.ReadMemStats. We calculate the total allocated bytes difference before creating the index and after creating the index. It cannot perfectly reflect the memory usage of the in-memory index itself but can show the rough consumption pattern. 
+
+| N    | versions | key size | memory usage |
+|------|----------|----------|--------------|
+| 100K | 1        | 64bytes  | 22MB         |
+| 100K | 5        | 64bytes  | 39MB         |
+| 1M   | 1        | 64bytes  | 218MB        |
+| 1M   | 5        | 64bytes  | 432MB        |
+| 100K | 1        | 256bytes | 41MB         |
+| 100K | 5        | 256bytes | 65MB         |
+| 1M   | 1        | 256bytes | 409MB        |
+| 1M   | 5        | 256bytes | 506MB        |
+
+
+Based on the result, we can calculate `c1=120bytes`, `c2=30bytes`. We only need two sets of data to calculate `c1` and `c2`, since they are the only unknown variable in the formula. The `c1=120bytes` and `c2=30bytes` are the average value of the 4 sets of `c1` and `c2` we calculated. The key metadata overhead is still relatively nontrivial (50%) for small key-value pairs. However, this is a significant improvement over the old store, which had at least 1000% overhead.
+
+## Overall memory usage
+
+The overall memory usage captures how much RSS etcd consumes with the storage. The value size should have very little impact on the overall memory usage of etcd, since we keep values on disk and only retain hot values in memory, managed by the OS page cache.
+
+| N    | versions | key size | value size | memory usage |
+|------|----------|----------|------------|--------------|
+| 100K | 1        | 64bytes  | 256bytes   | 40MB         |
+| 100K | 5        | 64bytes  | 256bytes   | 89MB         |
+| 1M   | 1        | 64bytes  | 256bytes   | 470MB        |
+| 1M   | 5        | 64bytes  | 256bytes   | 880MB        |
+| 100K | 1        | 64bytes  | 1KB        | 102MB        |
+| 100K | 5        | 64bytes  | 1KB        | 164MB        |
+| 1M   | 1        | 64bytes  | 1KB        | 587MB        |
+| 1M   | 5        | 64bytes  | 1KB        | 836MB        |
+
+Based on the result, we know the value size does not significantly impact the memory consumption. There is some minor increase due to more data held in the OS page cache.
+
+[btree]: https://en.wikipedia.org/wiki/B-tree
+[pagecache]: https://en.wikipedia.org/wiki/Page_cache
+
--- a/Documentation/branch_management.md
+++ b/Documentation/branch_management.md
@ -0,0 +1,26 @@
+# Branch Management
+
+## Guide
+
+* New development occurs on the [master branch][master].
+* Master branch should always have a green build!
+* Backwards-compatible bug fixes should target the master branch and subsequently be ported to stable branches.
+* Once the master branch is ready for release, it will be tagged and become the new stable branch.
+
+The etcd team has adopted a *rolling release model* and supports one stable version of etcd.
+
+### Master branch
+
+The `master` branch is our development branch. All new features land here first.
+
+If you want to try new features, pull `master` and play with it. Note that `master` may not be stable because new features may introduce bugs.
+
+Before the release of the next stable version, feature PRs will be frozen. We will focus on the testing, bug-fix and documentation for one to two weeks.
+
+### Stable branches
+
+All branches with prefix `release-` are considered _stable_ branches.
+
+After every minor release (http://semver.org/), we will have a new stable branch for that release. We will keep fixing the backwards-compatible bugs for the latest stable release, but not previous releases. The _patch_ release, incorporating any bug fixes, will be once every two weeks, given any patches.
+
+[master]: https://github.com/coreos/etcd/tree/master
--- a/Documentation/clustering.md
+++ b/Documentation/clustering.md
@ -0,0 +1,434 @@
+# Clustering Guide
+
+## Overview
+
+Starting an etcd cluster statically requires that each member knows another in the cluster. In a number of cases, you might not know the IPs of your cluster members ahead of time. In these cases, you can bootstrap an etcd cluster with the help of a discovery service.
+
+Once an etcd cluster is up and running, adding or removing members is done via [runtime reconfiguration][runtime-conf]. To better understand the design behind runtime reconfiguration, we suggest you read [the runtime configuration design document][runtime-reconf-design].
+
+This guide will cover the following mechanisms for bootstrapping an etcd cluster:
+
+* [Static](#static)
+* [etcd Discovery](#etcd-discovery)
+* [DNS Discovery](#dns-discovery)
+
+Each of the bootstrapping mechanisms will be used to create a three machine etcd cluster with the following details:
+
+|Name|Address|Hostname|
+|------|---------|------------------|
+|infra0|10.0.1.10|infra0.example.com|
+|infra1|10.0.1.11|infra1.example.com|
+|infra2|10.0.1.12|infra2.example.com|
+
+## Static
+
+As we know the cluster members, their addresses and the size of the cluster before starting, we can use an offline bootstrap configuration by setting the `initial-cluster` flag. Each machine will get either the following command line or environment variables:
+
+```
+ETCD_INITIAL_CLUSTER="infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380"
+ETCD_INITIAL_CLUSTER_STATE=new
+```
+
+```
+--initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380 \
+--initial-cluster-state new
+```
+
+Note that the URLs specified in `initial-cluster` are the _advertised peer URLs_, i.e. they should match the value of `initial-advertise-peer-urls` on the respective nodes.
+
+If you are spinning up multiple clusters (or creating and destroying a single cluster) with same configuration for testing purpose, it is highly recommended that you specify a unique `initial-cluster-token` for the different clusters. By doing this, etcd can generate unique cluster IDs and member IDs for the clusters even if they otherwise have the exact same configuration. This can protect you from cross-cluster-interaction, which might corrupt your clusters.
+
+etcd listens on [`listen-client-urls`][conf-listen-client] to accept client traffic. etcd member advertises the URLs specified in [`advertise-client-urls`][conf-adv-client] to other members, proxies, clients. Please make sure the `advertise-client-urls` are reachable from intended clients. A common mistake is setting `advertise-client-urls` to localhost or leave it as default when you want the remote clients to reach etcd.
+
+On each machine you would start etcd with these flags:
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://10.0.1.10:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --initial-cluster-token etcd-cluster-1 \
+  --initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380 \
+  --initial-cluster-state new
+```
+```
+$ etcd --name infra1 --initial-advertise-peer-urls http://10.0.1.11:2380 \
+  --listen-peer-urls http://10.0.1.11:2380 \
+  --listen-client-urls http://10.0.1.11:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.11:2379 \
+  --initial-cluster-token etcd-cluster-1 \
+  --initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380 \
+  --initial-cluster-state new
+```
+```
+$ etcd --name infra2 --initial-advertise-peer-urls http://10.0.1.12:2380 \
+  --listen-peer-urls http://10.0.1.12:2380 \
+  --listen-client-urls http://10.0.1.12:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.12:2379 \
+  --initial-cluster-token etcd-cluster-1 \
+  --initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380 \
+  --initial-cluster-state new
+```
+
+The command line parameters starting with `--initial-cluster` will be ignored on subsequent runs of etcd. You are free to remove the environment variables or command line flags after the initial bootstrap process. If you need to make changes to the configuration later (for example, adding or removing members to/from the cluster), see the [runtime configuration][runtime-conf] guide.
+
+### Error Cases
+
+In the following example, we have not included our new host in the list of enumerated nodes. If this is a new cluster, the node _must_ be added to the list of initial cluster members.
+
+```
+$ etcd --name infra1 --initial-advertise-peer-urls http://10.0.1.11:2380 \
+  --listen-peer-urls https://10.0.1.11:2380 \
+  --listen-client-urls http://10.0.1.11:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.11:2379 \
+  --initial-cluster infra0=http://10.0.1.10:2380 \
+  --initial-cluster-state new
+etcd: infra1 not listed in the initial cluster config
+exit 1
+```
+
+In this example, we are attempting to map a node (infra0) on a different address (127.0.0.1:2380) than its enumerated address in the cluster list (10.0.1.10:2380). If this node is to listen on multiple addresses, all addresses _must_ be reflected in the "initial-cluster" configuration directive.
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://127.0.0.1:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380 \
+  --initial-cluster-state=new
+etcd: error setting up initial cluster: infra0 has different advertised URLs in the cluster and advertised peer URLs list
+exit 1
+```
+
+If you configure a peer with a different set of configuration and attempt to join this cluster you will get a cluster ID mismatch and etcd will exit.
+
+```
+$ etcd --name infra3 --initial-advertise-peer-urls http://10.0.1.13:2380 \
+  --listen-peer-urls http://10.0.1.13:2380 \
+  --listen-client-urls http://10.0.1.13:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.13:2379 \
+  --initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra3=http://10.0.1.13:2380 \
+  --initial-cluster-state=new
+etcd: conflicting cluster ID to the target cluster (c6ab534d07e8fcc4 != bc25ea2a74fb18b0). Exiting.
+exit 1
+```
+
+## Discovery
+
+In a number of cases, you might not know the IPs of your cluster peers ahead of time. This is common when utilizing cloud providers or when your network uses DHCP. In these cases, rather than specifying a static configuration, you can use an existing etcd cluster to bootstrap a new one. We call this process "discovery".
+
+There two methods that can be used for discovery:
+
+* etcd discovery service
+* DNS SRV records
+
+### etcd Discovery
+
+To better understand the design about discovery service protocol, we suggest you read [this][discovery-proto].
+
+#### Lifetime of a Discovery URL
+
+A discovery URL identifies a unique etcd cluster. Instead of reusing a discovery URL, you should always create discovery URLs for new clusters.
+
+Moreover, discovery URLs should ONLY be used for the initial bootstrapping of a cluster. To change cluster membership after the cluster is already running, see the [runtime reconfiguration][runtime-conf] guide.
+
+#### Custom etcd Discovery Service
+
+Discovery uses an existing cluster to bootstrap itself. If you are using your own etcd cluster you can create a URL like so:
+
+```
+$ curl -X PUT https://myetcd.local/v2/keys/discovery/6c007a14875d53d9bf0ef5a6fc0257c817f0fb83/_config/size -d value=3
+```
+
+By setting the size key to the URL, you create a discovery URL with an expected cluster size of 3.
+
+If you bootstrap an etcd cluster using discovery service with more than the expected number of etcd members, the extra etcd processes will [fall back][fall-back] to being [proxies][proxy] by default.
+
+The URL you will use in this case will be `https://myetcd.local/v2/keys/discovery/6c007a14875d53d9bf0ef5a6fc0257c817f0fb83` and the etcd members will use the `https://myetcd.local/v2/keys/discovery/6c007a14875d53d9bf0ef5a6fc0257c817f0fb83` directory for registration as they start.
+
+**Each member must have a different name flag specified. `Hostname` or `machine-id` can be a good choice. Or discovery will fail due to duplicated name.**
+
+Now we start etcd with those relevant flags for each member:
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://10.0.1.10:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --discovery https://myetcd.local/v2/keys/discovery/6c007a14875d53d9bf0ef5a6fc0257c817f0fb83
+```
+```
+$ etcd --name infra1 --initial-advertise-peer-urls http://10.0.1.11:2380 \
+  --listen-peer-urls http://10.0.1.11:2380 \
+  --listen-client-urls http://10.0.1.11:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.11:2379 \
+  --discovery https://myetcd.local/v2/keys/discovery/6c007a14875d53d9bf0ef5a6fc0257c817f0fb83
+```
+```
+$ etcd --name infra2 --initial-advertise-peer-urls http://10.0.1.12:2380 \
+  --listen-peer-urls http://10.0.1.12:2380 \
+  --listen-client-urls http://10.0.1.12:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.12:2379 \
+  --discovery https://myetcd.local/v2/keys/discovery/6c007a14875d53d9bf0ef5a6fc0257c817f0fb83
+```
+
+This will cause each member to register itself with the custom etcd discovery service and begin the cluster once all machines have been registered.
+
+#### Public etcd Discovery Service
+
+If you do not have access to an existing cluster, you can use the public discovery service hosted at `discovery.etcd.io`.  You can create a private discovery URL using the "new" endpoint like so:
+
+```
+$ curl https://discovery.etcd.io/new?size=3
+https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+```
+
+This will create the cluster with an initial expected size of 3 members. If you do not specify a size, a default of 3 will be used.
+
+If you bootstrap an etcd cluster using discovery service with more than the expected number of etcd members, the extra etcd processes will [fall back][fall-back] to being [proxies][proxy] by default.
+
+```
+ETCD_DISCOVERY=https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+```
+
+```
+-discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+```
+
+**Each member must have a different name flag specified. `Hostname` or `machine-id` can be a good choice. Or discovery will fail due to duplicated name.**
+
+Now we start etcd with those relevant flags for each member:
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://10.0.1.10:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+```
+```
+$ etcd --name infra1 --initial-advertise-peer-urls http://10.0.1.11:2380 \
+  --listen-peer-urls http://10.0.1.11:2380 \
+  --listen-client-urls http://10.0.1.11:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.11:2379 \
+  --discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+```
+```
+$ etcd --name infra2 --initial-advertise-peer-urls http://10.0.1.12:2380 \
+  --listen-peer-urls http://10.0.1.12:2380 \
+  --listen-client-urls http://10.0.1.12:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.12:2379 \
+  --discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+```
+
+This will cause each member to register itself with the discovery service and begin the cluster once all members have been registered.
+
+You can use the environment variable `ETCD_DISCOVERY_PROXY` to cause etcd to use an HTTP proxy to connect to the discovery service.
+
+#### Error and Warning Cases
+
+##### Discovery Server Errors
+
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://10.0.1.10:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+etcd: error: the cluster doesn’t have a size configuration value in https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de/_config
+exit 1
+```
+
+##### User Errors
+
+This error will occur if the discovery cluster already has the configured number of members, and `discovery-fallback` is explicitly disabled
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://10.0.1.10:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de \
+  --discovery-fallback exit
+etcd: discovery: cluster is full
+exit 1
+```
+
+##### Warnings
+
+This is a harmless warning notifying you that the discovery URL will be
+ignored on this machine.
+
+```
+$ etcd --name infra0 --initial-advertise-peer-urls http://10.0.1.10:2380 \
+  --listen-peer-urls http://10.0.1.10:2380 \
+  --listen-client-urls http://10.0.1.10:2379,http://127.0.0.1:2379 \
+  --advertise-client-urls http://10.0.1.10:2379 \
+  --discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de
+etcdserver: discovery token ignored since a cluster has already been initialized. Valid log found at /var/lib/etcd
+```
+
+### DNS Discovery
+
+DNS [SRV records][rfc-srv] can be used as a discovery mechanism.
+The `-discovery-srv` flag can be used to set the DNS domain name where the discovery SRV records can be found.
+The following DNS SRV records are looked up in the listed order:
+
+* _etcd-server-ssl._tcp.example.com
+* _etcd-server._tcp.example.com
+
+If `_etcd-server-ssl._tcp.example.com` is found then etcd will attempt the bootstrapping process over SSL.
+
+To help clients discover the etcd cluster, the following DNS SRV records are looked up in the listed order:
+
+* _etcd-client._tcp.example.com
+* _etcd-client-ssl._tcp.example.com
+
+If `_etcd-client-ssl._tcp.example.com` is found, clients will attempt to communicate with the etcd cluster over SSL.
+
+#### Create DNS SRV records
+
+```
+$ dig +noall +answer SRV _etcd-server._tcp.example.com
+_etcd-server._tcp.example.com. 300 IN  SRV  0 0 2380 infra0.example.com.
+_etcd-server._tcp.example.com. 300 IN  SRV  0 0 2380 infra1.example.com.
+_etcd-server._tcp.example.com. 300 IN  SRV  0 0 2380 infra2.example.com.
+```
+
+```
+$ dig +noall +answer SRV _etcd-client._tcp.example.com
+_etcd-client._tcp.example.com. 300 IN SRV 0 0 2379 infra0.example.com.
+_etcd-client._tcp.example.com. 300 IN SRV 0 0 2379 infra1.example.com.
+_etcd-client._tcp.example.com. 300 IN SRV 0 0 2379 infra2.example.com.
+```
+
+```
+$ dig +noall +answer infra0.example.com infra1.example.com infra2.example.com
+infra0.example.com.  300  IN  A  10.0.1.10
+infra1.example.com.  300  IN  A  10.0.1.11
+infra2.example.com.  300  IN  A  10.0.1.12
+```
+#### Bootstrap the etcd cluster using DNS
+
+etcd cluster members can listen on domain names or IP address, the bootstrap process will resolve DNS A records.
+
+The resolved address in `--initial-advertise-peer-urls` *must match* one of the resolved addresses in the SRV targets. The etcd member reads the resolved address to find out if it belongs to the cluster defined in the SRV records.
+
+```
+$ etcd --name infra0 \
+--discovery-srv example.com \
+--initial-advertise-peer-urls http://infra0.example.com:2380 \
+--initial-cluster-token etcd-cluster-1 \
+--initial-cluster-state new \
+--advertise-client-urls http://infra0.example.com:2379 \
+--listen-client-urls http://infra0.example.com:2379 \
+--listen-peer-urls http://infra0.example.com:2380
+```
+
+```
+$ etcd --name infra1 \
+--discovery-srv example.com \
+--initial-advertise-peer-urls http://infra1.example.com:2380 \
+--initial-cluster-token etcd-cluster-1 \
+--initial-cluster-state new \
+--advertise-client-urls http://infra1.example.com:2379 \
+--listen-client-urls http://infra1.example.com:2379 \
+--listen-peer-urls http://infra1.example.com:2380
+```
+
+```
+$ etcd --name infra2 \
+--discovery-srv example.com \
+--initial-advertise-peer-urls http://infra2.example.com:2380 \
+--initial-cluster-token etcd-cluster-1 \
+--initial-cluster-state new \
+--advertise-client-urls http://infra2.example.com:2379 \
+--listen-client-urls http://infra2.example.com:2379 \
+--listen-peer-urls http://infra2.example.com:2380
+```
+
+You can also bootstrap the cluster using IP addresses instead of domain names:
+
+```
+$ etcd --name infra0 \
+--discovery-srv example.com \
+--initial-advertise-peer-urls http://10.0.1.10:2380 \
+--initial-cluster-token etcd-cluster-1 \
+--initial-cluster-state new \
+--advertise-client-urls http://10.0.1.10:2379 \
+--listen-client-urls http://10.0.1.10:2379 \
+--listen-peer-urls http://10.0.1.10:2380
+```
+
+```
+$ etcd --name infra1 \
+--discovery-srv example.com \
+--initial-advertise-peer-urls http://10.0.1.11:2380 \
+--initial-cluster-token etcd-cluster-1 \
+--initial-cluster-state new \
+--advertise-client-urls http://10.0.1.11:2379 \
+--listen-client-urls http://10.0.1.11:2379 \
+--listen-peer-urls http://10.0.1.11:2380
+```
+
+```
+$ etcd --name infra2 \
+--discovery-srv example.com \
+--initial-advertise-peer-urls http://10.0.1.12:2380 \
+--initial-cluster-token etcd-cluster-1 \
+--initial-cluster-state new \
+--advertise-client-urls http://10.0.1.12:2379 \
+--listen-client-urls http://10.0.1.12:2379 \
+--listen-peer-urls http://10.0.1.12:2380
+```
+
+#### etcd proxy configuration
+
+DNS SRV records can also be used to configure the list of peers for an etcd server running in proxy mode:
+
+```
+$ etcd --proxy on --discovery-srv example.com
+```
+
+#### etcd client configuration
+
+DNS SRV records can also be used to help clients discover the etcd cluster.
+
+The official [etcd/client][client] supports [DNS Discovery][client-discoverer].
+
+`etcdctl` also supports DNS Discovery by specifying the `--discovery-srv` option.
+
+```
+$ etcdctl --discovery-srv example.com set foo bar
+```
+
+#### Error Cases
+
+You might see an error like `cannot find local etcd $name from SRV records.`. That means the etcd member fails to find itself from the cluster defined in SRV records. The resolved address in `--initial-advertise-peer-urls` *must match* one of the resolved addresses in the SRV targets.
+
+# 0.4 to 2.0+ Migration Guide
+
+In etcd 2.0 we introduced the ability to listen on more than one address and to advertise multiple addresses. This makes using etcd easier when you have complex networking, such as private and public networks on various cloud providers.
+
+To make understanding this feature easier, we changed the naming of some flags, but we support the old flags to make the migration from the old to new version easier.
+
+|Old Flag    |New Flag    |Migration Behavior                  |
+|-----------------------|-----------------------|---------------------------------------------------------------------------------------|
+|-peer-addr    |--initial-advertise-peer-urls   |If specified, peer-addr will be used as the only peer URL. Error if both flags specified.|
+|-addr      |--advertise-client-urls  |If specified, addr will be used as the only client URL. Error if both flags specified.|
+|-peer-bind-addr  |--listen-peer-urls  |If specified, peer-bind-addr will be used as the only peer bind URL. Error if both flags specified.|
+|-bind-addr    |--listen-client-urls  |If specified, bind-addr will be used as the only client bind URL. Error if both flags specified.|
+|-peers      |none      |Deprecated. The --initial-cluster flag provides a similar concept with different semantics. Please read this guide on cluster startup.|
+|-peers-file    |none      |Deprecated. The --initial-cluster flag provides a similar concept with different semantics. Please read this guide on cluster startup.|
+
+[client]: /client
+[client-discoverer]: https://godoc.org/github.com/coreos/etcd/client#Discoverer
+[conf-adv-client]: configuration.md#-advertise-client-urls
+[conf-listen-client]: configuration.md#-listen-client-urls
+[discovery-proto]: discovery_protocol.md
+[fall-back]: proxy.md#fallback-to-proxy-mode-with-discovery-service
+[proxy]: proxy.md
+[rfc-srv]: http://www.ietf.org/rfc/rfc2052.txt
+[runtime-conf]: runtime-configuration.md
+[runtime-reconf-design]: runtime-reconf-design.md
--- a/Documentation/configuration.md
+++ b/Documentation/configuration.md
@ -0,0 +1,282 @@
+# Configuration Flags
+
+etcd is configurable through command-line flags and environment variables. Options set on the command line take precedence over those from the environment.
+
+The format of environment variable for flag `--my-flag` is `ETCD_MY_FLAG`. It applies to all  flags.
+
+The [official etcd ports][iana-ports] are 2379 for client requests, and 2380 for peer communication. Some legacy code and documentation still references ports 4001 and 7001, but all new etcd use and discussion should adopt the assigned ports.
+
+To start etcd automatically using custom settings at startup in Linux, using a [systemd][systemd-intro] unit is highly recommended.
+
+[systemd-intro]: http://freedesktop.org/wiki/Software/systemd/
+
+## Member Flags
+
+### --name
+ Human-readable name for this member.
+ default: "default"
+ env variable: ETCD_NAME
+ This value is referenced as this node's own entries listed in the `--initial-cluster` flag (Ex: `default=http://localhost:2380` or `default=http://localhost:2380,default=http://localhost:7001`). This needs to match the key used in the flag if you're using [static bootstrapping][build-cluster]. When using discovery, each member must have a unique name. `Hostname` or `machine-id` can be a good choice.
+
+### --data-dir
+ Path to the data directory.
+ default: "${name}.etcd"
+ env variable: ETCD_DATA_DIR
+
+### --wal-dir
+ Path to the dedicated wal directory. If this flag is set, etcd will write the WAL files to the walDir rather than the dataDir. This allows a dedicated disk to be used, and helps avoid io competition between logging and other IO operations.
+ default: ""
+ env variable: ETCD_WAL_DIR
+
+### --snapshot-count
+ Number of committed transactions to trigger a snapshot to disk.
+ default: "10000"
+ env variable: ETCD_SNAPSHOT_COUNT
+
+### --heartbeat-interval
+ Time (in milliseconds) of a heartbeat interval.
+ default: "100"
+ env variable: ETCD_HEARTBEAT_INTERVAL
+
+### --election-timeout
+ Time (in milliseconds) for an election to timeout. See [Documentation/tuning.md](tuning.md#time-parameters) for details.
+ default: "1000"
+ env variable: ETCD_ELECTION_TIMEOUT
+
+### --listen-peer-urls
+ List of URLs to listen on for peer traffic. This flag tells the etcd to accept incoming requests from its peers on the specified scheme://IP:port combinations. Scheme can be either http or https.If 0.0.0.0 is specified as the IP, etcd listens to the given port on all interfaces. If an IP address is given as well as a port, etcd will listen on the given port and interface. Multiple URLs may be used to specify a number of addresses and ports to listen on. The etcd will respond to requests from any of the listed addresses and ports.
+ default: "http://localhost:2380,http://localhost:7001"
+ env variable: ETCD_LISTEN_PEER_URLS
+ example: "http://10.0.0.1:2380"
+ invalid example: "http://example.com:2380" (domain name is invalid for binding)
+
+### --listen-client-urls
+ List of URLs to listen on for client traffic. This flag tells the etcd to accept incoming requests from the clients on the specified scheme://IP:port combinations. Scheme can be either http or https. If 0.0.0.0 is specified as the IP, etcd listens to the given port on all interfaces. If an IP address is given as well as a port, etcd will listen on the given port and interface. Multiple URLs may be used to specify a number of addresses and ports to listen on. The etcd will respond to requests from any of the listed addresses and ports.
+ default: "http://localhost:2379,http://localhost:4001"
+ env variable: ETCD_LISTEN_CLIENT_URLS
+ example: "http://10.0.0.1:2379"
+ invalid example: "http://example.com:2379" (domain name is invalid for binding)
+
+### --max-snapshots
+ Maximum number of snapshot files to retain (0 is unlimited)
+ default: 5
+ env variable: ETCD_MAX_SNAPSHOTS
+ The default for users on Windows is unlimited, and manual purging down to 5 (or your preference for safety) is recommended.
+
+### --max-wals
+ Maximum number of wal files to retain (0 is unlimited)
+ default: 5
+ env variable: ETCD_MAX_WALS
+ The default for users on Windows is unlimited, and manual purging down to 5 (or your preference for safety) is recommended.
+
+### --cors
+ Comma-separated white list of origins for CORS (cross-origin resource sharing).
+ default: none
+ env variable: ETCD_CORS
+
+## Clustering Flags
+
+`--initial` prefix flags are used in bootstrapping ([static bootstrap][build-cluster], [discovery-service bootstrap][discovery] or [runtime reconfiguration][reconfig]) a new member, and ignored when restarting an existing member.
+
+`--discovery` prefix flags need to be set when using [discovery service][discovery].
+
+### --initial-advertise-peer-urls
+
+ List of this member's peer URLs to advertise to the rest of the cluster. These addresses are used for communicating etcd data around the cluster. At least one must be routable to all cluster members. These URLs can contain domain names.
+ default: "http://localhost:2380,http://localhost:7001"
+ env variable: ETCD_INITIAL_ADVERTISE_PEER_URLS
+ example: "http://example.com:2380, http://10.0.0.1:2380"
+
+### --initial-cluster
+ Initial cluster configuration for bootstrapping.
+ default: "default=http://localhost:2380,default=http://localhost:7001"
+ env variable: ETCD_INITIAL_CLUSTER
+ The key is the value of the `--name` flag for each node provided. The default uses `default` for the key because this is the default for the `--name` flag.
+
+### --initial-cluster-state
+ Initial cluster state ("new" or "existing"). Set to `new` for all members present during initial static or DNS bootstrapping. If this option is set to `existing`, etcd will attempt to join the existing cluster. If the wrong value is set, etcd will attempt to start but fail safely.
+ default: "new"
+ env variable: ETCD_INITIAL_CLUSTER_STATE
+
+[static bootstrap]: clustering.md#static
+
+### --initial-cluster-token
+ Initial cluster token for the etcd cluster during bootstrap.
+ default: "etcd-cluster"
+ env variable: ETCD_INITIAL_CLUSTER_TOKEN
+
+### --advertise-client-urls
+ List of this member's client URLs to advertise to the rest of the cluster. These URLs can contain domain names.
+ default: "http://localhost:2379,http://localhost:4001"
+ env variable: ETCD_ADVERTISE_CLIENT_URLS
+ example: "http://example.com:2379, http://10.0.0.1:2379"
+ Be careful if you are advertising URLs such as http://localhost:2379 from a cluster member and are using the proxy feature of etcd. This will cause loops, because the proxy will be forwarding requests to itself until its resources (memory, file descriptors) are eventually depleted.
+
+### --discovery
+ Discovery URL used to bootstrap the cluster.
+ default: none
+ env variable: ETCD_DISCOVERY
+
+### --discovery-srv
+ DNS srv domain used to bootstrap the cluster.
+ default: none
+ env variable: ETCD_DISCOVERY_SRV
+
+### --discovery-fallback
+ Expected behavior ("exit" or "proxy") when discovery services fails.
+ default: "proxy"
+ env variable: ETCD_DISCOVERY_FALLBACK
+
+### --discovery-proxy
+ HTTP proxy to use for traffic to discovery service.
+ default: none
+ env variable: ETCD_DISCOVERY_PROXY
+
+### --strict-reconfig-check
+ Reject reconfiguration requests that would cause quorum loss.
+ default: false
+ env variable: ETCD_STRICT_RECONFIG_CHECK
+
+## Proxy Flags
+
+`--proxy` prefix flags configures etcd to run in [proxy mode][proxy].
+
+### --proxy
+ Proxy mode setting ("off", "readonly" or "on").
+ default: "off"
+ env variable: ETCD_PROXY
+
+### --proxy-failure-wait
+ Time (in milliseconds) an endpoint will be held in a failed state before being reconsidered for proxied requests.
+ default: 5000
+ env variable: ETCD_PROXY_FAILURE_WAIT
+
+### --proxy-refresh-interval
+ Time (in milliseconds) of the endpoints refresh interval.
+ default: 30000
+ env variable: ETCD_PROXY_REFRESH_INTERVAL
+
+### --proxy-dial-timeout
+ Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
+ default: 1000
+ env variable: ETCD_PROXY_DIAL_TIMEOUT
+
+### --proxy-write-timeout
+ Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
+ default: 5000
+ env variable: ETCD_PROXY_WRITE_TIMEOUT
+
+### --proxy-read-timeout
+ Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
+ Don't change this value if you use watches because they are using long polling requests.
+ default: 0
+ env variable: ETCD_PROXY_READ_TIMEOUT
+
+## Security Flags
+
+The security flags help to [build a secure etcd cluster][security].
+
+### --ca-file [DEPRECATED]
+ Path to the client server TLS CA file. `--ca-file ca.crt` could be replaced by `--trusted-ca-file ca.crt --client-cert-auth` and etcd will perform the same.
+ default: none
+ env variable: ETCD_CA_FILE
+
+### --cert-file
+ Path to the client server TLS cert file.
+ default: none
+ env variable: ETCD_CERT_FILE
+
+### --key-file
+ Path to the client server TLS key file.
+ default: none
+ env variable: ETCD_KEY_FILE
+
+### --client-cert-auth
+ Enable client cert authentication.
+ default: false
+ env variable: ETCD_CLIENT_CERT_AUTH
+
+### --trusted-ca-file
+ Path to the client server TLS trusted CA key file.
+ default: none
+ env variable: ETCD_TRUSTED_CA_FILE
+
+### --peer-ca-file [DEPRECATED]
+ Path to the peer server TLS CA file. `--peer-ca-file ca.crt` could be replaced by `--peer-trusted-ca-file ca.crt --peer-client-cert-auth` and etcd will perform the same.
+ default: none
+ env variable: ETCD_PEER_CA_FILE
+
+### --peer-cert-file
+ Path to the peer server TLS cert file.
+ default: none
+ env variable: ETCD_PEER_CERT_FILE
+
+### --peer-key-file
+ Path to the peer server TLS key file.
+ default: none
+ env variable: ETCD_PEER_KEY_FILE
+
+### --peer-client-cert-auth
+ Enable peer client cert authentication.
+ default: false
+ env variable: ETCD_PEER_CLIENT_CERT_AUTH
+
+### --peer-trusted-ca-file
+ Path to the peer server TLS trusted CA file.
+ default: none
+ env variable: ETCD_PEER_TRUSTED_CA_FILE
+
+## Logging Flags
+
+### --debug
+ Drop the default log level to DEBUG for all subpackages.
+ default: false (INFO for all packages)
+ env variable: ETCD_DEBUG
+
+### --log-package-levels
+ Set individual etcd subpackages to specific log levels. An example being `etcdserver=WARNING,security=DEBUG` 
+ default: none (INFO for all packages)
+ env variable: ETCD_LOG_PACKAGE_LEVELS
+
+
+## Unsafe Flags
+
+Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol.
+For example, it may panic if other members in the cluster are still alive.
+Follow the instructions when using these flags.
+
+### --force-new-cluster
+ Force to create a new one-member cluster. It commits configuration changes forcing to remove all existing members in the cluster and add itself. It needs to be set to [restore a backup][restore].
+ default: false
+ env variable: ETCD_FORCE_NEW_CLUSTER
+
+## Experimental Flags
+
+### --experimental-v3demo
+ Enable experimental [v3 demo API][rfc-v3].
+ default: false
+ env variable: ETCD_EXPERIMENTAL_V3DEMO
+
+## Miscellaneous Flags
+
+### --version
+ Print the version and exit.
+ default: false
+
+## Profiling flags
+
+### --enable-pprof
+ Enable runtime profiling data via HTTP server. Address is at client URL + "/debug/pprof"
+ default: false
+
+[build-cluster]: clustering.md#static
+[reconfig]: runtime-configuration.md
+[discovery]: clustering.md#discovery
+[iana-ports]: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=etcd
+[proxy]: proxy.md
+[reconfig]: runtime-configuration.md
+[restore]: admin_guide.md#restoring-a-backup
+[rfc-v3]: rfc/v3api.md
+[security]: security.md
+[systemd-intro]: http://freedesktop.org/wiki/Software/systemd/
+[tuning]: tuning.md#time-parameters
--- a/Documentation/dev-guide/apispec/swagger/rpc.swagger.json
+++ b/Documentation/dev-guide/apispec/swagger/rpc.swagger.json
--- a/Documentation/dev-guide/apispec/swagger/v3election.swagger.json
+++ b/Documentation/dev-guide/apispec/swagger/v3election.swagger.json
@ -1,427 +0,0 @@
-{
-  "swagger": "2.0",
-  "info": {
-    "title": "server/etcdserver/api/v3election/v3electionpb/v3election.proto",
-    "version": "version not set"
-  },
-  "consumes": [
-    "application/json"
-  ],
-  "produces": [
-    "application/json"
-  ],
-  "paths": {
-    "/v3/election/campaign": {
-      "post": {
-        "summary": "Campaign waits to acquire leadership in an election, returning a LeaderKey\nrepresenting the leadership if successful. The LeaderKey can then be used\nto issue new values on the election, transactionally guard API requests on\nleadership still being held, and resign from the election.",
-        "operationId": "Election_Campaign",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v3electionpbCampaignResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3electionpbCampaignRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Election"
-        ]
-      }
-    },
-    "/v3/election/leader": {
-      "post": {
-        "summary": "Leader returns the current election proclamation, if any.",
-        "operationId": "Election_Leader",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v3electionpbLeaderResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3electionpbLeaderRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Election"
-        ]
-      }
-    },
-    "/v3/election/observe": {
-      "post": {
-        "summary": "Observe streams election proclamations in-order as made by the election's\nelected leaders.",
-        "operationId": "Election_Observe",
-        "responses": {
-          "200": {
-            "description": "A successful response.(streaming responses)",
-            "schema": {
-              "type": "object",
-              "properties": {
-                "result": {
-                  "$ref": "#/definitions/v3electionpbLeaderResponse"
-                },
-                "error": {
-                  "$ref": "#/definitions/runtimeStreamError"
-                }
-              },
-              "title": "Stream result of v3electionpbLeaderResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3electionpbLeaderRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Election"
-        ]
-      }
-    },
-    "/v3/election/proclaim": {
-      "post": {
-        "summary": "Proclaim updates the leader's posted value with a new value.",
-        "operationId": "Election_Proclaim",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v3electionpbProclaimResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3electionpbProclaimRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Election"
-        ]
-      }
-    },
-    "/v3/election/resign": {
-      "post": {
-        "summary": "Resign releases election leadership so other campaigners may acquire\nleadership on the election.",
-        "operationId": "Election_Resign",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v3electionpbResignResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3electionpbResignRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Election"
-        ]
-      }
-    }
-  },
-  "definitions": {
-    "etcdserverpbResponseHeader": {
-      "type": "object",
-      "properties": {
-        "cluster_id": {
-          "type": "string",
-          "format": "uint64",
-          "description": "cluster_id is the ID of the cluster which sent the response."
-        },
-        "member_id": {
-          "type": "string",
-          "format": "uint64",
-          "description": "member_id is the ID of the member which sent the response."
-        },
-        "revision": {
-          "type": "string",
-          "format": "int64",
-          "description": "revision is the key-value store revision when the request was applied.\nFor watch progress responses, the header.revision indicates progress. All future events\nrecieved in this stream are guaranteed to have a higher revision number than the\nheader.revision number."
-        },
-        "raft_term": {
-          "type": "string",
-          "format": "uint64",
-          "description": "raft_term is the raft term when the request was applied."
-        }
-      }
-    },
-    "mvccpbKeyValue": {
-      "type": "object",
-      "properties": {
-        "key": {
-          "type": "string",
-          "format": "byte",
-          "description": "key is the key in bytes. An empty key is not allowed."
-        },
-        "create_revision": {
-          "type": "string",
-          "format": "int64",
-          "description": "create_revision is the revision of last creation on this key."
-        },
-        "mod_revision": {
-          "type": "string",
-          "format": "int64",
-          "description": "mod_revision is the revision of last modification on this key."
-        },
-        "version": {
-          "type": "string",
-          "format": "int64",
-          "description": "version is the version of the key. A deletion resets\nthe version to zero and any modification of the key\nincreases its version."
-        },
-        "value": {
-          "type": "string",
-          "format": "byte",
-          "description": "value is the value held by the key, in bytes."
-        },
-        "lease": {
-          "type": "string",
-          "format": "int64",
-          "description": "lease is the ID of the lease that attached to key.\nWhen the attached lease expires, the key will be deleted.\nIf lease is 0, then no lease is attached to the key."
-        }
-      }
-    },
-    "protobufAny": {
-      "type": "object",
-      "properties": {
-        "type_url": {
-          "type": "string"
-        },
-        "value": {
-          "type": "string",
-          "format": "byte"
-        }
-      }
-    },
-    "runtimeError": {
-      "type": "object",
-      "properties": {
-        "error": {
-          "type": "string"
-        },
-        "code": {
-          "type": "integer",
-          "format": "int32"
-        },
-        "message": {
-          "type": "string"
-        },
-        "details": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/protobufAny"
-          }
-        }
-      }
-    },
-    "runtimeStreamError": {
-      "type": "object",
-      "properties": {
-        "grpc_code": {
-          "type": "integer",
-          "format": "int32"
-        },
-        "http_code": {
-          "type": "integer",
-          "format": "int32"
-        },
-        "message": {
-          "type": "string"
-        },
-        "http_status": {
-          "type": "string"
-        },
-        "details": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/protobufAny"
-          }
-        }
-      }
-    },
-    "v3electionpbCampaignRequest": {
-      "type": "object",
-      "properties": {
-        "name": {
-          "type": "string",
-          "format": "byte",
-          "description": "name is the election's identifier for the campaign."
-        },
-        "lease": {
-          "type": "string",
-          "format": "int64",
-          "description": "lease is the ID of the lease attached to leadership of the election. If the\nlease expires or is revoked before resigning leadership, then the\nleadership is transferred to the next campaigner, if any."
-        },
-        "value": {
-          "type": "string",
-          "format": "byte",
-          "description": "value is the initial proclaimed value set when the campaigner wins the\nelection."
-        }
-      }
-    },
-    "v3electionpbCampaignResponse": {
-      "type": "object",
-      "properties": {
-        "header": {
-          "$ref": "#/definitions/etcdserverpbResponseHeader"
-        },
-        "leader": {
-          "$ref": "#/definitions/v3electionpbLeaderKey",
-          "description": "leader describes the resources used for holding leadereship of the election."
-        }
-      }
-    },
-    "v3electionpbLeaderKey": {
-      "type": "object",
-      "properties": {
-        "name": {
-          "type": "string",
-          "format": "byte",
-          "description": "name is the election identifier that correponds to the leadership key."
-        },
-        "key": {
-          "type": "string",
-          "format": "byte",
-          "description": "key is an opaque key representing the ownership of the election. If the key\nis deleted, then leadership is lost."
-        },
-        "rev": {
-          "type": "string",
-          "format": "int64",
-          "description": "rev is the creation revision of the key. It can be used to test for ownership\nof an election during transactions by testing the key's creation revision\nmatches rev."
-        },
-        "lease": {
-          "type": "string",
-          "format": "int64",
-          "description": "lease is the lease ID of the election leader."
-        }
-      }
-    },
-    "v3electionpbLeaderRequest": {
-      "type": "object",
-      "properties": {
-        "name": {
-          "type": "string",
-          "format": "byte",
-          "description": "name is the election identifier for the leadership information."
-        }
-      }
-    },
-    "v3electionpbLeaderResponse": {
-      "type": "object",
-      "properties": {
-        "header": {
-          "$ref": "#/definitions/etcdserverpbResponseHeader"
-        },
-        "kv": {
-          "$ref": "#/definitions/mvccpbKeyValue",
-          "description": "kv is the key-value pair representing the latest leader update."
-        }
-      }
-    },
-    "v3electionpbProclaimRequest": {
-      "type": "object",
-      "properties": {
-        "leader": {
-          "$ref": "#/definitions/v3electionpbLeaderKey",
-          "description": "leader is the leadership hold on the election."
-        },
-        "value": {
-          "type": "string",
-          "format": "byte",
-          "description": "value is an update meant to overwrite the leader's current value."
-        }
-      }
-    },
-    "v3electionpbProclaimResponse": {
-      "type": "object",
-      "properties": {
-        "header": {
-          "$ref": "#/definitions/etcdserverpbResponseHeader"
-        }
-      }
-    },
-    "v3electionpbResignRequest": {
-      "type": "object",
-      "properties": {
-        "leader": {
-          "$ref": "#/definitions/v3electionpbLeaderKey",
-          "description": "leader is the leadership to relinquish by resignation."
-        }
-      }
-    },
-    "v3electionpbResignResponse": {
-      "type": "object",
-      "properties": {
-        "header": {
-          "$ref": "#/definitions/etcdserverpbResponseHeader"
-        }
-      }
-    }
-  }
-}
--- a/Documentation/dev-guide/apispec/swagger/v3lock.swagger.json
+++ b/Documentation/dev-guide/apispec/swagger/v3lock.swagger.json
@ -1,187 +0,0 @@
-{
-  "swagger": "2.0",
-  "info": {
-    "title": "server/etcdserver/api/v3lock/v3lockpb/v3lock.proto",
-    "version": "version not set"
-  },
-  "consumes": [
-    "application/json"
-  ],
-  "produces": [
-    "application/json"
-  ],
-  "paths": {
-    "/v3/lock/lock": {
-      "post": {
-        "summary": "Lock acquires a distributed shared lock on a given named lock.\nOn success, it will return a unique key that exists so long as the\nlock is held by the caller. This key can be used in conjunction with\ntransactions to safely ensure updates to etcd only occur while holding\nlock ownership. The lock is held until Unlock is called on the key or the\nlease associate with the owner expires.",
-        "operationId": "Lock_Lock",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v3lockpbLockResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3lockpbLockRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Lock"
-        ]
-      }
-    },
-    "/v3/lock/unlock": {
-      "post": {
-        "summary": "Unlock takes a key returned by Lock and releases the hold on lock. The\nnext Lock caller waiting for the lock will then be woken up and given\nownership of the lock.",
-        "operationId": "Lock_Unlock",
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v3lockpbUnlockResponse"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/v3lockpbUnlockRequest"
-            }
-          }
-        ],
-        "tags": [
-          "Lock"
-        ]
-      }
-    }
-  },
-  "definitions": {
-    "etcdserverpbResponseHeader": {
-      "type": "object",
-      "properties": {
-        "cluster_id": {
-          "type": "string",
-          "format": "uint64",
-          "description": "cluster_id is the ID of the cluster which sent the response."
-        },
-        "member_id": {
-          "type": "string",
-          "format": "uint64",
-          "description": "member_id is the ID of the member which sent the response."
-        },
-        "revision": {
-          "type": "string",
-          "format": "int64",
-          "description": "revision is the key-value store revision when the request was applied.\nFor watch progress responses, the header.revision indicates progress. All future events\nrecieved in this stream are guaranteed to have a higher revision number than the\nheader.revision number."
-        },
-        "raft_term": {
-          "type": "string",
-          "format": "uint64",
-          "description": "raft_term is the raft term when the request was applied."
-        }
-      }
-    },
-    "protobufAny": {
-      "type": "object",
-      "properties": {
-        "type_url": {
-          "type": "string"
-        },
-        "value": {
-          "type": "string",
-          "format": "byte"
-        }
-      }
-    },
-    "runtimeError": {
-      "type": "object",
-      "properties": {
-        "error": {
-          "type": "string"
-        },
-        "code": {
-          "type": "integer",
-          "format": "int32"
-        },
-        "message": {
-          "type": "string"
-        },
-        "details": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/protobufAny"
-          }
-        }
-      }
-    },
-    "v3lockpbLockRequest": {
-      "type": "object",
-      "properties": {
-        "name": {
-          "type": "string",
-          "format": "byte",
-          "description": "name is the identifier for the distributed shared lock to be acquired."
-        },
-        "lease": {
-          "type": "string",
-          "format": "int64",
-          "description": "lease is the ID of the lease that will be attached to ownership of the\nlock. If the lease expires or is revoked and currently holds the lock,\nthe lock is automatically released. Calls to Lock with the same lease will\nbe treated as a single acquisition; locking twice with the same lease is a\nno-op."
-        }
-      }
-    },
-    "v3lockpbLockResponse": {
-      "type": "object",
-      "properties": {
-        "header": {
-          "$ref": "#/definitions/etcdserverpbResponseHeader"
-        },
-        "key": {
-          "type": "string",
-          "format": "byte",
-          "description": "key is a key that will exist on etcd for the duration that the Lock caller\nowns the lock. Users should not modify this key or the lock may exhibit\nundefined behavior."
-        }
-      }
-    },
-    "v3lockpbUnlockRequest": {
-      "type": "object",
-      "properties": {
-        "key": {
-          "type": "string",
-          "format": "byte",
-          "description": "key is the lock ownership key granted by Lock."
-        }
-      }
-    },
-    "v3lockpbUnlockResponse": {
-      "type": "object",
-      "properties": {
-        "header": {
-          "$ref": "#/definitions/etcdserverpbResponseHeader"
-        }
-      }
-    }
-  }
-}
--- a/Documentation/dev/release.md
+++ b/Documentation/dev/release.md
@ -0,0 +1,106 @@
+# etcd release guide
+
+The guide talks about how to release a new version of etcd.
+
+The procedure includes some manual steps for sanity checking but it can probably be further scripted. Please keep this document up-to-date if you want to make changes to the release process. 
+
+## Prepare Release
+
+Set desired version as environment variable for following steps. Here is an example to release 2.3.0:
+
+```
+export VERSION=v2.3.0
+export PREV_VERSION=v2.2.5
+```
+
+All releases version numbers follow the format of [semantic versioning 2.0.0](http://semver.org/).
+
+### Major, Minor Version Release, or its Pre-release
+
+- Ensure the relevant milestone on GitHub is complete. All referenced issues should be closed, or moved elsewhere.
+- Remove this release from [roadmap](https://github.com/coreos/etcd/blob/master/ROADMAP.md), if necessary.
+- Ensure the latest upgrade documentation is available.
+- Bump [hardcoded MinClusterVerion in the repository](https://github.com/coreos/etcd/blob/master/version/version.go#L29), if necessary.
+- Add feature capability maps for the new version, if necessary.
+
+### Patch Version Release
+
+- Discuss about commits that are backported to the patch release. The commits should not include merge commits.
+- Cherry-pick these commits starting from the oldest one into stable branch.
+
+## Write Release Note
+
+- Write introduction for the new release. For example, what major bug we fix, what new features we introduce or what performance improvement we make.
+- Write changelog for the last release. ChangeLog should be straightforward and easy to understand for the end-user.
+- Put `[GH XXXX]` at the head of change line to reference Pull Request that introduces the change. Moreover, add a link on it to jump to the Pull Request.
+
+## Tag Version
+
+- Bump [hardcoded Version in the repository](https://github.com/coreos/etcd/blob/master/version/version.go#L30) to the latest version `${VERSION}`.
+- Ensure all tests on CI system are passed.
+- Manually check etcd is buildable in Linux, Darwin and Windows.
+- Manually check upgrade etcd cluster of previous minor version works well.
+- Manually check new features work well.
+- Add a signed tag through `git tag -s ${VERSION}`.
+- Sanity check tag correctness through `git show tags/$VERSION`.
+- Push the tag to GitHub through `git push origin tags/$VERSION`. This assumes `origin` corresponds to "https://github.com/coreos/etcd".
+
+## Build Release Binaries and Images
+
+- Ensure `actool` is available, or installing it through `go get github.com/appc/spec/actool`.
+- Ensure `docker` is available.
+
+Run release script in root directory:
+
+```
+./scripts/release.sh ${VERSION}
+```
+
+It generates all release binaries and images under directory ./release.
+
+## Sign Binaries and Images
+
+etcd project key must be used to sign the generated binaries and images.`$SUBKEYID` is the key ID of etcd project Yubikey. Connect the key and run `gpg2 --card-status` to get the ID.
+
+The following commands are used for public release sign:
+
+```
+cd release
+for i in etcd-*{.zip,.tar.gz}; do gpg2 --default-key $SUBKEYID --output ${i}.asc --detach-sign ${i}; done
+for i in etcd-*{.zip,.tar.gz}; do gpg2 --verify ${i}.asc ${i}; done
+```
+
+## Publish Release Page in GitHub
+
+- Set release title as the version name.
+- Follow the format of previous release pages.
+- Attach the generated binaries, aci image and signatures.
+- Select whether it is a pre-release.
+- Publish the release!
+
+## Publish Docker Image in Quay.io
+
+- Push docker image:
+
+```
+docker login quay.io
+docker push quay.io/coreos/etcd:${VERSION}
+```
+
+- Add `latest` tag to the new image on [quay.io](https://quay.io/repository/coreos/etcd?tag=latest&tab=tags) if this is a stable release.
+
+## Announce to etcd-dev Googlegroup
+
+- Follow the format of [previous release emails](https://groups.google.com/forum/#!forum/etcd-dev).
+- Make sure to include a list of authors that contributed since the previous release - something like the following might be handy:
+
+```
+git log ...${PREV_VERSION} --pretty=format:"%an" | sort | uniq | tr '\n' ',' | sed -e 's#,#, #g' -e 's#, $##'
+```
+
+- Send email to etcd-dev@googlegroups.com
+
+## Post Release
+
+- Create new stable branch through `git push origin ${VERSION_MAJOR}.${VERSION_MINOR}` if this is a major stable release. This assumes `origin` corresponds to "https://github.com/coreos/etcd".
+- Bump [hardcoded Version in the repository](https://github.com/coreos/etcd/blob/master/version/version.go#L30) to the version `${VERSION}+git`.
--- a/Documentation/discovery_protocol.md
+++ b/Documentation/discovery_protocol.md
@ -0,0 +1,114 @@
+# Discovery Service Protocol
+
+Discovery service protocol helps new etcd member to discover all other members in cluster bootstrap phase using a shared discovery URL.
+
+Discovery service protocol is _only_ used in cluster bootstrap phase, and cannot be used for runtime reconfiguration or cluster monitoring.
+
+The protocol uses a new discovery token to bootstrap one _unique_ etcd cluster. Remember that one discovery token can represent only one etcd cluster. As long as discovery protocol on this token starts, even if it fails halfway, it must not be used to bootstrap another etcd cluster.
+
+The rest of this article will walk through the discovery process with examples that correspond to a self-hosted discovery cluster. The public discovery service, discovery.etcd.io, functions the same way, but with a layer of polish to abstract away ugly URLs, generate UUIDs automatically, and provide some protections against excessive requests. At its core, the public discovery service still uses an etcd cluster as the data store as described in this document.
+
+## The Protocol Workflow
+
+The idea of discovery protocol is to use an internal etcd cluster to coordinate bootstrap of a new cluster. First, all new members interact with discovery service and help to generate the expected member list. Then each new member bootstraps its server using this list, which performs the same functionality as -initial-cluster flag.
+
+In the following example workflow, we will list each step of protocol in curl format for ease of understanding.
+
+By convention the etcd discovery protocol uses the key prefix `_etcd/registry`. If `http://example.com` hosts an etcd cluster for discovery service, a full URL to discovery keyspace will be `http://example.com/v2/keys/_etcd/registry`. We will use this as the URL prefix in the example.
+
+### Creating a New Discovery Token
+
+Generate a unique token that will identify the new cluster. This will be used as a unique prefix in discovery keyspace in the following steps. An easy way to do this is to use `uuidgen`:
+
+```
+UUID=$(uuidgen)
+```
+
+### Specifying the Expected Cluster Size
+
+You need to specify the expected cluster size for this discovery token. The size is used by the discovery service to know when it has found all members that will initially form the cluster.
+
+```
+curl -X PUT http://example.com/v2/keys/_etcd/registry/${UUID}/_config/size -d value=${cluster_size}
+```
+
+Usually the cluster size is 3, 5 or 7. Check [optimal cluster size][cluster-size] for more details.
+
+### Bringing up etcd Processes
+
+Now that you have your discovery URL, you can use it as `-discovery` flag and bring up etcd processes. Every etcd process will follow this next few steps internally if given a `-discovery` flag.
+
+### Registering itself
+
+The first thing for etcd process is to register itself into the discovery URL as a member. This is done by creating member ID as a key in the discovery URL.
+
+```
+curl -X PUT http://example.com/v2/keys/_etcd/registry/${UUID}/${member_id}?prevExist=false -d value="${member_name}=${member_peer_url_1}&${member_name}=${member_peer_url_2}"
+```
+
+### Checking the Status
+
+It checks the expected cluster size and registration status in discovery URL, and decides what the next action is.
+
+```
+curl -X GET http://example.com/v2/keys/_etcd/registry/${UUID}/_config/size
+curl -X GET http://example.com/v2/keys/_etcd/registry/${UUID}
+```
+
+If registered members are still not enough, it will wait for left members to appear.
+
+If the number of registered members is bigger than the expected size N, it treats the first N registered members as the member list for the cluster. If the member itself is in the member list, the discovery procedure succeeds and it fetches all peers through the member list. If it is not in the member list, the discovery procedure finishes with the failure that the cluster has been full.
+
+In etcd implementation, the member may check the cluster status even before registering itself. So it could fail quickly if the cluster has been full.
+
+### Waiting for All Members
+
+
+The wait process is described in detail in the [etcd API documentation][api].
+
+```
+curl -X GET http://example.com/v2/keys/_etcd/registry/${UUID}?wait=true&waitIndex=${current_etcd_index}
+```
+
+It keeps waiting until finding all members.
+
+## Public Discovery Service
+
+CoreOS Inc. hosts a public discovery service at https://discovery.etcd.io/ , which provides some nice features for ease of use.
+
+### Mask Key Prefix
+
+Public discovery service will redirect `https://discovery.etcd.io/${UUID}` to etcd cluster behind for the key at `/v2/keys/_etcd/registry`. It masks register key prefix for short and readable discovery url.
+
+### Get new token
+
+```
+GET /new
+
+Sent query:
+	size=${cluster_size}
+Possible status codes:
+	200 OK
+	400 Bad Request
+200 Body:
+	generated discovery url
+```
+
+The generation process in the service follows the steps from [Creating a New Discovery Token][new-discovery-token] to [Specifying the Expected Cluster Size][expected-cluster-size].
+
+### Check Discovery Status
+
+```
+GET /${UUID}
+```
+
+You can check the status for this discovery token, including the machines that have been registered, by requesting the value of the UUID.
+
+### Open-source repository
+
+The repository is located at https://github.com/coreos/discovery.etcd.io. You could use it to build your own public discovery service.
+
+[api]: api.md#waiting-for-a-change
+[cluster-size]: admin_guide.md#optimal-cluster-size
+[expected-cluster-size]: #specifying-the-expected-cluster-size
+[new-discovery-token]: #creating-a-new-discovery-token
--- a/Documentation/docker_guide.md
+++ b/Documentation/docker_guide.md
@ -0,0 +1,94 @@
+# Running etcd under Docker
+
+The following guide will show you how to run etcd under Docker using the [static bootstrap process](clustering.md#static).
+
+## Running etcd in standalone mode
+
+In order to expose the etcd API to clients outside of the Docker host you'll need use the host IP address when configuring etcd.
+
+```
+export HostIP="192.168.12.50"
+```
+
+The following `docker run` command will expose the etcd client API over ports 4001 and 2379, and expose the peer port over 2380.
+
+This will run the latest release version of etcd. You can specify version if needed (e.g. `quay.io/coreos/etcd:v2.2.0`).
+
+```
+docker run -d -v /usr/share/ca-certificates/:/etc/ssl/certs -p 4001:4001 -p 2380:2380 -p 2379:2379 \
+ --name etcd quay.io/coreos/etcd \
+ -name etcd0 \
+ -advertise-client-urls http://${HostIP}:2379,http://${HostIP}:4001 \
+ -listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 \
+ -initial-advertise-peer-urls http://${HostIP}:2380 \
+ -listen-peer-urls http://0.0.0.0:2380 \
+ -initial-cluster-token etcd-cluster-1 \
+ -initial-cluster etcd0=http://${HostIP}:2380 \
+ -initial-cluster-state new
+```
+
+Configure etcd clients to use the Docker host IP and one of the listening ports from above.
+
+```
+etcdctl -C http://192.168.12.50:2379 member list
+```
+
+```
+etcdctl -C http://192.168.12.50:4001 member list
+```
+
+## Running a 3 node etcd cluster
+
+Using Docker to setup a multi-node cluster is very similar to the standalone mode configuration.
+The main difference being the value used for the `-initial-cluster` flag, which must contain the peer urls for each etcd member in the cluster.
+
+### etcd0
+
+```
+docker run -d -v /usr/share/ca-certificates/:/etc/ssl/certs -p 4001:4001 -p 2380:2380 -p 2379:2379 \
+ --name etcd quay.io/coreos/etcd \
+ -name etcd0 \
+ -advertise-client-urls http://192.168.12.50:2379,http://192.168.12.50:4001 \
+ -listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 \
+ -initial-advertise-peer-urls http://192.168.12.50:2380 \
+ -listen-peer-urls http://0.0.0.0:2380 \
+ -initial-cluster-token etcd-cluster-1 \
+ -initial-cluster etcd0=http://192.168.12.50:2380,etcd1=http://192.168.12.51:2380,etcd2=http://192.168.12.52:2380 \
+ -initial-cluster-state new
+```
+
+### etcd1
+
+```
+docker run -d -v /usr/share/ca-certificates/:/etc/ssl/certs -p 4001:4001 -p 2380:2380 -p 2379:2379 \
+ --name etcd quay.io/coreos/etcd \
+ -name etcd1 \
+ -advertise-client-urls http://192.168.12.51:2379,http://192.168.12.51:4001 \
+ -listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 \
+ -initial-advertise-peer-urls http://192.168.12.51:2380 \
+ -listen-peer-urls http://0.0.0.0:2380 \
+ -initial-cluster-token etcd-cluster-1 \
+ -initial-cluster etcd0=http://192.168.12.50:2380,etcd1=http://192.168.12.51:2380,etcd2=http://192.168.12.52:2380 \
+ -initial-cluster-state new
+```
+
+### etcd2
+
+```
+docker run -d -v /usr/share/ca-certificates/:/etc/ssl/certs -p 4001:4001 -p 2380:2380 -p 2379:2379 \
+ --name etcd quay.io/coreos/etcd \
+ -name etcd2 \
+ -advertise-client-urls http://192.168.12.52:2379,http://192.168.12.52:4001 \
+ -listen-client-urls http://0.0.0.0:2379,http://0.0.0.0:4001 \
+ -initial-advertise-peer-urls http://192.168.12.52:2380 \
+ -listen-peer-urls http://0.0.0.0:2380 \
+ -initial-cluster-token etcd-cluster-1 \
+ -initial-cluster etcd0=http://192.168.12.50:2380,etcd1=http://192.168.12.51:2380,etcd2=http://192.168.12.52:2380 \
+ -initial-cluster-state new
+```
+
+Once the cluster has been bootstrapped etcd clients can be configured with a list of etcd members:
+
+```
+etcdctl -C http://192.168.12.50:2379,http://192.168.12.51:2379,http://192.168.12.52:2379 member list
+```
--- a/Documentation/errorcode.md
+++ b/Documentation/errorcode.md
@ -0,0 +1,42 @@
+# Error Code
+======
+
+This document describes the error code used in key space '/v2/keys'. Feel free to import 'github.com/coreos/etcd/error' to use.
+
+It's categorized into four groups:
+
+- Command Related Error
+
+| name                 | code | strerror              |
+|----------------------|------|-----------------------|
+| EcodeKeyNotFound     | 100  | "Key not found"       |
+| EcodeTestFailed      | 101  | "Compare failed"      |
+| EcodeNotFile         | 102  | "Not a file"          |
+| EcodeNotDir          | 104  | "Not a directory"     |
+| EcodeNodeExist       | 105  | "Key already exists"  |
+| EcodeRootROnly       | 107  | "Root is read only"   |
+| EcodeDirNotEmpty     | 108  | "Directory not empty" |
+
+- Post Form Related Error
+
+| name                     | code | strerror |
+|--------------------------|------|------------------------------------------------|
+| EcodePrevValueRequired   | 201  | "PrevValue is Required in POST form"           |
+| EcodeTTLNaN              | 202  | "The given TTL in POST form is not a number"   |
+| EcodeIndexNaN            | 203  | "The given index in POST form is not a number" |
+| EcodeInvalidField        | 209  | "Invalid field"                                |
+| EcodeInvalidForm         | 210  | "Invalid POST form"                            |
+
+- Raft Related Error
+
+| name              | code | strerror                 |
+|-------------------|------|--------------------------|
+| EcodeRaftInternal | 300  | "Raft Internal Error"    |
+| EcodeLeaderElect  | 301  | "During Leader Election" |
+
+- Etcd Related Error
+
+| name                    | code | strerror                                               |
+|-------------------------|------|--------------------------------------------------------|
+| EcodeWatcherCleared     | 400  | "watcher is cleared due to etcd recovery"              |
+| EcodeEventIndexCleared  | 401  | "The event in requested index is outdated and cleared" |
--- a/Documentation/faq.md
+++ b/Documentation/faq.md
@ -0,0 +1,83 @@
+# FAQ
+## 1) How come I can read an old version of the data when a majority of the members are down?  
+
+In situations where a client connects to a minority, etcd
+favors by default availability over consistency. This means that even though
+data might be “out of date”, it is still better to return something versus
+nothing. 
+
+In order to confirm that a read is up to date with a majority of the cluster,
+the client can use the `quorum=true` parameter on reads of keys. This means
+that a majority of the cluster is checked on reads before returning the data,
+otherwise the read will timeout and fail.
+
+## 2) With quorum=false, doesn’t this mean that if my client switched the member it was connected to, that it could experience a logical ordering where the cluster goes backwards in time? 
+
+Yes, but this could be handled at the etcd client implementation via
+remembering the last seen index. The “index” is the cluster's single
+irrevocable sequence of the entire modification history. The client could
+remember the last seen index, and determine via comparing the index returned on
+the GET whether or not the state of the key-value pair is before or after its
+last seen state. 
+
+## 3) What happens if a watch is registered on a minority member? 
+
+The watch will stay untriggered, even as modifications are occurring in the
+majority quorum. This is an open issue, and is being addressed in v3. There are
+multiple ways to work around the watch trigger not firing. 
+
+1) build a signaling mechanism independent of etcd. This could be as simple as
+a “pulse” to the client to reissue a GET with quorum=true for the most recent
+version of the data. 
+   
+2) poll on the `/v2/keys` endpoint and check that the raft-index is increasing every
+timeout. 
+
+## 4) What is a proxy used for? 
+
+A proxy is a redirection server to the etcd cluster. The proxy handles the
+redirection of a client to the current configuration of the etcd cluster. A
+typical use case is to start a proxy on a machine, and on first boot up of the
+proxy specify both the `--proxy` flag and the `--initial-cluster` flag. 
+
+From there, any etcdctl client that starts up automatically speaks to the local
+proxy and the proxy redirects operations to the current configuration of the
+cluster it was originally paired with. 
+
+In the v2 spec of etcd, proxies cannot be promoted to members of the cluster.
+They also cannot be promoted to followers or at any point become part of the
+replication of the etcd cluster itself. 
+
+## 5) How is cluster membership and health handled in etcd v2? 
+
+The design goal of etcd is that reconfiguration is simply an API, and health
+monitoring and addition/removal of members is up to the individual application
+and their integration with the reconfiguration API. 
+
+Thus, a member that is down, even infinitely, will never be automatically
+removed from the etcd cluster member list. 
+
+This makes sense because it's usually an application level / administrative
+action to determine whether a reconfiguration should happen based on health. 
+
+For more information, refer to the [runtime reconfiguration design document][runtime-reconf-design].
+
+## 6) how does --endpoint work with etcdctl? 
+
+The `--endpoint` flag can specify any number of etcd cluster members in a comma
+separated list. This list might be a subset, equal to, or more than the actual
+etcd cluster member list itself. 
+
+If only one peer is specified via the `--endpoint` flag, the etcdctl discovers the
+rest of the cluster via the member list of that one peer, and then it randomly
+chooses a member to use.  Again, the client can use the `quorum=true` flag on
+reads, which will always fail when using a member in the minority. 
+
+If peers from multiple clusters are specified via the `--endpoint` flag, etcdctl
+will randomly choose a peer, and the request will simply get routed to one of
+the clusters. This is probably not what you want. 
+
+Note: --peers flag is now deprecated and --endpoint should be used instead, 
+as it might confuse users to give etcdctl a peerURL.
+
+[runtime-reconf-design]: runtime-reconf-design.md
--- a/Documentation/glossary.md
+++ b/Documentation/glossary.md
@ -0,0 +1,35 @@
+# Glossary
+
+This document defines the various terms used in etcd documentation, command line and source code.
+
+## Node
+
+Node is an instance of raft state machine.
+
+It has a unique identification, and records other nodes' progress internally when it is the leader.
+
+## Member
+
+Member is an instance of etcd. It hosts a node, and provides service to clients.
+
+## Cluster
+
+Cluster consists of several members.
+
+The node in each member follows raft consensus protocol to replicate logs. Cluster receives proposals from members, commits them and apply to local store.
+
+## Peer
+
+Peer is another member of the same cluster.
+
+## Proposal
+
+A proposal is a request (for example a write request, a configuration change request) that needs to go through raft protocol.
+
+## Client
+
+Client is a caller of the cluster's HTTP API.
+
+## Machine (deprecated)
+
+The alternative of Member in etcd before 2.0
--- a/Documentation/implementation-faq.md
+++ b/Documentation/implementation-faq.md
@ -0,0 +1,65 @@
+# FAQ
+
+## Initial Bootstrapping UX
+
+etcd initial bootstrapping is done via command line flags such as
+`--initial-cluster` or `--discovery`. These flags can safely be left on the
+command line after your cluster is running but they will be ignored if you have
+a non-empty data dir. So, why did we decide to have this sort of odd UX?
+
+One of the design goals of etcd is easy bringup of clusters using a one-shot
+static configuration like AWS Cloud Formation, PXE booting, etc. Essentially we
+want to describe several virtual machines and bring them all up at once into an
+etcd cluster.
+
+To achieve this sort of hands-free cluster bootstrap we had two other options:
+
+**API to bootstrap**
+
+This is problematic because it cannot be coordinated from a single service file
+and we didn't want to have the etcd socket listening but unresponsive to
+clients for an unbound period of time.
+
+It would look something like this:
+
+```
+ExecStart=/usr/bin/etcd
+ExecStartPost/usr/bin/etcd init localhost:2379 --cluster=
+```
+
+**etcd init subcommand**
+
+```
+etcd init --cluster='default=http://localhost:2380,default=http://localhost:7001'...
+etcd init --discovery https://discovery-example.etcd.io/193e4
+```
+
+Then after running an init step you would execute `etcd`. This however
+introduced problems: we now have to define a hand-off protocol between the etcd
+init process and the etcd binary itself. This is hard to coordinate in a single
+service file such as:
+
+```
+ExecStartPre=/usr/bin/etcd init --cluster=....
+ExecStart=/usr/bin/etcd
+```
+
+There are several error cases:
+
+0) Init has already run and the data directory is already configured
+1) Discovery fails because of network timeout, etc
+2) Discovery fails because the cluster is already full and etcd needs to fall back to proxy
+3) Static cluster configuration fails because of conflict, misconfiguration or timeout
+
+In hindsight we could have made this work by doing:
+
+```
+rc	status
+0	Init already ran
+1	Discovery fails on network timeout, etc
+0	Discovery fails for cluster full, coordinate via proxy state file
+1	Static cluster configuration failed
+```
+
+Perhaps we can add the init command in a future version and deprecate if the UX
+continues to confuse people.
--- a/Documentation/internal-protocol-versioning.md
+++ b/Documentation/internal-protocol-versioning.md
@ -0,0 +1,61 @@
+# Versioning
+
+Goal: We want to be able to upgrade an individual peer in an etcd cluster to a newer version of etcd.
+The process will take the form of individual followers upgrading to the latest version until the entire cluster is on the new version.
+
+Immediate need: etcd is moving too fast to version the internal API right now.
+But, we need to keep mixed version clusters from being started by a rolling upgrade process (e.g. the CoreOS developer alpha).
+
+Longer term need: Having a mixed version cluster where all peers are not running the exact same version of etcd itself but are able to speak one version of the internal protocol.
+
+Solution: The internal protocol needs to be versioned just as the client protocol is.
+Initially during the 0.\*.\* series of etcd releases we won't allow mixed versions at all.
+
+## Join Control
+
+We will add a version field to the join command.
+But, who decides whether a newly upgraded follower should be able to join a cluster?
+
+### Leader Controlled
+
+If the leader controls the version of followers joining the cluster then it compares its version to the version number presented by the follower in the JoinCommand and rejects the join if the number is less than the leader's version number.
+
+Advantages
+
+- Leader controls all cluster decisions still
+
+Disadvantages
+
+- Follower knows better what versions of the internal protocol it can talk than the leader
+
+
+### Follower Controlled
+
+A newly upgraded follower should be able to figure out the leaders internal version from a defined internal backwards compatible API endpoint and figure out if it can join the cluster.
+If it cannot join the cluster then it simply exits.
+
+Advantages
+
+- The follower is running newer code and knows better if it can talk older protocols
+
+Disadvantages
+
+- This cluster decision isn't made by the leader
+
+## Recommendation
+
+To solve the immediate need and to plan for the future lets do the following:
+
+- Add Version field to JoinCommand
+- Have a joining follower read the Version field of the leader and if its own version doesn't match the leader then sleep for some random interval and retry later to see if the leader has upgraded.
+
+# Research
+
+## Zookeeper versioning
+
+Zookeeper very recently added versioning into the protocol and it doesn't seem to have seen any use yet.
+https://issues.apache.org/jira/browse/ZOOKEEPER-1633
+
+## doozerd
+
+doozerd stores the version number of the peers in the datastore for other clients to check, no decisions are made off of this number currently.
--- a/Documentation/libraries-and-tools.md
+++ b/Documentation/libraries-and-tools.md
@ -0,0 +1,124 @@
+# Libraries and Tools
+
+**Tools**
+
+- [etcdctl](https://github.com/coreos/etcd/tree/master/etcdctl) - A command line client for etcd
+- [etcd-backup](https://github.com/fanhattan/etcd-backup) - A powerful command line utility for dumping/restoring etcd - Supports v2
+- [etcd-dump](https://npmjs.org/package/etcd-dump) - Command line utility for dumping/restoring etcd.
+- [etcd-fs](https://github.com/xetorthio/etcd-fs) - FUSE filesystem for etcd
+- [etcddir](https://github.com/rekby/etcddir) - Realtime sync etcd and local directory. Work with windows and linux.
+- [etcd-browser](https://github.com/henszey/etcd-browser) - A web-based key/value editor for etcd using AngularJS
+- [etcd-lock](https://github.com/datawisesystems/etcd-lock) - Master election & distributed r/w lock implementation using etcd - Supports v2
+- [etcd-console](https://github.com/matishsiao/etcd-console) - A web-base key/value editor for etcd using PHP
+- [etcd-viewer](https://github.com/nikfoundas/etcd-viewer) - An etcd key-value store editor/viewer written in Java
+- [etcdtool](https://github.com/mickep76/etcdtool) - Export/Import/Edit etcd directory as JSON/YAML/TOML and Validate directory using JSON schema
+- [etcd-rest](https://github.com/mickep76/etcd-rest) - Create generic REST API in Go using etcd as a backend with validation using JSON schema
+- [etcdsh](https://github.com/kamilhark/etcdsh) - A command line client with support of command history and tab completion. Supports v2
+
+**Go libraries**
+
+- [etcd/client](https://github.com/coreos/etcd/blob/master/client) - the officially maintained Go client
+- [go-etcd](https://github.com/coreos/go-etcd) - the deprecated official client. May be useful for older (<2.0.0) versions of etcd.
+
+**Java libraries**
+
+- [boonproject/etcd](https://github.com/boonproject/boon/blob/master/etcd/README.md) - Supports v2, Async/Sync and waits
+- [justinsb/jetcd](https://github.com/justinsb/jetcd)
+- [diwakergupta/jetcd](https://github.com/diwakergupta/jetcd) - Supports v2
+- [jurmous/etcd4j](https://github.com/jurmous/etcd4j) - Supports v2, Async/Sync, waits and SSL
+- [AdoHe/etcd4j](http://github.com/AdoHe/etcd4j) - Supports v2 (enhance for real production cluster)
+
+**Python libraries**
+
+- [jplana/python-etcd](https://github.com/jplana/python-etcd) - Supports v2
+- [russellhaering/txetcd](https://github.com/russellhaering/txetcd) - a Twisted Python library
+- [cholcombe973/autodock](https://github.com/cholcombe973/autodock) - A docker deployment automation tool
+- [lisael/aioetcd](https://github.com/lisael/aioetcd) - (Python 3.4+) Asyncio coroutines client (Supports v2)
+
+**Node libraries**
+
+- [stianeikeland/node-etcd](https://github.com/stianeikeland/node-etcd) - Supports v2 (w Coffeescript)
+- [lavagetto/nodejs-etcd](https://github.com/lavagetto/nodejs-etcd) - Supports v2
+- [deedubs/node-etcd-config](https://github.com/deedubs/node-etcd-config) - Supports v2
+
+**Ruby libraries**
+
+- [iconara/etcd-rb](https://github.com/iconara/etcd-rb)
+- [jpfuentes2/etcd-ruby](https://github.com/jpfuentes2/etcd-ruby)
+- [ranjib/etcd-ruby](https://github.com/ranjib/etcd-ruby) - Supports v2
+
+**C libraries**
+
+- [jdarcy/etcd-api](https://github.com/jdarcy/etcd-api) - Supports v2
+- [shafreeck/cetcd](https://github.com/shafreeck/cetcd) - Supports v2
+
+**C++ libraries**
+- [edwardcapriolo/etcdcpp](https://github.com/edwardcapriolo/etcdcpp) - Supports v2
+- [suryanathan/etcdcpp](https://github.com/suryanathan/etcdcpp) - Supports v2 (with waits)
+
+**Clojure libraries**
+
+- [aterreno/etcd-clojure](https://github.com/aterreno/etcd-clojure)
+- [dwwoelfel/cetcd](https://github.com/dwwoelfel/cetcd) - Supports v2
+- [rthomas/clj-etcd](https://github.com/rthomas/clj-etcd) - Supports v2
+
+**Erlang libraries**
+
+- [marshall-lee/etcd.erl](https://github.com/marshall-lee/etcd.erl)
+
+**.Net Libraries**
+
+- [wangjia184/etcdnet](https://github.com/wangjia184/etcdnet) - Supports v2
+- [drusellers/etcetera](https://github.com/drusellers/etcetera)
+
+**PHP Libraries**
+
+- [linkorb/etcd-php](https://github.com/linkorb/etcd-php)
+
+**Haskell libraries**
+
+- [wereHamster/etcd-hs](https://github.com/wereHamster/etcd-hs)
+
+**R libraries**
+
+- [ropensci/etseed](https://github.com/ropensci/etseed)
+
+**Tcl libraries**
+
+- [efrecon/etcd-tcl](https://github.com/efrecon/etcd-tcl) - Supports v2, except wait.
+
+**Chef Integration**
+
+- [coderanger/etcd-chef](https://github.com/coderanger/etcd-chef)
+
+**Chef Cookbook**
+
+- [spheromak/etcd-cookbook](https://github.com/spheromak/etcd-cookbook)
+
+**BOSH Releases**
+
+- [cloudfoundry-community/etcd-boshrelease](https://github.com/cloudfoundry-community/etcd-boshrelease)
+- [cloudfoundry/cf-release](https://github.com/cloudfoundry/cf-release/tree/master/jobs/etcd)
+
+**Projects using etcd**
+
+- [binocarlos/yoda](https://github.com/binocarlos/yoda) - etcd + ZeroMQ
+- [calavera/active-proxy](https://github.com/calavera/active-proxy) - HTTP Proxy configured with etcd
+- [derekchiang/etcdplus](https://github.com/derekchiang/etcdplus) - A set of distributed synchronization primitives built upon etcd
+- [go-discover](https://github.com/flynn/go-discover) - service discovery in Go
+- [gleicon/goreman](https://github.com/gleicon/goreman/tree/etcd) - Branch of the Go Foreman clone with etcd support
+- [garethr/hiera-etcd](https://github.com/garethr/hiera-etcd) - Puppet hiera backend using etcd
+- [mattn/etcd-vim](https://github.com/mattn/etcd-vim) - SET and GET keys from inside vim
+- [mattn/etcdenv](https://github.com/mattn/etcdenv) - "env" shebang with etcd integration
+- [kelseyhightower/confd](https://github.com/kelseyhightower/confd) - Manage local app config files using templates and data from etcd
+- [configdb](https://git.autistici.org/ai/configdb/tree/master) - A REST relational abstraction on top of arbitrary database backends, aimed at storing configs and inventories.
+- [scrz](https://github.com/scrz/scrz) - Container manager, stores configuration in etcd.
+- [fleet](https://github.com/coreos/fleet) - Distributed init system
+- [kubernetes/kubernetes](https://github.com/kubernetes/kubernetes) - Container cluster manager introduced by Google.
+- [mailgun/vulcand](https://github.com/mailgun/vulcand) - HTTP proxy that uses etcd as a configuration backend.
+- [duedil-ltd/discodns](https://github.com/duedil-ltd/discodns) - Simple DNS nameserver using etcd as a database for names and records.
+- [skynetservices/skydns](https://github.com/skynetservices/skydns) - RFC compliant DNS server
+- [xordataexchange/crypt](https://github.com/xordataexchange/crypt) - Securely store values in etcd using GPG encryption
+- [spf13/viper](https://github.com/spf13/viper) - Go configuration library, reads values from ENV, pflags, files, and etcd with optional encryption
+- [lytics/metafora](https://github.com/lytics/metafora) - Go distributed task library
+- [ryandoyle/nss-etcd](https://github.com/ryandoyle/nss-etcd) - A GNU libc NSS module for resolving names from etcd.
--- a/Documentation/members_api.md
+++ b/Documentation/members_api.md
@ -0,0 +1,120 @@
+# Members API
+
+* [List members](#list-members)
+* [Add a member](#add-a-member)
+* [Delete a member](#delete-a-member)
+* [Change the peer urls of a member](#change-the-peer-urls-of-a-member)
+
+## List members
+
+Return an HTTP 200 OK response code and a representation of all members in the etcd cluster.
+
+### Request
+
+```
+GET /v2/members HTTP/1.1
+```
+
+### Example
+
+```sh
+curl http://10.0.0.10:2379/v2/members
+```
+
+```json
+{
+    "members": [
+        {
+            "id": "272e204152",
+            "name": "infra1",
+            "peerURLs": [
+                "http://10.0.0.10:2380"
+            ],
+            "clientURLs": [
+                "http://10.0.0.10:2379"
+            ]
+        },
+        {
+            "id": "2225373f43",
+            "name": "infra2",
+            "peerURLs": [
+                "http://10.0.0.11:2380"
+            ],
+            "clientURLs": [
+                "http://10.0.0.11:2379"
+            ]
+        },
+    ]
+}
+```
+
+## Add a member
+
+Returns an HTTP 201 response code and the representation of added member with a newly generated a memberID when successful. Returns a string describing the failure condition when unsuccessful.
+
+If the POST body is malformed an HTTP 400 will be returned. If the member exists in the cluster or existed in the cluster at some point in the past an HTTP 409 will be returned. If any of the given peerURLs exists in the cluster an HTTP 409 will be returned. If the cluster fails to process the request within timeout an HTTP 500 will be returned, though the request may be processed later.
+
+### Request
+
+```
+POST /v2/members HTTP/1.1
+
+{"peerURLs": ["http://10.0.0.10:2380"]}
+```
+
+### Example
+
+```sh
+curl http://10.0.0.10:2379/v2/members -XPOST \
+-H "Content-Type: application/json" -d '{"peerURLs":["http://10.0.0.10:2380"]}'
+```
+
+```json
+{
+    "id": "3777296169",
+    "peerURLs": [
+        "http://10.0.0.10:2380"
+    ]
+}
+```
+
+## Delete a member
+
+Remove a member from the cluster. The member ID must be a hex-encoded uint64.
+Returns 204 with empty content when successful. Returns a string describing the failure condition when unsuccessful.
+
+If the member does not exist in the cluster an HTTP 500(TODO: fix this) will be returned. If the cluster fails to process the request within timeout an HTTP 500 will be returned, though the request may be processed later.
+
+### Request
+
+```
+DELETE /v2/members/<id> HTTP/1.1
+```
+
+### Example
+
+```sh
+curl http://10.0.0.10:2379/v2/members/272e204152 -XDELETE
+```
+
+## Change the peer urls of a member
+
+Change the peer urls of a given member. The member ID must be a hex-encoded uint64. Returns 204 with empty content when successful. Returns a string describing the failure condition when unsuccessful.
+
+If the POST body is malformed an HTTP 400 will be returned. If the member does not exist in the cluster an HTTP 404 will be returned. If any of the given peerURLs exists in the cluster an HTTP 409 will be returned. If the cluster fails to process the request within timeout an HTTP 500 will be returned, though the request may be processed later.
+
+### Request
+
+```
+PUT /v2/members/<id> HTTP/1.1
+
+{"peerURLs": ["http://10.0.0.10:2380"]}
+```
+
+### Example
+
+```sh
+curl http://10.0.0.10:2379/v2/members/272e204152 -XPUT \
+-H "Content-Type: application/json" -d '{"peerURLs":["http://10.0.0.10:2380"]}'
+```
+
--- a/Documentation/metrics.md
+++ b/Documentation/metrics.md
@ -0,0 +1,134 @@
+# Metrics
+
+**NOTE: The metrics feature is considered experimental. We may add/change/remove metrics without warning in future releases.**
+
+etcd uses [Prometheus][prometheus] for metrics reporting in the server. The metrics can be used for real-time monitoring and debugging.
+etcd only stores these data in memory. If a member restarts, metrics will reset.
+
+The simplest way to see the available metrics is to cURL the metrics endpoint `/metrics` of etcd. The format is described [here](http://prometheus.io/docs/instrumenting/exposition_formats/).
+
+Follow the [Prometheus getting started doc][prometheus-getting-started] to spin up a Prometheus server to collect etcd metrics.
+
+The naming of metrics follows the suggested [best practice of Prometheus][prometheus-naming]. A metric name has an `etcd` prefix as its namespace and a subsystem prefix (for example `wal` and `etcdserver`).
+
+etcd now exposes the following metrics:
+
+## etcdserver
+
+| Name                                    | Description                                      | Type      |
+|-----------------------------------------|--------------------------------------------------|-----------|
+| file_descriptors_used_total             | The total number of file descriptors used        | Gauge     |
+| proposal_durations_seconds              | The latency distributions of committing proposal | Histogram |
+| pending_proposal_total                  | The total number of pending proposals            | Gauge     |
+| proposal_failed_total                   | The total number of failed proposals             | Counter   |
+
+High file descriptors (`file_descriptors_used_total`) usage (near the file descriptors limitation of the process) indicates a potential out of file descriptors issue. That might cause etcd fails to create new WAL files and panics.
+
+[Proposal][glossary-proposal] durations (`proposal_durations_seconds`) provides a histogram about the proposal commit latency. Latency can be introduced into this process by network and disk IO.
+
+Pending proposal (`pending_proposal_total`) gives you an idea about how many proposal are in the queue and waiting for commit. An increasing pending number indicates a high client load or an unstable cluster.
+
+Failed proposals (`proposal_failed_total`) are normally related to two issues: temporary failures related to a leader election or longer duration downtime caused by a loss of quorum in the cluster.
+
+## wal
+
+| Name                               | Description                                      | Type      |
+|------------------------------------|--------------------------------------------------|-----------|
+| fsync_durations_seconds            | The latency distributions of fsync called by wal | Histogram |
+| last_index_saved                   | The index of the last entry saved by wal         | Gauge     |
+
+Abnormally high fsync duration (`fsync_durations_seconds`) indicates disk issues and might cause the cluster to be unstable.
+
+
+## http requests
+
+These metrics describe the serving of requests (non-watch events) served by etcd members in non-proxy mode: total 
+incoming requests, request failures and processing latency (inc. raft rounds for storage). They are useful for tracking
+ user-generated traffic hitting the etcd cluster . 
+
+All these metrics are prefixed with `etcd_http_`
+
+| Name                           | Description                                                                         | Type                   |
+|--------------------------------|-----------------------------------------------------------------------------------------|--------------------|
+| received_total                 | Total number of events after parsing and auth.                                      | Counter(method)        |
+| failed_total                   | Total number of failed events.                                                      | Counter(method,error)  |
+| successful_duration_second     |  Bucketed handling times of the requests, including raft rounds for writes.          | Histogram(method)      |
+
+
+Example Prometheus queries that may be useful from these metrics (across all etcd members):
+ 
+ * `sum(rate(etcd_http_failed_total{job="etcd"}[1m]) by (method) / sum(rate(etcd_http_events_received_total{job="etcd"})[1m]) by (method)` 
+    
+    Shows the fraction of events that failed by HTTP method across all members, across a time window of `1m`.
+ 
+ * `sum(rate(etcd_http_received_total{job="etcd",method="GET})[1m]) by (method)`
+   `sum(rate(etcd_http_received_total{job="etcd",method~="GET})[1m]) by (method)`
+    
+    Shows the rate of successful readonly/write queries across all servers, across a time window of `1m`.
+    
+ * `histogram_quantile(0.9, sum(increase(etcd_http_successful_processing_seconds{job="etcd",method="GET"}[5m]) ) by (le))`
+   `histogram_quantile(0.9, sum(increase(etcd_http_successful_processing_seconds{job="etcd",method!="GET"}[5m]) ) by (le))`
+    
+    Show the 0.90-tile latency (in seconds) of read/write (respectively) event handling across all members, with a window of `5m`.      
+
+## snapshot
+
+| Name                                       | Description                                                | Type      |
+|--------------------------------------------|------------------------------------------------------------|-----------|
+| snapshot_save_total_durations_seconds      | The total latency distributions of save called by snapshot | Histogram |
+
+Abnormally high snapshot duration (`snapshot_save_total_durations_seconds`) indicates disk issues and might cause the cluster to be unstable.
+
+
+## rafthttp
+
+| Name                              | Description                                | Type         | Labels                         |
+|-----------------------------------|--------------------------------------------|--------------|--------------------------------|
+| message_sent_latency_seconds      | The latency distributions of messages sent | HistogramVec | sendingType, msgType, remoteID |
+| message_sent_failed_total         | The total number of failed messages sent   | Summary      | sendingType, msgType, remoteID |
+
+
+Abnormally high message duration (`message_sent_latency_seconds`) indicates network issues and might cause the cluster to be unstable.
+
+An increase in message failures (`message_sent_failed_total`) indicates more severe network issues and might cause the cluster to be unstable.
+
+Label `sendingType` is the connection type to send messages. `message`, `msgapp` and `msgappv2` use HTTP streaming, while `pipeline` does HTTP request for each message.
+
+Label `msgType` is the type of raft message. `MsgApp` is log replication message; `MsgSnap` is snapshot install message; `MsgProp` is proposal forward message; the others are used to maintain raft internal status. If you have a large snapshot, you would expect a long msgSnap sending latency. For other types of messages, you would expect low latency, which is comparable to your ping latency if you have enough network bandwidth.
+
+Label `remoteID` is the member ID of the message destination.
+
+
+## proxy
+
+etcd members operating in proxy mode do not do store operations. They forward all requests
+ to cluster instances.
+
+Tracking the rate of requests coming from a proxy allows one to pin down which machine is performing most reads/writes.
+
+All these metrics are prefixed with `etcd_proxy_`
+
+| Name                      | Description                                                                         | Type                   |
+|---------------------------|-----------------------------------------------------------------------------------------|--------------------|
+| requests_total            | Total number of requests by this proxy instance.    .                               | Counter(method)        |
+| handled_total             | Total number of fully handled requests, with responses from etcd members.           | Counter(method)        |
+| dropped_total             | Total number of dropped requests due to forwarding errors to etcd members.          | Counter(method,error)  |
+| handling_duration_seconds | Bucketed handling times by HTTP method, including round trip to member instances.   | Histogram(method)      |  
+
+Example Prometheus queries that may be useful from these metrics (across all etcd servers):
+
+ *  `sum(rate(etcd_proxy_handled_total{job="etcd"}[1m])) by (method)`
+    
+    Rate of requests (by HTTP method) handled by all proxies, across a window of `1m`. 
+ * `histogram_quantile(0.9, sum(increase(etcd_proxy_events_handling_time_seconds_bucket{job="etcd",method="GET"}[5m])) by (le))`
+   `histogram_quantile(0.9, sum(increase(etcd_proxy_events_handling_time_seconds_bucket{job="etcd",method!="GET"}[5m])) by (le))`
+    
+    Show the 0.90-tile latency (in seconds) of handling of user requests across all proxy machines, with a window of `5m`.  
+ * `sum(rate(etcd_proxy_dropped_total{job="etcd"}[1m])) by (proxying_error)`
+    
+    Number of failed request on the proxy. This should be 0, spikes here indicate connectivity issues to etcd cluster.
+
+[glossary-proposal]: glossary.md#proposal
+[prometheus]: http://prometheus.io/
+[prometheus-getting-started](http://prometheus.io/docs/introduction/getting_started/)
+[prometheus-naming]: http://prometheus.io/docs/practices/naming/
--- a/Documentation/other_apis.md
+++ b/Documentation/other_apis.md
@ -0,0 +1,28 @@
+# Miscellaneous APIs
+
+* [Getting the etcd version](#getting-the-etcd-version)
+* [Checking health of an etcd member node](#checking-health-of-an-etcd-member-node)
+
+## Getting the etcd version
+
+The etcd version of a specific instance can be obtained from the `/version` endpoint.
+
+```sh
+curl -L http://127.0.0.1:2379/version
+```
+
+```
+etcd 2.0.12
+```
+
+## Checking health of an etcd member node
+
+etcd provides a `/health` endpoint to verify the health of a particular member.
+
+```sh
+curl http://10.0.0.10:2379/health
+```
+
+```json
+{"health": "true"}
+```
--- a/Documentation/platforms/freebsd.md
+++ b/Documentation/platforms/freebsd.md
@ -0,0 +1,62 @@
+# FreeBSD
+
+Starting with version 0.1.2 both etcd and etcdctl have been ported to FreeBSD and can
+be installed either via packages or ports system. Their versions have been recently
+updated to 0.2.0 so now you can enjoy using etcd and etcdctl on FreeBSD 10.0 (RC4 as
+of now) and 9.x where they have been tested. They might also work when installed from
+ports on earlier versions of FreeBSD, but your mileage may vary.
+
+## Installation
+
+### Using pkgng package system
+
+1. If you do not have pkgng installed, install it with command `pkg` and answering 'Y'
+when asked
+
+2. Update your repository data with `pkg update`
+
+3. Install etcd with `pkg install coreos-etcd coreos-etcdctl`
+
+4. Verify successful installation with `pkg info | grep etcd` and you should get:
+
+```
+r@fbsd10:/ # pkg info | grep etcd
+coreosetcd0.2.0              Highlyavailable key value store and service discovery
+coreosetcdctl0.2.0           Simple commandline client for etcd
+r@fbsd10:/ #
+```
+
+5. You’re ready to use etcd and etcdctl! For more information about using pkgng, please
+see: http://www.freebsd.org/doc/handbook/pkgngintro.html
+ 
+### Using ports system
+
+1. If you do not have ports installed, install with with `portsnap fetch extract` (it
+may take some time depending on your hardware and network connection)
+
+2. Build etcd with `cd /usr/ports/devel/etcd && make install clean`, you
+will get an option to build and install documentation and etcdctl with it.
+
+3. If you haven't installed it with etcdctl, and you would like to install it later, you can build it
+with `cd /usr/ports/devel/etcdctl && make install clean`
+
+4. Verify successful installation with `pkg info | grep etcd` and you should get:
+ 
+
+```
+r@fbsd10:/ # pkg info | grep etcd
+coreosetcd0.2.0              Highlyavailable key value store and service discovery
+coreosetcdctl0.2.0           Simple commandline client for etcd
+r@fbsd10:/ #
+```
+
+5. You’re ready to use etcd and etcdctl! For more information about using ports system,
+please see: https://www.freebsd.org/doc/handbook/portsusing.html
+
+## Issues
+
+If you find any issues with the build/install procedure or you've found a problem that
+you've verified is local to FreeBSD version only (for example, by not being able to
+reproduce it on any other platform, like OSX or Linux), please sent a
+problem report using this page for more
+information: http://www.freebsd.org/sendpr.html
--- a/Documentation/production-users.md
+++ b/Documentation/production-users.md
@ -0,0 +1,51 @@
+# Production Users
+
+This document tracks people and use cases for etcd in production. By creating a list of production use cases we hope to build a community of advisors that we can reach out to with experience using various etcd applications, operation environments, and cluster sizes. The etcd development team may reach out periodically to check-in on your experience and update this list.
+
+## discovery.etcd.io
+
+- *Application*: https://github.com/coreos/discovery.etcd.io
+- *Launched*: Feb. 2014
+- *Cluster Size*: 5 members, 5 discovery proxies
+- *Order of Data Size*: 100s of Megabytes
+- *Operator*: CoreOS, brandon.philips@coreos.com
+- *Environment*: AWS
+- *Backups*: Periodic async to S3
+
+discovery.etcd.io is the longest continuously running etcd backed service that we know about. It is the basis of automatic cluster bootstrap and was launched in Feb. 2014: https://coreos.com/blog/etcd-0.3.0-released/.
+
+## OpenTable
+
+- *Application*: OpenTable internal service discovery and cluster configuration management
+- *Launched*: May 2014
+- *Cluster Size*: 3 members each in 6 independent clusters; approximately 50 nodes reading / writing
+- *Order of Data Size*: 10s of MB
+- *Operator*: OpenTable, Inc; sschlansker@opentable.com
+- *Environment*: AWS, VMWare
+- *Backups*: None, all data can be re-created if necessary.
+
+## cycoresys.com
+
+- *Application*: multiple
+- *Launched*: Jul. 2014
+- *Cluster Size*: 3 members, _n_ proxies
+- *Order of Data Size*: 100s of kilobytes
+- *Operator*: CyCore Systems, Inc, sys@cycoresys.com
+- *Environment*: Baremetal
+- *Backups*: Periodic sync to Ceph RadosGW and DigitalOcean VM
+
+CyCore Systems provides architecture and engineering for computing systems.  This cluster provides microservices, virtual machines, databases, storage clusters to a number of clients.  It is built on CoreOS machines, with each machine in the cluster running etcd as a peer or proxy.
+
+## Radius Intelligence
+
+- *Application*: multiple internal tools, Kubernetes clusters, bootstrappable system configs
+- *Launched*: June 2015
+- *Cluster Size*: 2 clusters of 5 and 3 members; approximately a dozen nodes read/write
+- *Order of Data Size*: 100s of kilobytes
+- *Operator*: Radius Intelligence; jcderr@radius.com
+- *Environment*: AWS, CoreOS, Kubernetes
+- *Backups*: None, all data can be recreated if necessary.
+
+Radius Intelligence uses Kubernetes running CoreOS to containerize and scale internal toolsets. Examples include running [JetBrains TeamCity][teamcity] and internal AWS security and cost reporting tools. etcd clusters back these clusters as well as provide some basic environment bootstrapping configuration keys.
+
+[teamcity]: https://www.jetbrains.com/teamcity/
--- a/Documentation/proxy.md
+++ b/Documentation/proxy.md
@ -0,0 +1,153 @@
+# Proxy
+
+etcd can run as a transparent proxy. Doing so allows for easy discovery of etcd within your infrastructure, since it can run on each machine as a local service. In this mode, etcd acts as a reverse proxy and forwards client requests to an active etcd cluster. The etcd proxy does not participate in the consensus replication of the etcd cluster, thus it neither increases the resilience nor decreases the write performance of the etcd cluster.
+
+etcd currently supports two proxy modes: `readwrite` and `readonly`. The default mode is `readwrite`, which forwards both read and write requests to the etcd cluster. A `readonly` etcd proxy only forwards read requests to the etcd cluster, and returns `HTTP 501` to all write requests.
+
+The proxy will shuffle the list of cluster members periodically to avoid sending all connections to a single member.
+
+The member list used by an etcd proxy consists of all client URLs advertised in the cluster. These client URLs are specified in each etcd cluster member's `advertise-client-urls` option.
+
+An etcd proxy examines several command-line options to discover its peer URLs. In order of precedence, these options are `discovery`, `discovery-srv`, and `initial-cluster`. The `initial-cluster` option is set to a comma-separated list of one or more etcd peer URLs used temporarily in order to discover the permanent cluster.
+
+After establishing a list of peer URLs in this manner, the proxy retrieves the list of client URLs from the first reachable peer. These client URLs are specified by the `advertise-client-urls` option to etcd peers. The proxy then continues to connect to the first reachable etcd cluster member every thirty seconds to refresh the list of client URLs.
+
+While etcd proxies therefore do not need to be given the `advertise-client-urls` option, as they retrieve this configuration from the cluster, this implies that `initial-cluster` must be set correctly for every proxy, and the `advertise-client-urls` option must be set correctly for every non-proxy, first-order cluster peer. Otherwise, requests to any etcd proxy would be forwarded improperly. Take special care not to set the `advertise-client-urls` option to URLs that point to the proxy itself, as such a configuration will cause the proxy to enter a loop, forwarding requests to itself until resources are exhausted. To correct either case, stop etcd and restart it with the correct URLs.
+
+[This example Procfile][procfile] illustrates the difference in the etcd peer and proxy command lines used to configure and start a cluster with one proxy under the [goreman process management utility][goreman].
+
+To summarize etcd proxy startup and peer discovery:
+
+1. etcd proxies execute the following steps in order until the cluster *peer-urls* are known:
+	1. If `discovery` is set for the proxy, ask the given discovery service for
+	   the *peer-urls*. The *peer-urls* will be the combined
+	   `initial-advertise-peer-urls` of all first-order, non-proxy cluster
+	   members.
+	2. If `discovery-srv` is set for the proxy, the *peer-urls* are discovered
+	   from DNS.
+	3. If `initial-cluster` is set for the proxy, that will become the value of
+	   *peer-urls*.
+	4. Otherwise use the default value of
+	   `http://localhost:2380,http://localhost:7001`.
+2. These *peer-urls* are used to contact the (non-proxy) members of the cluster
+   to find their *client-urls*. The *client-urls* will thus be the combined
+   `advertise-client-urls` of all cluster members (i.e. non-proxies).
+3. Request of clients of the proxy will be forwarded (proxied) to these
+   *client-urls*.
+
+Always start the first-order etcd cluster members first, then any proxies. A proxy must be able to reach the cluster members to retrieve its configuration, and will attempt connections somewhat aggressively in the absence of such a channel. Starting the members before any proxy ensures the proxy can discover the client URLs when it later starts.
+
+## Using an etcd proxy
+To start etcd in proxy mode, you need to provide three flags: `proxy`, `listen-client-urls`, and `initial-cluster` (or `discovery`).
+
+To start a readwrite proxy, set `-proxy on`; To start a readonly proxy, set `-proxy readonly`.
+
+The proxy will be listening on `listen-client-urls` and forward requests to the etcd cluster discovered from in `initial-cluster` or `discovery` url.
+
+### Start an etcd proxy with a static configuration
+To start a proxy that will connect to a statically defined etcd cluster, specify the `initial-cluster` flag:
+
+```
+etcd --proxy on \
+--listen-client-urls http://127.0.0.1:2379 \
+--initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380
+```
+
+### Start an etcd proxy with the discovery service
+If you bootstrap an etcd cluster using the [discovery service][discovery-service], you can also start the proxy with the same `discovery`.
+
+To start a proxy using the discovery service, specify the `discovery` flag. The proxy will wait until the etcd cluster defined at the `discovery` url finishes bootstrapping, and then start to forward the requests.
+
+```
+etcd --proxy on \
+--listen-client-urls http://127.0.0.1:2379 \
+--discovery https://discovery.etcd.io/3e86b59982e49066c5d813af1c2e2579cbf573de \
+```
+
+## Fallback to proxy mode with discovery service
+
+If you bootstrap an etcd cluster using [discovery service][discovery-service] with more than the expected number of etcd members, the extra etcd processes will fall back to being `readwrite` proxies by default. They will forward the requests to the cluster as described above. For example, if you create a discovery url with `size=5`, and start ten etcd processes using that same discovery url, the result will be a cluster with five etcd members and five proxies. Note that this behaviour can be disabled with the `discovery-fallback='exit'` flag.
+
+## Promote a proxy to a member of etcd cluster
+
+A Proxy is in the part of etcd cluster that does not participate in consensus. A proxy will not promote itself to an etcd member that participates in consensus automatically in any case.
+
+If you want to promote a proxy to an etcd member, there are four steps you need to follow:
+
+- use etcdctl to add the proxy node as an etcd member into the existing cluster
+- stop the etcd proxy process or service
+- remove the existing proxy data directory
+- restart the etcd process with new member configuration
+
+## Example
+
+We assume you have a one member etcd cluster with one proxy. The cluster information is listed below:
+
+|Name|Address|
+|------|---------|
+|infra0|10.0.1.10|
+|proxy0|10.0.1.11|
+
+This example walks you through a case that you promote one proxy to an etcd member. The cluster will become a two member cluster after finishing the four steps.
+
+### Add a new member into the existing cluster
+
+First, use etcdctl to add the member to the cluster, which will output the environment variables need to correctly configure the new member:
+
+``` bash
+$ etcdctl -endpoint http://10.0.1.10:2379 member add infra1 http://10.0.1.11:2380
+added member 9bf1b35fc7761a23 to cluster
+
+ETCD_NAME="infra1"
+ETCD_INITIAL_CLUSTER="infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380"
+ETCD_INITIAL_CLUSTER_STATE=existing
+```
+
+### Stop the proxy process
+
+Stop the existing proxy so we can wipe it's state on disk and reload it with the new configuration:
+
+``` bash
+px aux | grep etcd
+kill %etcd_proxy_pid%
+```
+
+or (if you are running etcd proxy as etcd service under systemd)
+
+``` bash
+sudo systemctl stop etcd
+```
+
+### Remove the existing proxy data dir
+
+``` bash
+rm -rf %data_dir%/proxy
+```
+
+### Start etcd as a new member
+
+Finally, start the reconfigured member and make sure it joins the cluster correctly:
+
+``` bash
+$ export ETCD_NAME="infra1"
+$ export ETCD_INITIAL_CLUSTER="infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380"
+$ export ETCD_INITIAL_CLUSTER_STATE=existing
+$ etcd --listen-client-urls http://10.0.1.11:2379 \
+--advertise-client-urls http://10.0.1.11:2379 \
+--listen-peer-urls http://10.0.1.11:2380 \
+--initial-advertise-peer-urls http://10.0.1.11:2380 \
+--data-dir %data_dir%
+```
+
+If you are running etcd under systemd, you should modify the service file with correct configuration and restart the service:
+
+``` bash
+sudo systemd restart etcd
+```
+
+If an error occurs, check the [add member troubleshooting doc][runtime-configuration].
+
+[discovery-service]: clustering.md#discovery
+[goreman]: https://github.com/mattn/goreman
+[procfile]: /Procfile
+[runtime-configuration]: runtime-configuration.md#error-cases-when-adding-members
--- a/Documentation/reporting_bugs.md
+++ b/Documentation/reporting_bugs.md
@ -0,0 +1,45 @@
+# Reporting Bugs
+
+If you find bugs or documentation mistakes in the etcd project, please let us know by [opening an issue][issue]. We treat bugs and mistakes very seriously and believe no issue is too small. Before creating a bug report, please check that an issue reporting the same problem does not already exist.
+
+To make your bug report accurate and easy to understand, please try to create bug reports that are:
+
+- Specific. Include as much details as possible: which version, what environment, what configuration, etc. You can also attach etcd log (the starting log with etcd configuration is especially important).
+
+- Reproducible. Include the steps to reproduce the problem. We understand some issues might be hard to reproduce, please includes the steps that might lead to the problem. You can also attach the affected etcd data dir and stack strace to the bug report.
+
+- Isolated. Please try to isolate and reproduce the bug with minimum dependencies. It would significantly slow down the speed to fix a bug if too many dependencies are involved in a bug report. Debugging external systems that rely on etcd is out of scope, but we are happy to point you in the right direction or help you interact with etcd in the correct manner.
+
+- Unique. Do not duplicate existing bug report.
+
+- Scoped. One bug per report. Do not follow up with another bug inside one report.
+
+You might also want to read [Elika Etemad’s article on filing good bug reports][filing-good-bugs] before creating a bug report.
+
+We might ask you for further information to locate a bug. A duplicated bug report will be closed.
+
+## Frequently Asked Questions
+
+### How to get a stack trace
+
+``` bash
+$ kill -QUIT $PID
+```
+
+### How to get etcd version
+
+``` bash
+$ etcd --version
+```
+
+### How to get etcd configuration and log when it runs as systemd service ‘etcd2.service’
+
+``` bash
+$ sudo systemctl cat etcd2
+$ sudo journalctl -u etcd2
+```
+
+Due to an upstream systemd bug, journald may miss the last few log lines when its process exit. If journalctl tells you that etcd stops without fatal or panic message, you could try `sudo journalctl -f -t etcd2` to get full log.
+
+[etcd-issue]: https://github.com/coreos/etcd/issues/new
+[filing-good-bugs]: http://fantasai.inkedblade.net/style/talks/filing-good-bugs/
--- a/Documentation/rfc/v3api.md
+++ b/Documentation/rfc/v3api.md
@ -0,0 +1,211 @@
+# Overview
+
+The etcd v3 API is designed to give users a more efficient and cleaner abstraction compared to etcd v2. There are a number of semantic and protocol changes in this new API. For an overview [see Xiang Li's video](https://youtu.be/J5AioGtEPeQ?t=211).
+
+To prove out the design of the v3 API the team has also built [a number of example recipes](https://github.com/coreos/etcd/tree/master/contrib/recipes), there is a [video discussing these recipes too](https://www.youtube.com/watch?v=fj-2RY-3yVU&feature=youtu.be&t=590).
+
+# Design
+
+1. Flatten binary key-value space
+    
+2. Keep the event history until compaction
+    - access to old version of keys
+    - user controlled history compaction
+    
+3. Support range query
+    - Pagination support with limit argument
+    - Support consistency guarantee across multiple range queries
+    
+4. Replace TTL key with Lease
+    - more efficient/ low cost keep alive
+    - a logical group of TTL keys
+    
+5. Replace CAS/CAD with multi-object Txn
+    - MUCH MORE powerful and flexible
+    
+6. Support efficient watching with multiple ranges
+
+7. RPC API supports the completed set of APIs. 
+    - more efficient than JSON/HTTP
+    - additional txn/lease support
+
+8. HTTP API supports a subset of APIs.
+    - easy for people to try out etcd
+    - easy for people to write simple etcd application
+
+
+## Notes
+
+### Request Size Limitation
+
+The max request size is around 1MB. Since etcd replicates requests in a streaming fashion, a very large
+request might block other requests for a long time. The use case for etcd is to store small configuration
+values, so we prevent user from submitting large requests. This also applies to Txn requests. We might loosen
+the size in the future a little bit or make it configurable.
+
+## Protobuf Defined API
+
+[api protobuf][api-protobuf]
+
+[kv protobuf][kv-protobuf]
+
+## Examples
+
+### Put a key (foo=bar)
+```
+// A put is always successful
+Put( PutRequest { key = foo, value = bar } )
+
+PutResponse { 
+    cluster_id = 0x1000,
+    member_id = 0x1,
+    revision = 1,
+    raft_term = 0x1,
+}
+```
+
+### Get a key (assume we have foo=bar)
+```
+Get ( RangeRequest { key = foo } )
+
+RangeResponse {
+    cluster_id = 0x1000,
+    member_id = 0x1,
+    revision = 1,
+    raft_term = 0x1,
+    kvs = {
+      {
+          key = foo,
+          value = bar,
+          create_revision = 1,
+          mod_revision = 1,
+          version = 1;
+      },
+    },
+}
+```
+
+### Range over a key space (assume we have foo0=bar0… foo100=bar100)
+```
+Range ( RangeRequest { key = foo, end_key = foo80, limit = 30  } )
+
+RangeResponse {
+    cluster_id = 0x1000,
+    member_id = 0x1,
+    revision = 100,
+    raft_term = 0x1,
+    kvs = {
+      {
+          key = foo0,
+          value = bar0,
+          create_revision = 1,
+          mod_revision = 1,
+          version = 1;
+      },
+         ...,
+      {
+          key = foo30,
+          value = bar30,
+          create_revision = 30,
+          mod_revision = 30,
+          version = 1;
+      },
+    },
+}
+```
+
+### Finish a txn (assume we have foo0=bar0, foo1=bar1)
+```
+Txn(TxnRequest {
+    // mod_revision of foo0 is equal to 1, mod_revision of foo1 is greater than 1
+    compare = {
+        {compareType = equal, key = foo0, mod_revision = 1}, 
+        {compareType = greater, key = foo1, mod_revision = 1}}
+    },
+    // if the comparison succeeds, put foo2 = bar2
+    success = {PutRequest { key = foo2, value = success }},
+    // if the comparison fails, put foo2=fail
+    failure = {PutRequest { key = foo2, value = failure }},
+)
+
+TxnResponse {
+    cluster_id = 0x1000,
+    member_id = 0x1,
+    revision = 3,
+    raft_term = 0x1,
+    succeeded = true,
+    responses = {
+      // response of PUT foo2=success
+      {
+            cluster_id = 0x1000,
+            member_id = 0x1,
+            revision = 3,
+            raft_term = 0x1,
+        }
+    }
+}
+```
+
+### Watch on a key/range
+
+```
+Watch( WatchRequest{
+           key = foo,
+           end_key = fop, // prefix foo
+           start_revision = 20,
+           end_revision = 10000,
+           // server decided notification frequency
+           progress_notification = true,
+       } 
+       … // this can be a watch request stream
+      )
+
+// put (foo0=bar0) event at 3
+WatchResponse {
+    cluster_id = 0x1000,
+    member_id = 0x1,
+    revision = 3,
+    raft_term = 0x1,
+    event_type = put,
+    kv = {
+              key = foo0,
+              value = bar0,
+              create_revision = 1,
+              mod_revision = 1,
+              version = 1;
+          },
+    }
+    …
+    
+    // a notification at 2000
+    WatchResponse {
+        cluster_id = 0x1000,
+        member_id = 0x1,
+        revision = 2000,
+        raft_term = 0x1,
+        // nil event as notification
+    }
+    
+    … 
+    
+    // put (foo0=bar3000) event at 3000
+    WatchResponse {
+        cluster_id = 0x1000,
+        member_id = 0x1,
+        revision = 3000,
+        raft_term = 0x1,
+        event_type = put,
+        kv = {
+                key = foo0,
+                value = bar3000,
+                create_revision = 1,
+                mod_revision = 3000,
+                version = 2;
+          },
+    }
+    …
+    
+```
+
+[api-protobuf]: https://github.com/coreos/etcd/blob/master/etcdserver/etcdserverpb/rpc.proto
+[kv-protobuf]: https://github.com/coreos/etcd/blob/master/storage/storagepb/kv.proto
--- a/Documentation/runtime-configuration.md
+++ b/Documentation/runtime-configuration.md
@ -0,0 +1,184 @@
+# Runtime Reconfiguration
+
+etcd comes with support for incremental runtime reconfiguration, which allows users to update the membership of the cluster at run time.
+
+Reconfiguration requests can only be processed when the majority of the cluster members are functioning. It is **highly recommended** to always have a cluster size greater than two in production. It is unsafe to remove a member from a two member cluster. The majority of a two member cluster is also two. If there is a failure during the removal process, the cluster might not able to make progress and need to [restart from majority failure][majority failure].
+
+To better understand the design behind runtime reconfiguration, we suggest you read [the runtime reconfiguration document][runtime-reconf].
+
+## Reconfiguration Use Cases
+
+Let's walk through some common reasons for reconfiguring a cluster. Most of these just involve combinations of adding or removing a member, which are explained below under [Cluster Reconfiguration Operations][cluster-reconf].
+
+### Cycle or Upgrade Multiple Machines
+
+If you need to move multiple members of your cluster due to planned maintenance (hardware upgrades, network downtime, etc.), it is recommended to modify members one at a time.
+
+It is safe to remove the leader, however there is a brief period of downtime while the election process takes place. If your cluster holds more than 50MB, it is recommended to [migrate the member's data directory][member migration].
+
+### Change the Cluster Size
+
+Increasing the cluster size can enhance [failure tolerance][fault tolerance table] and provide better read performance. Since clients can read from any member, increasing the number of members increases the overall read throughput.
+
+Decreasing the cluster size can improve the write performance of a cluster, with a trade-off of decreased resilience. Writes into the cluster are replicated to a majority of members of the cluster before considered committed. Decreasing the cluster size lowers the majority, and each write is committed more quickly.
+
+### Replace A Failed Machine
+
+If a machine fails due to hardware failure, data directory corruption, or some other fatal situation, it should be replaced as soon as possible. Machines that have failed but haven't been removed adversely affect your quorum and reduce the tolerance for an additional failure.
+
+To replace the machine, follow the instructions for [removing the member][remove member] from the cluster, and then [add a new member][add member] in its place. If your cluster holds more than 50MB, it is recommended to [migrate the failed member's data directory][member migration] if you can still access it.
+
+### Restart Cluster from Majority Failure
+
+If the majority of your cluster is lost or all of your nodes have changed IP addresses, then you need to take manual action in order to recover safely.
+The basic steps in the recovery process include [creating a new cluster using the old data][disaster recovery], forcing a single member to act as the leader, and finally using runtime configuration to [add new members][add member] to this new cluster one at a time.
+
+## Cluster Reconfiguration Operations
+
+Now that we have the use cases in mind, let us lay out the operations involved in each.
+
+Before making any change, the simple majority (quorum) of etcd members must be available.
+This is essentially the same requirement as for any other write to etcd.
+
+All changes to the cluster are done one at a time:
+
+* To update a single member peerURLs you will make an update operation
+* To replace a single member you will make an add then a remove operation
+* To increase from 3 to 5 members you will make two add operations
+* To decrease from 5 to 3 you will make two remove operations
+
+All of these examples will use the `etcdctl` command line tool that ships with etcd.
+If you want to use the members API directly you can find the documentation [here][member-api].
+
+### Update a Member
+
+#### Update advertise client URLs
+
+If you would like to update the advertise client URLs of a member, you can simply restart
+that member with updated client urls flag (`--advertise-client-urls`) or environment variable
+(`ETCD_ADVERTISE_CLIENT_URLS`). The restarted member will self publish the updated URLs.
+A wrongly updated client URL will not affect the health of the etcd cluster.
+
+#### Update advertise peer URLs
+
+If you would like to update the advertise peer URLs of a member, you have to first update 
+it explicitly via member command and then restart the member. The additional action is required
+since updating peer URLs changes the cluster wide configuration and can affect the health of the etcd cluster. 
+
+To update the peer URLs, first, we need to find the target member's ID. You can list all members with `etcdctl`:
+
+```sh
+$ etcdctl member list
+6e3bd23ae5f1eae0: name=node2 peerURLs=http://localhost:23802 clientURLs=http://127.0.0.1:23792
+924e2e83e93f2560: name=node3 peerURLs=http://localhost:23803 clientURLs=http://127.0.0.1:23793
+a8266ecf031671f3: name=node1 peerURLs=http://localhost:23801 clientURLs=http://127.0.0.1:23791
+```
+
+In this example let's `update` a8266ecf031671f3 member ID and change its peerURLs value to http://10.0.1.10:2380
+
+```sh
+$ etcdctl member update a8266ecf031671f3 http://10.0.1.10:2380
+Updated member with ID a8266ecf031671f3 in cluster
+```
+
+### Remove a Member
+
+Let us say the member ID we want to remove is a8266ecf031671f3.
+We then use the `remove` command to perform the removal:
+
+```sh
+$ etcdctl member remove a8266ecf031671f3
+Removed member a8266ecf031671f3 from cluster
+```
+
+The target member will stop itself at this point and print out the removal in the log:
+
+```
+etcd: this member has been permanently removed from the cluster. Exiting.
+```
+
+It is safe to remove the leader, however the cluster will be inactive while a new leader is elected. This duration is normally the period of election timeout plus the voting process.
+
+### Add a New Member
+
+Adding a member is a two step process:
+
+ * Add the new member to the cluster via the [members API][member-api] or the `etcdctl member add` command.
+ * Start the new member with the new cluster configuration, including a list of the updated members (existing members + the new member).
+
+Using `etcdctl` let's add the new member to the cluster by specifying its [name][conf-name] and [advertised peer URLs][conf-adv-peer]:
+
+```sh
+$ etcdctl member add infra3 http://10.0.1.13:2380
+added member 9bf1b35fc7761a23 to cluster
+
+ETCD_NAME="infra3"
+ETCD_INITIAL_CLUSTER="infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380,infra3=http://10.0.1.13:2380"
+ETCD_INITIAL_CLUSTER_STATE=existing
+```
+
+`etcdctl` has informed the cluster about the new member and printed out the environment variables needed to successfully start it.
+Now start the new etcd process with the relevant flags for the new member:
+
+```sh
+$ export ETCD_NAME="infra3"
+$ export ETCD_INITIAL_CLUSTER="infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380,infra3=http://10.0.1.13:2380"
+$ export ETCD_INITIAL_CLUSTER_STATE=existing
+$ etcd -listen-client-urls http://10.0.1.13:2379 -advertise-client-urls http://10.0.1.13:2379  -listen-peer-urls http://10.0.1.13:2380 -initial-advertise-peer-urls http://10.0.1.13:2380 -data-dir %data_dir%
+```
+
+The new member will run as a part of the cluster and immediately begin catching up with the rest of the cluster.
+
+If you are adding multiple members the best practice is to configure a single member at a time and verify it starts correctly before adding more new members.
+If you add a new member to a 1-node cluster, the cluster cannot make progress before the new member starts because it needs two members as majority to agree on the consensus. You will only see this behavior between the time `etcdctl member add` informs the cluster about the new member and the new member successfully establishing a connection to the existing one.
+
+#### Error Cases When Adding Members
+
+In the following case we have not included our new host in the list of enumerated nodes.
+If this is a new cluster, the node must be added to the list of initial cluster members.
+
+```sh
+$ etcd -name infra3 \
+  -initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380 \
+  -initial-cluster-state existing
+etcdserver: assign ids error: the member count is unequal
+exit 1
+```
+
+In this case we give a different address (10.0.1.14:2380) to the one that we used to join the cluster (10.0.1.13:2380).
+
+```sh
+$ etcd -name infra4 \
+  -initial-cluster infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380,infra4=http://10.0.1.14:2380 \
+  -initial-cluster-state existing
+etcdserver: assign ids error: unmatched member while checking PeerURLs
+exit 1
+```
+
+When we start etcd using the data directory of a removed member, etcd will exit automatically if it connects to any active member in the cluster:
+
+```sh
+$ etcd
+etcd: this member has been permanently removed from the cluster. Exiting.
+exit 1
+```
+
+### Strict Reconfiguration Check Mode (`-strict-reconfig-check`)
+
+As described in the above, the best practice of adding new members is to configure a single member at a time and verify it starts correctly before adding more new members. This step by step approach is very important because if newly added members is not configured correctly (for example the peer URLs are incorrect), the cluster can lose quorum. The quorum loss happens since the newly added member are counted in the quorum even if that member is not reachable from other existing members. Also quorum loss might happen if there is a connectivity issue or there are operational issues.
+
+For avoiding this problem, etcd provides an option `-strict-reconfig-check`. If this option is passed to etcd, etcd rejects reconfiguration requests if the number of started members will be less than a quorum of the reconfigured cluster.
+
+It is recommended to enable this option. However, it is disabled by default because of keeping compatibility.
+
+[add member]: #add-a-new-member
+[cluster-reconf]: #cluster-reconfiguration-operations
+[conf-adv-peer]: configuration.md#-initial-advertise-peer-urls
+[conf-name]: configuration.md#-name
+[disaster recovery]: admin_guide.md#disaster-recovery
+[fault tolerance table]: admin_guide.md#fault-tolerance-table
+[majority failure]: #restart-cluster-from-majority-failure
+[member-api]: members_api.md
+[member migration]: admin_guide.md#member-migration
+[remove member]: #remove-a-member
+[runtime-reconf]: runtime-reconf-design.md
--- a/Documentation/runtime-reconf-design.md
+++ b/Documentation/runtime-reconf-design.md
@ -0,0 +1,50 @@
+# Design of Runtime Reconfiguration
+
+Runtime reconfiguration is one of the hardest and most error prone features in a distributed system, especially in a consensus based system like etcd.
+
+Read on to learn about the design of etcd's runtime reconfiguration commands and how we tackled these problems.
+
+## Two Phase Config Changes Keep you Safe
+
+In etcd, every runtime reconfiguration has to go through [two phases][add-member] for safety reasons. For example, to add a member you need to first inform cluster of new configuration and then start the new member.
+
+Phase 1 - Inform cluster of new configuration
+
+To add a member into etcd cluster, you need to make an API call to request a new member to be added to the cluster. And this is only way that you can add a new member into an existing cluster. The API call returns when the cluster agrees on the configuration change.
+
+Phase 2 - Start new member
+
+To join the etcd member into the existing cluster, you need to specify the correct `initial-cluster` and set `initial-cluster-state` to `existing`. When the member starts, it will contact the existing cluster first and verify the current cluster configuration matches the expected one specified in `initial-cluster`. When the new member successfully starts, you know your cluster reached the expected configuration.
+
+By splitting the process into two discrete phases users are forced to be explicit regarding cluster membership changes. This actually gives users more flexibility and makes things easier to reason about. For example, if there is an attempt to add a new member with the same ID as an existing member in an etcd cluster, the action will fail immediately during phase one without impacting the running cluster. Similar protection is provided to prevent adding new members by mistake. If a new etcd member attempts to join the cluster before the cluster has accepted the configuration change,, it will not be accepted by the cluster.
+
+Without the explicit workflow around cluster membership etcd would be vulnerable to unexpected cluster membership changes. For example, if etcd is running under an init system such as systemd, etcd would be restarted after being removed via the membership API, and attempt to rejoin the cluster on startup. This cycle would continue every time a member is removed via the API and systemd is set to restart etcd after failing, which is unexpected.
+
+We think runtime reconfiguration should be a low frequent operation. We made the decision to keep it explicit and user-driven to ensure configuration safety and keep your cluster always running smoothly under your control.
+
+## Permanent Loss of Quorum Requires New Cluster
+
+If a cluster permanently loses a majority of its members, a new cluster will need to be started from an old data directory to recover the previous state.
+
+It is entirely possible to force removing the failed members from the existing cluster to recover. However, we decided not to support this method since it bypasses the normal consensus committing phase, which is unsafe. If the member to remove is not actually dead or you force to remove different members through different members in the same cluster, you will end up with diverged cluster with same clusterID. This is very dangerous and hard to debug/fix afterwards. 
+
+If you have a correct deployment, the possibility of permanent majority lose is very low. But it is a severe enough problem that worth special care. We strongly suggest you to read the [disaster recovery documentation][disaster-recovery] and prepare for permanent majority lose before you put etcd into production.
+
+## Do Not Use Public Discovery Service For Runtime Reconfiguration
+
+The public discovery service should only be used for bootstrapping a cluster. To join member into an existing cluster, you should use runtime reconfiguration API. 
+
+Discovery service is designed for bootstrapping an etcd cluster in the cloud environment, when you do not know the IP addresses of all the members beforehand. After you successfully bootstrap a cluster, the IP addresses of all the members are known. Technically, you should not need the discovery service any more.
+
+It seems that using public discovery service is a convenient way to do runtime reconfiguration, after all discovery service already has all the cluster configuration information. However relying on public discovery service brings troubles: 
+
+1. it introduces external dependencies for the entire life-cycle of your cluster, not just bootstrap time. If there is a network issue between your cluster and public discovery service, your cluster will suffer from it.
+ 
+2. public discovery service must reflect correct runtime configuration of your cluster during it life-cycle. It has to provide security mechanism to avoid bad actions, and it is hard. 
+
+3. public discovery service has to keep tens of thousands of cluster configurations. Our public discovery service backend is not ready for that workload.
+
+If you want to have a discovery service that supports runtime reconfiguration, the best choice is to build your private one.
+
+[add-member]: runtime-configuration.md#add-a-new-member
+[disaster-recovery]: admin_guide.md#disaster-recovery
--- a/Documentation/security.md
+++ b/Documentation/security.md
@ -0,0 +1,193 @@
+# Security Model
+
+etcd supports SSL/TLS as well as authentication through client certificates, both for clients to server as well as peer (server to server / cluster) communication.
+
+To get up and running you first need to have a CA certificate and a signed key pair for one member. It is recommended to create and sign a new key pair for every member in a cluster.
+
+For convenience, the [cfssl] tool provides an easy interface to certificate generation, and we provide an example using the tool [here][tls-setup]. You can also examine this [alternative guide to generating self-signed key pairs][tls-guide].
+
+## Basic setup
+
+etcd takes several certificate related configuration options, either through command-line flags or environment variables:
+
+**Client-to-server communication:**
+
+`--cert-file=<path>`: Certificate used for SSL/TLS connections **to** etcd. When this option is set, you can set advertise-client-urls using HTTPS schema.
+
+`--key-file=<path>`: Key for the certificate. Must be unencrypted.
+
+`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail.
+
+`--trusted-ca-file=<path>`: Trusted certificate authority.
+
+**Peer (server-to-server / cluster) communication:**
+
+The peer options work the same way as the client-to-server options:
+
+`--peer-cert-file=<path>`: Certificate used for SSL/TLS connections between peers. This will be used both for listening on the peer address as well as sending requests to other peers.
+
+`--peer-key-file=<path>`: Key for the certificate. Must be unencrypted.
+
+`--peer-client-cert-auth`: When set, etcd will check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA.
+
+`--peer-trusted-ca-file=<path>`: Trusted certificate authority.
+
+If either a client-to-server or peer certificate is supplied the key must also be set. All of these configuration options are also available through the environment variables, `ETCD_CA_FILE`, `ETCD_PEER_CA_FILE` and so on.
+
+## Example 1: Client-to-server transport security with HTTPS
+
+For this you need your CA certificate (`ca.crt`) and signed key pair (`server.crt`, `server.key`) ready.
+
+Let us configure etcd to provide simple HTTPS transport security step by step:
+
+```sh
+$ etcd -name infra0 -data-dir infra0 \
+  -cert-file=/path/to/server.crt -key-file=/path/to/server.key \
+  -advertise-client-urls=https://127.0.0.1:2379 -listen-client-urls=https://127.0.0.1:2379
+```
+
+This should start up fine and you can now test the configuration by speaking HTTPS to etcd:
+
+```sh
+$ curl --cacert /path/to/ca.crt https://127.0.0.1:2379/v2/keys/foo -XPUT -d value=bar -v
+```
+
+You should be able to see the handshake succeed. Because we use self-signed certificates with our own certificate authorities you need to provide the CA to curl using the `--cacert` option. Another possibility would be to add your CA certificate to the trusted certificates on your system (usually in `/etc/ssl/certs`).
+
+**OSX 10.9+ Users**: curl 7.30.0 on OSX 10.9+ doesn't understand certificates passed in on the command line.
+Instead you must import the dummy ca.crt directly into the keychain or add the `-k` flag to curl to ignore errors.
+If you want to test without the `-k` flag run `open ./fixtures/ca/ca.crt` and follow the prompts.
+Please remove this certificate after you are done testing!
+If you know of a workaround let us know.
+
+## Example 2: Client-to-server authentication with HTTPS client certificates
+
+For now we've given the etcd client the ability to verify the server identity and provide transport security. We can however also use client certificates to prevent unauthorized access to etcd.
+
+The clients will provide their certificates to the server and the server will check whether the cert is signed by the supplied CA and decide whether to serve the request.
+
+You need the same files mentioned in the first example for this, as well as a key pair for the client (`client.crt`, `client.key`) signed by the same certificate authority.
+
+```sh
+$ etcd -name infra0 -data-dir infra0 \
+  -client-cert-auth -trusted-ca-file=/path/to/ca.crt -cert-file=/path/to/server.crt -key-file=/path/to/server.key \
+  -advertise-client-urls https://127.0.0.1:2379 -listen-client-urls https://127.0.0.1:2379
+```
+
+Now try the same request as above to this server:
+
+```sh
+$ curl --cacert /path/to/ca.crt https://127.0.0.1:2379/v2/keys/foo -XPUT -d value=bar -v
+```
+
+The request should be rejected by the server:
+
+```
+...
+routines:SSL3_READ_BYTES:sslv3 alert bad certificate
+...
+```
+
+To make it succeed, we need to give the CA signed client certificate to the server:
+
+```sh
+$ curl --cacert /path/to/ca.crt --cert /path/to/client.crt --key /path/to/client.key \
+  -L https://127.0.0.1:2379/v2/keys/foo -XPUT -d value=bar -v
+```
+
+You should be able to see:
+
+```
+...
+SSLv3, TLS handshake, CERT verify (15):
+...
+TLS handshake, Finished (20)
+```
+
+And also the response from the server:
+
+```json
+{
+    "action": "set",
+    "node": {
+        "createdIndex": 12,
+        "key": "/foo",
+        "modifiedIndex": 12,
+        "value": "bar"
+    }
+}
+```
+
+## Example 3: Transport security & client certificates in a cluster
+
+etcd supports the same model as above for **peer communication**, that means the communication between etcd members in a cluster.
+
+Assuming we have our `ca.crt` and two members with their own keypairs (`member1.crt` & `member1.key`, `member2.crt` & `member2.key`) signed by this CA, we launch etcd as follows:
+
+
+```sh
+DISCOVERY_URL=... # from https://discovery.etcd.io/new
+
+# member1
+$ etcd -name infra1 -data-dir infra1 \
+  -peer-client-cert-auth -peer-trusted-ca-file=/path/to/ca.crt -peer-cert-file=/path/to/member1.crt -peer-key-file=/path/to/member1.key \
+  -initial-advertise-peer-urls=https://10.0.1.10:2380 -listen-peer-urls=https://10.0.1.10:2380 \
+  -discovery ${DISCOVERY_URL}
+
+# member2
+$ etcd -name infra2 -data-dir infra2 \
+  -peer-client-cert-auth -peer-trusted-ca-file=/path/to/ca.crt -peer-cert-file=/path/to/member2.crt -peer-key-file=/path/to/member2.key \
+  -initial-advertise-peer-urls=https://10.0.1.11:2380 -listen-peer-urls=https://10.0.1.11:2380 \
+  -discovery ${DISCOVERY_URL}
+```
+
+The etcd members will form a cluster and all communication between members in the cluster will be encrypted and authenticated using the client certificates. You will see in the output of etcd that the addresses it connects to use HTTPS.
+
+## Notes For etcd Proxy
+
+etcd proxy terminates the TLS from its client if the connection is secure, and uses proxy's own key/cert specified in `--peer-key-file` and `--peer-cert-file` to communicate with etcd members.
+
+The proxy communicates with etcd members through both the `--advertise-client-urls` and `--advertise-peer-urls` of a given member. It forwards client requests to etcd members’ advertised client urls, and it syncs the initial cluster configuration through etcd members’ advertised peer urls.
+
+When client authentication is enabled for an etcd member, the administrator must ensure that the peer certificate specified in the proxy's `--peer-cert-file` option is valid for that authentication. The proxy's peer certificate must also be valid for peer authentication if peer authentication is enabled.
+
+## Frequently Asked Questions
+
+### My cluster is not working with peer tls configuration?
+
+The internal protocol of etcd v2.0.x uses a lot of short-lived HTTP connections.
+So, when enabling TLS you may need to increase the heartbeat interval and election timeouts to reduce internal cluster connection churn.
+A reasonable place to start are these values: ` --heartbeat-interval 500 --election-timeout 2500`.
+These issues are resolved in the etcd v2.1.x series of releases which uses fewer connections.
+
+### I'm seeing a SSLv3 alert handshake failure when using SSL client authentication?
+
+The `crypto/tls` package of `golang` checks the key usage of the certificate public key before using it.
+To use the certificate public key to do client auth, we need to add `clientAuth` to `Extended Key Usage` when creating the certificate public key.
+
+Here is how to do it:
+
+Add the following section to your openssl.cnf:
+
+```
+[ ssl_client ]
+...
+  extendedKeyUsage = clientAuth
+...
+```
+
+When creating the cert be sure to reference it in the `-extensions` flag:
+
+```
+$ openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -out certs/machine.crt -infiles machine.csr
+```
+
+### With peer certificate authentication I receive "certificate is valid for 127.0.0.1, not $MY_IP"
+Make sure that you sign your certificates with a Subject Name your member's public IP address. The `etcd-ca` tool for example provides an `--ip=` option for its `new-cert` command.
+
+If you need your certificate to be signed for your member's FQDN in its Subject Name then you could use Subject Alternative Names (short IP SANs) to add your IP address. The `etcd-ca` tool provides `--domain=` option for its `new-cert` command, and openssl can make [it][alt-name] too.
+
+[cfssl]: https://github.com/cloudflare/cfssl
+[tls-setup]: /hack/tls-setup
+[tls-guide]: https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md
+[alt-name]: http://wiki.cacert.org/FAQ/subjectAltName
--- a/Documentation/tuning.md
+++ b/Documentation/tuning.md
@ -0,0 +1,75 @@
+# Tuning
+
+The default settings in etcd should work well for installations on a local network where the average network latency is low.
+However, when using etcd across multiple data centers or over networks with high latency you may need to tweak the heartbeat interval and election timeout settings.
+
+The network isn't the only source of latency. Each request and response may be impacted by slow disks on both the leader and follower. Each of these timeouts represents the total time from request to successful response from the other machine.
+
+## Time Parameters
+
+The underlying distributed consensus protocol relies on two separate time parameters to ensure that nodes can handoff leadership if one stalls or goes offline.
+The first parameter is called the *Heartbeat Interval*.
+This is the frequency with which the leader will notify followers that it is still the leader.
+For best practices, the parameter should be set around round-trip time between members.
+By default, etcd uses a `100ms` heartbeat interval.
+
+The second parameter is the *Election Timeout*.
+This timeout is how long a follower node will go without hearing a heartbeat before attempting to become leader itself.
+By default, etcd uses a `1000ms` election timeout.
+
+Adjusting these values is a trade off.
+The value of heartbeat interval is recommended to be around the maximum of average round-trip time (RTT) between members, normally around 0.5-1.5x the round-trip time.
+If heartbeat interval is too low, etcd will send unnecessary messages that increase the usage of CPU and network resources.
+On the other side, a too high heartbeat interval leads to high election timeout. Higher election timeout takes longer time to detect a leader failure.
+The easiest way to measure round-trip time (RTT) is to use [PING utility][ping].
+
+The election timeout should be set based on the heartbeat interval and average round-trip time between members.
+Election timeouts must be at least 10 times the round-trip time so it can account for variance in your network.
+For example, if the round-trip time between your members is 10ms then you should have at least a 100ms election timeout.
+
+You should also set your election timeout to at least 5 to 10 times your heartbeat interval to account for variance in leader replication.
+For a heartbeat interval of 50ms you should set your election timeout to at least 250ms - 500ms.
+
+The upper limit of election timeout is 50000ms (50s), which should only be used when deploying a globally-distributed etcd cluster.
+A reasonable round-trip time for the continental United States is 130ms, and the time between US and Japan is around 350-400ms.
+If your network has uneven performance or regular packet delays/loss then it is possible that a couple of retries may be necessary to successfully send a packet. So 5s is a safe upper limit of global round-trip time.
+As the election timeout should be an order of magnitude bigger than broadcast time, in the case of ~5s for a globally distributed cluster, then 50 seconds becomes a reasonable maximum.
+
+The heartbeat interval and election timeout value should be the same for all members in one cluster. Setting different values for etcd members may disrupt cluster stability.
+
+You can override the default values on the command line:
+
+```sh
+# Command line arguments:
+$ etcd -heartbeat-interval=100 -election-timeout=500
+
+# Environment variables:
+$ ETCD_HEARTBEAT_INTERVAL=100 ETCD_ELECTION_TIMEOUT=500 etcd
+```
+
+The values are specified in milliseconds.
+
+## Snapshots
+
+etcd appends all key changes to a log file.
+This log grows forever and is a complete linear history of every change made to the keys.
+A complete history works well for lightly used clusters but clusters that are heavily used would carry around a large log.
+
+To avoid having a huge log etcd makes periodic snapshots.
+These snapshots provide a way for etcd to compact the log by saving the current state of the system and removing old logs.
+
+### Snapshot Tuning
+
+Creating snapshots can be expensive so they're only created after a given number of changes to etcd.
+By default, snapshots will be made after every 10,000 changes.
+If etcd's memory usage and disk usage are too high, you can lower the snapshot threshold by setting the following on the command line:
+
+```sh
+# Command line arguments:
+$ etcd -snapshot-count=5000
+
+# Environment variables:
+$ ETCD_SNAPSHOT_COUNT=5000 etcd
+```
+
+[ping]: https://en.wikipedia.org/wiki/Ping_(networking_utility)
--- a/Documentation/upgrade_2_1.md
+++ b/Documentation/upgrade_2_1.md
@ -0,0 +1,116 @@
+# Upgrade etcd to 2.1
+
+In the general case, upgrading from etcd 2.0 to 2.1 can be a zero-downtime, rolling upgrade:
+ - one by one, stop the etcd v2.0 processes and replace them with etcd v2.1 processes
+ - after you are running all v2.1 processes, new features in v2.1 are available to the cluster
+
+Before [starting an upgrade](#upgrade-procedure), read through the rest of this guide to prepare.
+
+## Upgrade Checklists
+
+### Upgrade Requirements
+
+To upgrade an existing etcd deployment to 2.1, you must be running 2.0. If you’re running a version of etcd before 2.0, you must upgrade to [2.0][v2.0] before upgrading to 2.1.
+
+Also, to ensure a smooth rolling upgrade, your running cluster must be healthy. You can check the health of the cluster by using `etcdctl cluster-health` command. 
+
+### Preparedness 
+
+Before upgrading etcd, always test the services relying on etcd in a staging environment before deploying the upgrade to the production environment. 
+
+You might also want to [backup your data directory][backup-datastore] for a potential [downgrade](#downgrade).
+
+etcd 2.1 introduces a new [authentication][auth] feature, which is disabled by default. If your deployment depends on these, you may want to test the auth features before enabling them in production.
+
+### Mixed Versions
+
+While upgrading, an etcd cluster supports mixed versions of etcd members. The cluster is only considered upgraded once all its members are upgraded to 2.1.
+
+Internally, etcd members negotiate with each other to determine the overall etcd cluster version, which controls the reported cluster version and the supported features. For example, if you are mid-upgrade, any 2.1 features (such as the the authentication feature mentioned above) won’t be available.
+
+### Limitations
+
+If you encounter any issues during the upgrade, you can attempt to restart the etcd process in trouble using a newer v2.1 binary to solve the problem. One known issue is that etcd v2.0.0 and v2.0.2 may panic during rolling upgrades due to an existing bug, which has been fixed since etcd v2.0.3.
+
+It might take up to 2 minutes for the newly upgraded member to catch up with the existing cluster when the total data size is larger than 50MB (You can check the size of the existing snapshot to know about the rough data size). In other words, it is safest to wait for 2 minutes before upgrading the next member.
+
+If you have even more data, this might take more time. If you have a data size larger than 100MB you should contact us before upgrading, so we can make sure the upgrades work smoothly.
+
+### Downgrade
+
+If all members have been upgraded to v2.1, the cluster will be upgraded to v2.1, and downgrade is **not possible**. If any member is still v2.0, the cluster will remain in v2.0, and you can go back to use v2.0 binary. 
+
+Please [backup your data directory][backup-datastore] of all etcd members if you want to downgrade the cluster, even if it is upgraded.
+
+### Upgrade Procedure
+
+#### 1. Check upgrade requirements.
+
+```
+$ etcdctl cluster-health
+cluster is healthy
+member 6e3bd23ae5f1eae0 is healthy
+member 924e2e83e93f2560 is healthy
+member a8266ecf031671f3 is healthy
+
+$ curl http://127.0.0.1:4001/version
+etcd 2.0.x
+```
+
+#### 2. Stop the existing etcd process
+
+You will see similar error logging from other etcd processes in your cluster. This is normal, since you just shut down a member.
+
+```
+2015/06/23 15:45:09 sender: error posting to 6e3bd23ae5f1eae0: dial tcp 127.0.0.1:7002: connection refused
+2015/06/23 15:45:09 sender: the connection with 6e3bd23ae5f1eae0 became inactive
+2015/06/23 15:45:11 rafthttp: encountered error writing to server log stream: write tcp 127.0.0.1:53783: broken pipe
+2015/06/23 15:45:11 rafthttp: server streaming to 6e3bd23ae5f1eae0 at term 2 has been stopped
+2015/06/23 15:45:11 stream: error sending message: stopped
+2015/06/23 15:45:11 stream: stopping the stream server...
+```
+
+You could [backup your data directory][backup-datastore] for data safety.
+
+```
+$ etcdctl backup \
+      --data-dir /var/lib/etcd \
+      --backup-dir /tmp/etcd_backup
+```
+
+#### 3. Drop-in etcd v2.1 binary and start the new etcd process
+
+You will see the etcd publish its information to the cluster.
+
+```
+2015/06/23 15:45:39 etcdserver: published {Name:infra2 ClientURLs:[http://localhost:4002]} to cluster e9c7614f68f35fb2
+```
+
+You could verify the cluster becomes healthy.
+
+```
+$ etcdctl cluster-health
+cluster is healthy
+member 6e3bd23ae5f1eae0 is healthy
+member 924e2e83e93f2560 is healthy
+member a8266ecf031671f3 is healthy
+```
+
+#### 4. Repeat step 2 to step 3 for all other members 
+
+#### 5. Finish
+
+When all members are upgraded, you will see the cluster is upgraded to 2.1 successfully:
+
+```
+2015/06/23 15:46:35 etcdserver: updated the cluster version from 2.0.0 to 2.1.0
+```
+
+```
+$ curl http://127.0.0.1:4001/version
+{"etcdserver":"2.1.x","etcdcluster":"2.1.0"}
+```
+
+[auth]: auth_api.md
+[backup-datastore]: admin_guide.md#backing-up-the-datastore
+[v2.0]: https://github.com/coreos/etcd/releases/tag/v2.0.13
--- a/Documentation/upgrade_2_2.md
+++ b/Documentation/upgrade_2_2.md
@ -0,0 +1,132 @@
+# Upgrade etcd from 2.1 to 2.2
+
+In the general case, upgrading from etcd 2.1 to 2.2 can be a zero-downtime, rolling upgrade:
+
+ - one by one, stop the etcd v2.1 processes and replace them with etcd v2.2 processes
+ - after you are running all v2.2 processes, new features in v2.2 are available to the cluster
+
+Before [starting an upgrade](#upgrade-procedure), read through the rest of this guide to prepare.
+
+## Upgrade Checklists
+
+### Upgrade Requirement
+
+To upgrade an existing etcd deployment to 2.2, you must be running 2.1. If you’re running a version of etcd before 2.1, you must upgrade to [2.1][v2.1] before upgrading to 2.2.
+
+Also, to ensure a smooth rolling upgrade, your running cluster must be healthy. You can check the health of the cluster by using `etcdctl cluster-health` command. 
+
+### Preparedness 
+
+Before upgrading etcd, always test the services relying on etcd in a staging environment before deploying the upgrade to the production environment. 
+
+You might also want to [backup the data directory][backup-datastore] for a potential [downgrade].
+
+### Mixed Versions
+
+While upgrading, an etcd cluster supports mixed versions of etcd members. The cluster is only considered upgraded once all its members are upgraded to 2.2.
+
+Internally, etcd members negotiate with each other to determine the overall etcd cluster version, which controls the reported cluster version and the supported features.
+
+### Limitations
+
+If you have a data size larger than 100MB you should contact us before upgrading, so we can make sure the upgrades work smoothly.
+
+Every etcd 2.2 member will do health checking across the cluster periodically. etcd 2.1 member does not support health checking. During the upgrade, etcd 2.2 member will log warning about the unhealthy state of etcd 2.1 member. You can ignore the warning. 
+
+### Downgrade
+
+If all members have been upgraded to v2.2, the cluster will be upgraded to v2.2, and downgrade is **not possible**. If any member is still v2.1, the cluster will remain in v2.1, and you can go back to use v2.1 binary. 
+
+Please [backup the data directory][backup-datastore] of all etcd members if you want to downgrade the cluster, even if it is upgraded.
+
+### Upgrade Procedure
+
+In the example, we upgrade a three member v2.1 cluster running on local machine.
+
+#### 1. Check upgrade requirements.
+
+```
+$ etcdctl cluster-health
+member 6e3bd23ae5f1eae0 is healthy: got healthy result from http://localhost:22379
+member 924e2e83e93f2560 is healthy: got healthy result from http://localhost:32379
+member a8266ecf031671f3 is healthy: got healthy result from http://localhost:12379
+cluster is healthy
+
+$ curl http://localhost:4001/version
+{"etcdserver":"2.1.x","etcdcluster":"2.1.0"}
+```
+
+#### 2. Stop the existing etcd process
+
+You will see similar error logging from other etcd processes in your cluster. This is normal, since you just shut down a member and the connection is broken.
+
+```
+2015/09/2 09:48:35 etcdserver: failed to reach the peerURL(http://localhost:12380) of member a8266ecf031671f3 (Get http://localhost:12380/version: dial tcp [::1]:12380: getsockopt: connection refused)
+2015/09/2 09:48:35 etcdserver: cannot get the version of member a8266ecf031671f3 (Get http://localhost:12380/version: dial tcp [::1]:12380: getsockopt: connection refused)
+2015/09/2 09:48:35 rafthttp: failed to write a8266ecf031671f3 on stream Message (write tcp 127.0.0.1:32380->127.0.0.1:64394: write: broken pipe)
+2015/09/2 09:48:35 rafthttp: failed to write a8266ecf031671f3 on pipeline (dial tcp [::1]:12380: getsockopt: connection refused)
+2015/09/2 09:48:40 etcdserver: failed to reach the peerURL(http://localhost:7001) of member a8266ecf031671f3 (Get http://localhost:7001/version: dial tcp [::1]:12380: getsockopt: connection refused)
+2015/09/2 09:48:40 etcdserver: cannot get the version of member a8266ecf031671f3 (Get http://localhost:12380/version: dial tcp [::1]:12380: getsockopt: connection refused)
+2015/09/2 09:48:40 rafthttp: failed to heartbeat a8266ecf031671f3 on stream MsgApp v2 (write tcp 127.0.0.1:32380->127.0.0.1:64393: write: broken pipe)
+```
+
+You will see logging output like this from ungraded member due to a mixed version cluster. You can ignore this while upgrading.
+
+```
+2015/09/2 09:48:45 etcdserver: the etcd version 2.1.2+git is not up-to-date
+2015/09/2 09:48:45 etcdserver: member a8266ecf031671f3 has a higher version &{2.2.0-rc.0+git 2.1.0}
+```
+
+You will also see logging output like this from the newly upgraded member, since etcd 2.1 member does not support health checking. You can ignore this while upgrading.
+
+```
+2015-09-02 09:55:42.691384 W | rafthttp: the connection to peer 6e3bd23ae5f1eae0 is unhealthy
+2015-09-02 09:55:42.705626 W | rafthttp: the connection to peer 924e2e83e93f2560 is unhealthy
+
+```
+
+[Backup your data directory][backup-datastore] for data safety.
+
+```
+$ etcdctl backup \
+      --data-dir /var/lib/etcd \
+      --backup-dir /tmp/etcd_backup
+```
+
+#### 3. Drop-in etcd v2.2 binary and start the new etcd process
+
+Now, you can start the etcd v2.2 binary with the previous configuration.
+You will see the etcd start and publish its information to the cluster.
+
+```
+2015-09-02 09:56:46.117609 I | etcdserver: published {Name:infra2 ClientURLs:[http://localhost:22380]} to cluster e9c7614f68f35fb2
+```
+
+You could verify the cluster becomes healthy.
+
+```
+$ etcdctl cluster-health
+member 6e3bd23ae5f1eae0 is healthy: got healthy result from http://localhost:22379
+member 924e2e83e93f2560 is healthy: got healthy result from http://localhost:32379
+member a8266ecf031671f3 is healthy: got healthy result from http://localhost:12379
+cluster is healthy
+```
+
+#### 4. Repeat step 2 to step 3 for all other members 
+
+#### 5. Finish
+
+When all members are upgraded, you will see the cluster is upgraded to 2.2 successfully:
+
+```
+2015-09-02 09:56:54.896848 N | etcdserver: updated the cluster version from 2.1 to 2.2
+```
+
+```
+$ curl http://127.0.0.1:4001/version
+{"etcdserver":"2.2.x","etcdcluster":"2.2.0"}
+```
+
+[backup-datastore]: admin_guide.md#backing-up-the-datastore
+[downgrade]: #downgrade
+[v2.1]: https://github.com/coreos/etcd/releases/tag/v2.1.2
--- a/Documentation/upgrade_2_3.md
+++ b/Documentation/upgrade_2_3.md
@ -0,0 +1,121 @@
+## Upgrade etcd from 2.2 to 2.3
+
+In the general case, upgrading from etcd 2.2 to 2.3 can be a zero-downtime, rolling upgrade:
+ - one by one, stop the etcd v2.2 processes and replace them with etcd v2.3 processes
+ - after running all v2.3 processes, new features in v2.3 are available to the cluster
+
+Before [starting an upgrade](#upgrade-procedure), read through the rest of this guide to prepare.
+
+### Upgrade Checklists
+
+#### Upgrade Requirements
+
+To upgrade an existing etcd deployment to 2.3, the running cluster must be 2.2 or greater. If it's before 2.2, please upgrade to [2.2](https://github.com/coreos/etcd/releases/tag/v2.2.0) before upgrading to 2.3.
+
+Also, to ensure a smooth rolling upgrade, the running cluster must be healthy. You can check the health of the cluster by using the `etcdctl cluster-health` command.
+
+#### Preparation
+
+Before upgrading etcd, always test the services relying on etcd in a staging environment before deploying the upgrade to the production environment.
+
+Before beginning,  [backup the etcd data directory](admin_guide.md#backing-up-the-datastore). Should something go wrong with the upgrade, it is possible to use this backup to[downgrade](#downgrade) back to existing etcd version.
+
+#### Mixed Versions
+
+While upgrading, an etcd cluster supports mixed versions of etcd members, and operates with the protocol of the lowest common version. The cluster is only considered upgraded once all of its members are upgraded to version 2.3. Internally, etcd members negotiate with each other to determine the overall cluster version, which controls the reported version and the supported features.
+
+#### Limitations
+
+It might take up to 2 minutes for the newly upgraded member to catch up with the existing cluster when the total data size is larger than 50MB. Check the size of a recent  snapshot to estimate  the total data size. In other words, it is safest to wait for 2 minutes between upgrading each member.
+
+For a much larger total data size, 100MB or more , this one-time process might take even more time. Administrators of very large etcd clusters of this magnitude can feel free to contact the [etcd team][etcd-contact] before upgrading, and we’ll be happy to provide advice on the procedure.
+
+#### Downgrade
+
+If all members have been upgraded to v2.3, the cluster will be upgraded to v2.3, and downgrade from this completed state is **not possible**. If any single member is still v2.2, however, the cluster and its operations remains “v2.2”, and it is possible from this mixed cluster state to return to using a v2.2 etcd binary on all members.
+
+Please [backup the data directory](admin_guide.md#backing-up-the-datastore) of all etcd members to make downgrading the cluster possible even after it has been completely upgraded.
+
+### Upgrade Procedure
+
+
+This example details the  upgrade of a three-member v2.2 ectd cluster running on a local machine.
+
+#### 1. Check upgrade requirements.
+
+Is the the cluster healthy and running v.2.2.x?
+
+```
+$ etcdctl cluster-health
+member 6e3bd23ae5f1eae0 is healthy: got healthy result from http://localhost:22379
+member 924e2e83e93f2560 is healthy: got healthy result from http://localhost:32379
+member a8266ecf031671f3 is healthy: got healthy result from http://localhost:12379
+cluster is healthy
+
+$ curl http://localhost:4001/version
+{"etcdserver":"2.2.x","etcdcluster":"2.2.0"}
+```
+
+#### 2. Stop the existing etcd process
+
+When each etcd process is stopped, expected errors will be logged by other cluster members. This is normal since a cluster member connection has been (temporarily) broken:
+
+```
+2016-03-11 09:50:49.860319 E | rafthttp: failed to read 8211f1d0f64f3269 on stream Message (unexpected EOF)
+2016-03-11 09:50:49.860335 I | rafthttp: the connection with 8211f1d0f64f3269 became inactive
+2016-03-11 09:50:51.023804 W | etcdserver: failed to reach the peerURL(http://127.0.0.1:12380) of member 8211f1d0f64f3269 (Get http://127.0.0.1:12380/version: dial tcp 127.0.0.1:12380: getsockopt: connection refused)
+2016-03-11 09:50:51.023821 W | etcdserver: cannot get the version of member 8211f1d0f64f3269 (Get http://127.0.0.1:12380/version: dial tcp 127.0.0.1:12380: getsockopt: connection refused)
+```
+
+It’s a good idea at this point to  [backup the etcd data directory](https://github.com/coreos/etcd/blob/7f7e2cc79d9c5c342a6eb1e48c386b0223cf934e/Documentation/admin_guide.md#backing-up-the-datastore) to provide a downgrade path should any problems occur:
+
+```
+$ etcdctl backup \
+      --data-dir /var/lib/etcd \
+      --backup-dir /tmp/etcd_backup
+```
+
+#### 3. Drop-in etcd v2.3 binary and start the new etcd process
+
+The new v2.3 etcd will publish its information to the cluster:
+
+```
+09:58:25.938673 I | etcdserver: published {Name:infra1 ClientURLs:[http://localhost:12379]} to cluster 524400597fb1d5f6
+```
+
+Verify that each member, and then the entire cluster, becomes healthy with the new v2.3 etcd binary:
+
+```
+$ etcdctl cluster-health
+member 6e3bd23ae5f1eae0 is healthy: got healthy result from http://localhost:22379
+member 924e2e83e93f2560 is healthy: got healthy result from http://localhost:32379
+member a8266ecf031671f3 is healthy: got healthy result from http://localhost:12379
+cluster is healthy
+```
+
+
+Upgraded members will log warnings like the following until the entire cluster is upgraded. This is expected and will cease after all etcd cluster members are upgraded to v2.3:
+
+```
+2016-03-11 09:58:26.851837 W | etcdserver: the local etcd version 2.2.0 is not up-to-date
+2016-03-11 09:58:26.851854 W | etcdserver: member c02c70ede158499f has a higher version 2.3.0
+```
+
+#### 4. Repeat step 2 to step 3 for all other members
+
+#### 5. Finish
+
+When all members are upgraded, the cluster will report  upgrading to 2.3 successfully:
+
+```
+2016-03-11 10:03:01.583392 N | etcdserver: updated the cluster version from 2.2 to 2.3
+```
+
+```
+$ curl http://127.0.0.1:4001/version
+{"etcdserver":"2.3.x","etcdcluster":"2.3.0"}
+```
+
+
+[etcd-contact]: https://coreos.com/etcd/?
+
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@ -1,80 +0,0 @@
-# etcd Governance
-
-## Principles
-
-The etcd community adheres to the following principles:
-
- Open: etcd is open source.
- Welcoming and respectful: See [Code of Conduct](code-of-conduct.md).
- Transparent and accessible: Changes to the etcd code repository and CNCF related
-activities (e.g. level, involvement, etc) are done in public.
- Merit: Ideas and contributions are accepted according to their technical merit for
-the betterment of the project. For specific guidance on practical contribution steps
-please see [CONTRIBUTING](./CONTRIBUTING.md) guide.
-
-## Maintainers
-
-[Maintainers](./MAINTAINERS) are first and foremost contributors that have shown they
-are committed to the long term success of a project. Maintainership is about building
-trust with the current maintainers of the project and being a person that they can
-depend on to make decisions in the best interest of the project in a consistent manner.
-The maintainers role can be a top-level or restricted to certain package/feature
-depending upon their commitment in fulfilling the expected responsibilities as explained
-below.
-
-### Top-level maintainer
-
- Running the etcd release processes
- Ownership of test and debug infrastructure
- Triage GitHub issues to keep the issue count low (goal: under 100)
- Regularly review GitHub pull requests across all pkgs
- Providing cross pkg design review
- Monitor email aliases
- Participate when called upon in the [security disclosure and release process](security/README.md)
- General project maintenance
-
-### Package/feature maintainer
-
- Ownership of test and debug failures in a pkg/feature
- Resolution of bugs triaged to a package/feature
- Regularly review pull requests to the pkg subsystem
-
-Contributors who are interested in becoming a maintainer, if performing these
-responsibilities, should discuss their interest with the existing maintainers. New
-maintainers must be nominated by an existing maintainer and must be elected by a
-supermajority of maintainers. Likewise, maintainers can be removed by a supermajority
-of the maintainers and moved to emeritus status.
-
-Life priorities, interests, and passions can change. If a maintainer needs to step
-down, inform other maintainers about this intention, and if possible, help find someone
-to pick up the related work. At the very least, ensure the related work can be continued.
-Afterward, create a pull request to remove yourself from the [MAINTAINERS](./MAINTAINERS)
-file.
-
-## Reviewers
-
-[Reviewers](./MAINTAINERS) are contributors who have demonstrated greater skill in
-reviewing the code contribution from other contributors. Their LGTM counts towards
-merging a code change into the project. A reviewer is generally on the ladder towards
-maintainership. New reviewers must be nominated by an existing maintainer and must be
-elected by a supermajority of maintainers. Likewise, reviewers can be removed by a
-supermajority of the  maintainers or can resign by notifying the maintainers.
-
-## Decision making process
-
-Decisions are built on consensus between maintainers publicly. Proposals and ideas
-can either be submitted for agreement via a GitHub issue or PR, or by sending an email
-to `etcd-maintainers@googlegroups.com`.
-
-## Conflict resolution
-
-In general, we prefer that technical issues and maintainer membership are amicably
-worked out between the persons involved. However, any technical dispute that has
-reached an impasse with a subset of the community, any contributor may open a GitHub
-issue or PR or send an email to `etcd-maintainers@googlegroups.com`. If the
-maintainers themselves cannot decide an issue, the issue will be resolved by a
-supermajority of the maintainers.
-
-## Changes in Governance
-
-Changes in project governance could be initiated by opening a GitHub PR.
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -0,0 +1,210 @@
+{
+	"ImportPath": "github.com/coreos/etcd",
+	"GoVersion": "go1.5.1",
+	"Packages": [
+		"./..."
+	],
+	"Deps": [
+		{
+			"ImportPath": "bitbucket.org/ww/goautoneg",
+			"Comment": "null-5",
+			"Rev": "75cd24fc2f2c2a2088577d12123ddee5f54e0675"
+		},
+		{
+			"ImportPath": "github.com/akrennmair/gopcap",
+			"Rev": "00e11033259acb75598ba416495bb708d864a010"
+		},
+		{
+			"ImportPath": "github.com/beorn7/perks/quantile",
+			"Rev": "b965b613227fddccbfffe13eae360ed3fa822f8d"
+		},
+		{
+			"ImportPath": "github.com/bgentry/speakeasy",
+			"Rev": "36e9cfdd690967f4f690c6edcc9ffacd006014a0"
+		},
+		{
+			"ImportPath": "github.com/boltdb/bolt",
+			"Comment": "v1.1.0-81-g0fd4c05",
+			"Rev": "0fd4c0547d204c7b1cad6db6f3adad5f2cf453e5"
+		},
+		{
+			"ImportPath": "github.com/cheggaaa/pb",
+			"Rev": "da1f27ad1d9509b16f65f52fd9d8138b0f2dc7b2"
+		},
+		{
+			"ImportPath": "github.com/codegangsta/cli",
+			"Comment": "1.2.0-183-gb5232bb",
+			"Rev": "b5232bb2934f606f9f27a1305f1eea224e8e8b88"
+		},
+		{
+			"ImportPath": "github.com/coreos/gexpect",
+			"Rev": "5173270e159f5aa8fbc999dc7e3dcb50f4098a69"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-semver/semver",
+			"Rev": "568e959cd89871e61434c1143528d9162da89ef2"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-systemd/daemon",
+			"Comment": "v3-6-gcea488b",
+			"Rev": "cea488b4e6855fee89b6c22a811e3c5baca861b6"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-systemd/journal",
+			"Comment": "v3-6-gcea488b",
+			"Rev": "cea488b4e6855fee89b6c22a811e3c5baca861b6"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-systemd/util",
+			"Comment": "v3-6-gcea488b",
+			"Rev": "cea488b4e6855fee89b6c22a811e3c5baca861b6"
+		},
+		{
+			"ImportPath": "github.com/coreos/pkg/capnslog",
+			"Rev": "2c77715c4df99b5420ffcae14ead08f52104065d"
+		},
+		{
+			"ImportPath": "github.com/cpuguy83/go-md2man/md2man",
+			"Comment": "v1.0.4",
+			"Rev": "71acacd42f85e5e82f70a55327789582a5200a90"
+		},
+		{
+			"ImportPath": "github.com/gogo/protobuf/proto",
+			"Comment": "v0.1-118-ge8904f5",
+			"Rev": "e8904f58e872a473a5b91bc9bf3377d223555263"
+		},
+		{
+			"ImportPath": "github.com/golang/glog",
+			"Rev": "44145f04b68cf362d9c4df2182967c2275eaefed"
+		},
+		{
+			"ImportPath": "github.com/golang/protobuf/proto",
+			"Rev": "6aaa8d47701fa6cf07e914ec01fde3d4a1fe79c3"
+		},
+		{
+			"ImportPath": "github.com/google/btree",
+			"Rev": "cc6329d4279e3f025a53a83c397d2339b5705c45"
+		},
+		{
+			"ImportPath": "github.com/inconshreveable/mousetrap",
+			"Rev": "76626ae9c91c4f2a10f34cad8ce83ea42c93bb75"
+		},
+		{
+			"ImportPath": "github.com/jonboulle/clockwork",
+			"Rev": "72f9bd7c4e0c2a40055ab3d0f09654f730cce982"
+		},
+		{
+			"ImportPath": "github.com/kballard/go-shellquote",
+			"Rev": "d8ec1a69a250a17bb0e419c386eac1f3711dc142"
+		},
+		{
+			"ImportPath": "github.com/kr/pty",
+			"Comment": "release.r56-29-gf7ee69f",
+			"Rev": "f7ee69f31298ecbe5d2b349c711e2547a617d398"
+		},
+		{
+			"ImportPath": "github.com/mattn/go-runewidth",
+			"Comment": "travisish-46-gd6bea18",
+			"Rev": "d6bea18f789704b5f83375793155289da36a3c7f"
+		},
+		{
+			"ImportPath": "github.com/matttproud/golang_protobuf_extensions/pbutil",
+			"Rev": "fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a"
+		},
+		{
+			"ImportPath": "github.com/olekukonko/tablewriter",
+			"Rev": "cca8bbc0798408af109aaaa239cbd2634846b340"
+		},
+		{
+			"ImportPath": "github.com/olekukonko/ts",
+			"Rev": "ecf753e7c962639ab5a1fb46f7da627d4c0a04b8"
+		},
+		{
+			"ImportPath": "github.com/prometheus/client_golang/prometheus",
+			"Comment": "0.7.0-52-ge51041b",
+			"Rev": "e51041b3fa41cece0dca035740ba6411905be473"
+		},
+		{
+			"ImportPath": "github.com/prometheus/client_model/go",
+			"Comment": "model-0.0.2-12-gfa8ad6f",
+			"Rev": "fa8ad6fec33561be4280a8f0514318c79d7f6cb6"
+		},
+		{
+			"ImportPath": "github.com/prometheus/common/expfmt",
+			"Rev": "ffe929a3f4c4faeaa10f2b9535c2b1be3ad15650"
+		},
+		{
+			"ImportPath": "github.com/prometheus/common/model",
+			"Rev": "ffe929a3f4c4faeaa10f2b9535c2b1be3ad15650"
+		},
+		{
+			"ImportPath": "github.com/prometheus/procfs",
+			"Rev": "454a56f35412459b5e684fd5ec0f9211b94f002a"
+		},
+		{
+			"ImportPath": "github.com/russross/blackfriday",
+			"Comment": "v1.4-2-g300106c",
+			"Rev": "300106c228d52c8941d4b3de6054a6062a86dda3"
+		},
+		{
+			"ImportPath": "github.com/shurcooL/sanitized_anchor_name",
+			"Rev": "10ef21a441db47d8b13ebcc5fd2310f636973c77"
+		},
+		{
+			"ImportPath": "github.com/spacejam/loghisto",
+			"Rev": "323309774dec8b7430187e46cd0793974ccca04a"
+		},
+		{
+			"ImportPath": "github.com/spf13/cobra",
+			"Rev": "1c44ec8d3f1552cac48999f9306da23c4d8a288b"
+		},
+		{
+			"ImportPath": "github.com/spf13/pflag",
+			"Rev": "08b1a584251b5b62f458943640fc8ebd4d50aaa5"
+		},
+		{
+			"ImportPath": "github.com/stretchr/testify/assert",
+			"Rev": "9cc77fa25329013ce07362c7742952ff887361f2"
+		},
+		{
+			"ImportPath": "github.com/ugorji/go/codec",
+			"Rev": "f1f1a805ed361a0e078bb537e4ea78cd37dcf065"
+		},
+		{
+			"ImportPath": "github.com/xiang90/probing",
+			"Rev": "6a0cc1ae81b4cc11db5e491e030e4b98fba79c19"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/bcrypt",
+			"Rev": "1351f936d976c60a0a48d728281922cf63eafb8d"
+		},
+		{
+			"ImportPath": "golang.org/x/crypto/blowfish",
+			"Rev": "1351f936d976c60a0a48d728281922cf63eafb8d"
+		},
+		{
+			"ImportPath": "golang.org/x/net/context",
+			"Rev": "6acef71eb69611914f7a30939ea9f6e194c78172"
+		},
+		{
+			"ImportPath": "golang.org/x/net/http2",
+			"Rev": "6acef71eb69611914f7a30939ea9f6e194c78172"
+		},
+		{
+			"ImportPath": "golang.org/x/net/internal/timeseries",
+			"Rev": "6acef71eb69611914f7a30939ea9f6e194c78172"
+		},
+		{
+			"ImportPath": "golang.org/x/net/trace",
+			"Rev": "6acef71eb69611914f7a30939ea9f6e194c78172"
+		},
+		{
+			"ImportPath": "golang.org/x/sys/unix",
+			"Rev": "9c60d1c508f5134d1ca726b4641db998f2523357"
+		},
+		{
+			"ImportPath": "google.golang.org/grpc",
+			"Rev": "b88c12e7caf74af3928de99a864aaa9916fa5aad"
+		}
+	]
+}
--- a/Godeps/Readme
+++ b/Godeps/Readme
@ -0,0 +1,5 @@
+This directory tree is generated automatically by godep.
+
+Please do not edit.
+
+See https://github.com/tools/godep for more information.
--- a/Godeps/_workspace/.gitignore
+++ b/Godeps/_workspace/.gitignore
@ -0,0 +1,2 @@
+/pkg
+/bin
--- a/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/Makefile
+++ b/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/Makefile
@ -0,0 +1,13 @@
+include $(GOROOT)/src/Make.inc
+
+TARG=bitbucket.org/ww/goautoneg
+GOFILES=autoneg.go
+
+include $(GOROOT)/src/Make.pkg
+
+format:
+	gofmt -w *.go
+
+docs:
+	gomake clean
+	godoc ${TARG} > README.txt
--- a/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/README.txt
+++ b/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/README.txt
@ -0,0 +1,67 @@
+PACKAGE
+
+package goautoneg
+import "bitbucket.org/ww/goautoneg"
+
+HTTP Content-Type Autonegotiation.
+
+The functions in this package implement the behaviour specified in
+http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+
+Copyright (c) 2011, Open Knowledge Foundation Ltd.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+    Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+
+    Neither the name of the Open Knowledge Foundation Ltd. nor the
+    names of its contributors may be used to endorse or promote
+    products derived from this software without specific prior written
+    permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+FUNCTIONS
+
+func Negotiate(header string, alternatives []string) (content_type string)
+Negotiate the most appropriate content_type given the accept header
+and a list of alternatives.
+
+func ParseAccept(header string) (accept []Accept)
+Parse an Accept Header string returning a sorted list
+of clauses
+
+
+TYPES
+
+type Accept struct {
+    Type, SubType string
+    Q             float32
+    Params        map[string]string
+}
+Structure to represent a clause in an HTTP Accept Header
+
+
+SUBDIRECTORIES
+
+	.hg
--- a/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/autoneg.go
+++ b/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/autoneg.go
@ -0,0 +1,162 @@
+/*
+HTTP Content-Type Autonegotiation.
+
+The functions in this package implement the behaviour specified in
+http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+
+Copyright (c) 2011, Open Knowledge Foundation Ltd.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+    Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in
+    the documentation and/or other materials provided with the
+    distribution.
+
+    Neither the name of the Open Knowledge Foundation Ltd. nor the
+    names of its contributors may be used to endorse or promote
+    products derived from this software without specific prior written
+    permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+*/
+package goautoneg
+
+import (
+	"sort"
+	"strconv"
+	"strings"
+)
+
+// Structure to represent a clause in an HTTP Accept Header
+type Accept struct {
+	Type, SubType string
+	Q             float64
+	Params        map[string]string
+}
+
+// For internal use, so that we can use the sort interface
+type accept_slice []Accept
+
+func (accept accept_slice) Len() int {
+	slice := []Accept(accept)
+	return len(slice)
+}
+
+func (accept accept_slice) Less(i, j int) bool {
+	slice := []Accept(accept)
+	ai, aj := slice[i], slice[j]
+	if ai.Q > aj.Q {
+		return true
+	}
+	if ai.Type != "*" && aj.Type == "*" {
+		return true
+	}
+	if ai.SubType != "*" && aj.SubType == "*" {
+		return true
+	}
+	return false
+}
+
+func (accept accept_slice) Swap(i, j int) {
+	slice := []Accept(accept)
+	slice[i], slice[j] = slice[j], slice[i]
+}
+
+// Parse an Accept Header string returning a sorted list
+// of clauses
+func ParseAccept(header string) (accept []Accept) {
+	parts := strings.Split(header, ",")
+	accept = make([]Accept, 0, len(parts))
+	for _, part := range parts {
+		part := strings.Trim(part, " ")
+
+		a := Accept{}
+		a.Params = make(map[string]string)
+		a.Q = 1.0
+
+		mrp := strings.Split(part, ";")
+
+		media_range := mrp[0]
+		sp := strings.Split(media_range, "/")
+		a.Type = strings.Trim(sp[0], " ")
+
+		switch {
+		case len(sp) == 1 && a.Type == "*":
+			a.SubType = "*"
+		case len(sp) == 2:
+			a.SubType = strings.Trim(sp[1], " ")
+		default:
+			continue
+		}
+
+		if len(mrp) == 1 {
+			accept = append(accept, a)
+			continue
+		}
+
+		for _, param := range mrp[1:] {
+			sp := strings.SplitN(param, "=", 2)
+			if len(sp) != 2 {
+				continue
+			}
+			token := strings.Trim(sp[0], " ")
+			if token == "q" {
+				a.Q, _ = strconv.ParseFloat(sp[1], 32)
+			} else {
+				a.Params[token] = strings.Trim(sp[1], " ")
+			}
+		}
+
+		accept = append(accept, a)
+	}
+
+	slice := accept_slice(accept)
+	sort.Sort(slice)
+
+	return
+}
+
+// Negotiate the most appropriate content_type given the accept header
+// and a list of alternatives.
+func Negotiate(header string, alternatives []string) (content_type string) {
+	asp := make([][]string, 0, len(alternatives))
+	for _, ctype := range alternatives {
+		asp = append(asp, strings.SplitN(ctype, "/", 2))
+	}
+	for _, clause := range ParseAccept(header) {
+		for i, ctsp := range asp {
+			if clause.Type == ctsp[0] && clause.SubType == ctsp[1] {
+				content_type = alternatives[i]
+				return
+			}
+			if clause.Type == ctsp[0] && clause.SubType == "*" {
+				content_type = alternatives[i]
+				return
+			}
+			if clause.Type == "*" && clause.SubType == "*" {
+				content_type = alternatives[i]
+				return
+			}
+		}
+	}
+	return
+}
--- a/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/autoneg_test.go
+++ b/Godeps/_workspace/src/bitbucket.org/ww/goautoneg/autoneg_test.go
@ -0,0 +1,33 @@
+package goautoneg
+
+import (
+	"testing"
+)
+
+var chrome = "application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
+
+func TestParseAccept(t *testing.T) {
+	alternatives := []string{"text/html", "image/png"}
+	content_type := Negotiate(chrome, alternatives)
+	if content_type != "image/png" {
+		t.Errorf("got %s expected image/png", content_type)
+	}
+
+	alternatives = []string{"text/html", "text/plain", "text/n3"}
+	content_type = Negotiate(chrome, alternatives)
+	if content_type != "text/html" {
+		t.Errorf("got %s expected text/html", content_type)
+	}
+
+	alternatives = []string{"text/n3", "text/plain"}
+	content_type = Negotiate(chrome, alternatives)
+	if content_type != "text/plain" {
+		t.Errorf("got %s expected text/plain", content_type)
+	}
+
+	alternatives = []string{"text/n3", "application/rdf+xml"}
+	content_type = Negotiate(chrome, alternatives)
+	if content_type != "text/n3" {
+		t.Errorf("got %s expected text/n3", content_type)
+	}
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/.gitignore
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/.gitignore
@ -0,0 +1,5 @@
+#*
+*~
+/tools/pass/pass
+/tools/pcaptest/pcaptest
+/tools/tcpdump/tcpdump
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/LICENSE
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/LICENSE
@ -0,0 +1,27 @@
+Copyright (c) 2009-2011 Andreas Krennmair. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Andreas Krennmair nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/README.mkd
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/README.mkd
@ -0,0 +1,11 @@
+# PCAP
+
+This is a simple wrapper around libpcap for Go.  Originally written by Andreas
+Krennmair <ak@synflood.at> and only minorly touched up by Mark Smith <mark@qq.is>.
+
+Please see the included pcaptest.go and tcpdump.go programs for instructions on
+how to use this library.
+
+Miek Gieben <miek@miek.nl> has created a more Go-like package and replaced functionality
+with standard functions from the standard library. The package has also been renamed to
+pcap.
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/decode.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/decode.go
@ -0,0 +1,527 @@
+package pcap
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net"
+	"reflect"
+	"strings"
+)
+
+const (
+	TYPE_IP   = 0x0800
+	TYPE_ARP  = 0x0806
+	TYPE_IP6  = 0x86DD
+	TYPE_VLAN = 0x8100
+
+	IP_ICMP = 1
+	IP_INIP = 4
+	IP_TCP  = 6
+	IP_UDP  = 17
+)
+
+const (
+	ERRBUF_SIZE = 256
+
+	// According to pcap-linktype(7).
+	LINKTYPE_NULL             = 0
+	LINKTYPE_ETHERNET         = 1
+	LINKTYPE_TOKEN_RING       = 6
+	LINKTYPE_ARCNET           = 7
+	LINKTYPE_SLIP             = 8
+	LINKTYPE_PPP              = 9
+	LINKTYPE_FDDI             = 10
+	LINKTYPE_ATM_RFC1483      = 100
+	LINKTYPE_RAW              = 101
+	LINKTYPE_PPP_HDLC         = 50
+	LINKTYPE_PPP_ETHER        = 51
+	LINKTYPE_C_HDLC           = 104
+	LINKTYPE_IEEE802_11       = 105
+	LINKTYPE_FRELAY           = 107
+	LINKTYPE_LOOP             = 108
+	LINKTYPE_LINUX_SLL        = 113
+	LINKTYPE_LTALK            = 104
+	LINKTYPE_PFLOG            = 117
+	LINKTYPE_PRISM_HEADER     = 119
+	LINKTYPE_IP_OVER_FC       = 122
+	LINKTYPE_SUNATM           = 123
+	LINKTYPE_IEEE802_11_RADIO = 127
+	LINKTYPE_ARCNET_LINUX     = 129
+	LINKTYPE_LINUX_IRDA       = 144
+	LINKTYPE_LINUX_LAPD       = 177
+)
+
+type addrHdr interface {
+	SrcAddr() string
+	DestAddr() string
+	Len() int
+}
+
+type addrStringer interface {
+	String(addr addrHdr) string
+}
+
+func decodemac(pkt []byte) uint64 {
+	mac := uint64(0)
+	for i := uint(0); i < 6; i++ {
+		mac = (mac << 8) + uint64(pkt[i])
+	}
+	return mac
+}
+
+// Decode decodes the headers of a Packet.
+func (p *Packet) Decode() {
+	if len(p.Data) <= 14 {
+		return
+	}
+
+	p.Type = int(binary.BigEndian.Uint16(p.Data[12:14]))
+	p.DestMac = decodemac(p.Data[0:6])
+	p.SrcMac = decodemac(p.Data[6:12])
+
+	if len(p.Data) >= 15 {
+		p.Payload = p.Data[14:]
+	}
+
+	switch p.Type {
+	case TYPE_IP:
+		p.decodeIp()
+	case TYPE_IP6:
+		p.decodeIp6()
+	case TYPE_ARP:
+		p.decodeArp()
+	case TYPE_VLAN:
+		p.decodeVlan()
+	}
+}
+
+func (p *Packet) headerString(headers []interface{}) string {
+	// If there's just one header, return that.
+	if len(headers) == 1 {
+		if hdr, ok := headers[0].(fmt.Stringer); ok {
+			return hdr.String()
+		}
+	}
+	// If there are two headers (IPv4/IPv6 -> TCP/UDP/IP..)
+	if len(headers) == 2 {
+		// Commonly the first header is an address.
+		if addr, ok := p.Headers[0].(addrHdr); ok {
+			if hdr, ok := p.Headers[1].(addrStringer); ok {
+				return fmt.Sprintf("%s %s", p.Time, hdr.String(addr))
+			}
+		}
+	}
+	// For IP in IP, we do a recursive call.
+	if len(headers) >= 2 {
+		if addr, ok := headers[0].(addrHdr); ok {
+			if _, ok := headers[1].(addrHdr); ok {
+				return fmt.Sprintf("%s > %s IP in IP: ",
+					addr.SrcAddr(), addr.DestAddr(), p.headerString(headers[1:]))
+			}
+		}
+	}
+
+	var typeNames []string
+	for _, hdr := range headers {
+		typeNames = append(typeNames, reflect.TypeOf(hdr).String())
+	}
+
+	return fmt.Sprintf("unknown [%s]", strings.Join(typeNames, ","))
+}
+
+// String prints a one-line representation of the packet header.
+// The output is suitable for use in a tcpdump program.
+func (p *Packet) String() string {
+	// If there are no headers, print "unsupported protocol".
+	if len(p.Headers) == 0 {
+		return fmt.Sprintf("%s unsupported protocol %d", p.Time, int(p.Type))
+	}
+	return fmt.Sprintf("%s %s", p.Time, p.headerString(p.Headers))
+}
+
+// Arphdr is a ARP packet header.
+type Arphdr struct {
+	Addrtype          uint16
+	Protocol          uint16
+	HwAddressSize     uint8
+	ProtAddressSize   uint8
+	Operation         uint16
+	SourceHwAddress   []byte
+	SourceProtAddress []byte
+	DestHwAddress     []byte
+	DestProtAddress   []byte
+}
+
+func (arp *Arphdr) String() (s string) {
+	switch arp.Operation {
+	case 1:
+		s = "ARP request"
+	case 2:
+		s = "ARP Reply"
+	}
+	if arp.Addrtype == LINKTYPE_ETHERNET && arp.Protocol == TYPE_IP {
+		s = fmt.Sprintf("%012x (%s) > %012x (%s)",
+			decodemac(arp.SourceHwAddress), arp.SourceProtAddress,
+			decodemac(arp.DestHwAddress), arp.DestProtAddress)
+	} else {
+		s = fmt.Sprintf("addrtype = %d protocol = %d", arp.Addrtype, arp.Protocol)
+	}
+	return
+}
+
+func (p *Packet) decodeArp() {
+	if len(p.Payload) < 8 {
+		return
+	}
+
+	pkt := p.Payload
+	arp := new(Arphdr)
+	arp.Addrtype = binary.BigEndian.Uint16(pkt[0:2])
+	arp.Protocol = binary.BigEndian.Uint16(pkt[2:4])
+	arp.HwAddressSize = pkt[4]
+	arp.ProtAddressSize = pkt[5]
+	arp.Operation = binary.BigEndian.Uint16(pkt[6:8])
+
+	if len(pkt) < int(8+2*arp.HwAddressSize+2*arp.ProtAddressSize) {
+		return
+	}
+	arp.SourceHwAddress = pkt[8 : 8+arp.HwAddressSize]
+	arp.SourceProtAddress = pkt[8+arp.HwAddressSize : 8+arp.HwAddressSize+arp.ProtAddressSize]
+	arp.DestHwAddress = pkt[8+arp.HwAddressSize+arp.ProtAddressSize : 8+2*arp.HwAddressSize+arp.ProtAddressSize]
+	arp.DestProtAddress = pkt[8+2*arp.HwAddressSize+arp.ProtAddressSize : 8+2*arp.HwAddressSize+2*arp.ProtAddressSize]
+
+	p.Headers = append(p.Headers, arp)
+
+	if len(pkt) >= int(8+2*arp.HwAddressSize+2*arp.ProtAddressSize) {
+		p.Payload = p.Payload[8+2*arp.HwAddressSize+2*arp.ProtAddressSize:]
+	}
+}
+
+// IPadr is the header of an IP packet.
+type Iphdr struct {
+	Version    uint8
+	Ihl        uint8
+	Tos        uint8
+	Length     uint16
+	Id         uint16
+	Flags      uint8
+	FragOffset uint16
+	Ttl        uint8
+	Protocol   uint8
+	Checksum   uint16
+	SrcIp      []byte
+	DestIp     []byte
+}
+
+func (p *Packet) decodeIp() {
+	if len(p.Payload) < 20 {
+		return
+	}
+
+	pkt := p.Payload
+	ip := new(Iphdr)
+
+	ip.Version = uint8(pkt[0]) >> 4
+	ip.Ihl = uint8(pkt[0]) & 0x0F
+	ip.Tos = pkt[1]
+	ip.Length = binary.BigEndian.Uint16(pkt[2:4])
+	ip.Id = binary.BigEndian.Uint16(pkt[4:6])
+	flagsfrags := binary.BigEndian.Uint16(pkt[6:8])
+	ip.Flags = uint8(flagsfrags >> 13)
+	ip.FragOffset = flagsfrags & 0x1FFF
+	ip.Ttl = pkt[8]
+	ip.Protocol = pkt[9]
+	ip.Checksum = binary.BigEndian.Uint16(pkt[10:12])
+	ip.SrcIp = pkt[12:16]
+	ip.DestIp = pkt[16:20]
+
+	pEnd := int(ip.Length)
+	if pEnd > len(pkt) {
+		pEnd = len(pkt)
+	}
+
+	if len(pkt) >= pEnd && int(ip.Ihl*4) < pEnd {
+		p.Payload = pkt[ip.Ihl*4 : pEnd]
+	} else {
+		p.Payload = []byte{}
+	}
+
+	p.Headers = append(p.Headers, ip)
+	p.IP = ip
+
+	switch ip.Protocol {
+	case IP_TCP:
+		p.decodeTcp()
+	case IP_UDP:
+		p.decodeUdp()
+	case IP_ICMP:
+		p.decodeIcmp()
+	case IP_INIP:
+		p.decodeIp()
+	}
+}
+
+func (ip *Iphdr) SrcAddr() string  { return net.IP(ip.SrcIp).String() }
+func (ip *Iphdr) DestAddr() string { return net.IP(ip.DestIp).String() }
+func (ip *Iphdr) Len() int         { return int(ip.Length) }
+
+type Vlanhdr struct {
+	Priority       byte
+	DropEligible   bool
+	VlanIdentifier int
+	Type           int // Not actually part of the vlan header, but the type of the actual packet
+}
+
+func (v *Vlanhdr) String() {
+	fmt.Sprintf("VLAN Priority:%d Drop:%v Tag:%d", v.Priority, v.DropEligible, v.VlanIdentifier)
+}
+
+func (p *Packet) decodeVlan() {
+	pkt := p.Payload
+	vlan := new(Vlanhdr)
+	if len(pkt) < 4 {
+		return
+	}
+
+	vlan.Priority = (pkt[2] & 0xE0) >> 13
+	vlan.DropEligible = pkt[2]&0x10 != 0
+	vlan.VlanIdentifier = int(binary.BigEndian.Uint16(pkt[:2])) & 0x0FFF
+	vlan.Type = int(binary.BigEndian.Uint16(p.Payload[2:4]))
+	p.Headers = append(p.Headers, vlan)
+
+	if len(pkt) >= 5 {
+		p.Payload = p.Payload[4:]
+	}
+
+	switch vlan.Type {
+	case TYPE_IP:
+		p.decodeIp()
+	case TYPE_IP6:
+		p.decodeIp6()
+	case TYPE_ARP:
+		p.decodeArp()
+	}
+}
+
+type Tcphdr struct {
+	SrcPort    uint16
+	DestPort   uint16
+	Seq        uint32
+	Ack        uint32
+	DataOffset uint8
+	Flags      uint16
+	Window     uint16
+	Checksum   uint16
+	Urgent     uint16
+	Data       []byte
+}
+
+const (
+	TCP_FIN = 1 << iota
+	TCP_SYN
+	TCP_RST
+	TCP_PSH
+	TCP_ACK
+	TCP_URG
+	TCP_ECE
+	TCP_CWR
+	TCP_NS
+)
+
+func (p *Packet) decodeTcp() {
+	if len(p.Payload) < 20 {
+		return
+	}
+
+	pkt := p.Payload
+	tcp := new(Tcphdr)
+	tcp.SrcPort = binary.BigEndian.Uint16(pkt[0:2])
+	tcp.DestPort = binary.BigEndian.Uint16(pkt[2:4])
+	tcp.Seq = binary.BigEndian.Uint32(pkt[4:8])
+	tcp.Ack = binary.BigEndian.Uint32(pkt[8:12])
+	tcp.DataOffset = (pkt[12] & 0xF0) >> 4
+	tcp.Flags = binary.BigEndian.Uint16(pkt[12:14]) & 0x1FF
+	tcp.Window = binary.BigEndian.Uint16(pkt[14:16])
+	tcp.Checksum = binary.BigEndian.Uint16(pkt[16:18])
+	tcp.Urgent = binary.BigEndian.Uint16(pkt[18:20])
+	if len(pkt) >= int(tcp.DataOffset*4) {
+		p.Payload = pkt[tcp.DataOffset*4:]
+	}
+	p.Headers = append(p.Headers, tcp)
+	p.TCP = tcp
+}
+
+func (tcp *Tcphdr) String(hdr addrHdr) string {
+	return fmt.Sprintf("TCP %s:%d > %s:%d %s SEQ=%d ACK=%d LEN=%d",
+		hdr.SrcAddr(), int(tcp.SrcPort), hdr.DestAddr(), int(tcp.DestPort),
+		tcp.FlagsString(), int64(tcp.Seq), int64(tcp.Ack), hdr.Len())
+}
+
+func (tcp *Tcphdr) FlagsString() string {
+	var sflags []string
+	if 0 != (tcp.Flags & TCP_SYN) {
+		sflags = append(sflags, "syn")
+	}
+	if 0 != (tcp.Flags & TCP_FIN) {
+		sflags = append(sflags, "fin")
+	}
+	if 0 != (tcp.Flags & TCP_ACK) {
+		sflags = append(sflags, "ack")
+	}
+	if 0 != (tcp.Flags & TCP_PSH) {
+		sflags = append(sflags, "psh")
+	}
+	if 0 != (tcp.Flags & TCP_RST) {
+		sflags = append(sflags, "rst")
+	}
+	if 0 != (tcp.Flags & TCP_URG) {
+		sflags = append(sflags, "urg")
+	}
+	if 0 != (tcp.Flags & TCP_NS) {
+		sflags = append(sflags, "ns")
+	}
+	if 0 != (tcp.Flags & TCP_CWR) {
+		sflags = append(sflags, "cwr")
+	}
+	if 0 != (tcp.Flags & TCP_ECE) {
+		sflags = append(sflags, "ece")
+	}
+	return fmt.Sprintf("[%s]", strings.Join(sflags, " "))
+}
+
+type Udphdr struct {
+	SrcPort  uint16
+	DestPort uint16
+	Length   uint16
+	Checksum uint16
+}
+
+func (p *Packet) decodeUdp() {
+	if len(p.Payload) < 8 {
+		return
+	}
+
+	pkt := p.Payload
+	udp := new(Udphdr)
+	udp.SrcPort = binary.BigEndian.Uint16(pkt[0:2])
+	udp.DestPort = binary.BigEndian.Uint16(pkt[2:4])
+	udp.Length = binary.BigEndian.Uint16(pkt[4:6])
+	udp.Checksum = binary.BigEndian.Uint16(pkt[6:8])
+	p.Headers = append(p.Headers, udp)
+	p.UDP = udp
+	if len(p.Payload) >= 8 {
+		p.Payload = pkt[8:]
+	}
+}
+
+func (udp *Udphdr) String(hdr addrHdr) string {
+	return fmt.Sprintf("UDP %s:%d > %s:%d LEN=%d CHKSUM=%d",
+		hdr.SrcAddr(), int(udp.SrcPort), hdr.DestAddr(), int(udp.DestPort),
+		int(udp.Length), int(udp.Checksum))
+}
+
+type Icmphdr struct {
+	Type     uint8
+	Code     uint8
+	Checksum uint16
+	Id       uint16
+	Seq      uint16
+	Data     []byte
+}
+
+func (p *Packet) decodeIcmp() *Icmphdr {
+	if len(p.Payload) < 8 {
+		return nil
+	}
+
+	pkt := p.Payload
+	icmp := new(Icmphdr)
+	icmp.Type = pkt[0]
+	icmp.Code = pkt[1]
+	icmp.Checksum = binary.BigEndian.Uint16(pkt[2:4])
+	icmp.Id = binary.BigEndian.Uint16(pkt[4:6])
+	icmp.Seq = binary.BigEndian.Uint16(pkt[6:8])
+	p.Payload = pkt[8:]
+	p.Headers = append(p.Headers, icmp)
+	return icmp
+}
+
+func (icmp *Icmphdr) String(hdr addrHdr) string {
+	return fmt.Sprintf("ICMP %s > %s Type = %d Code = %d ",
+		hdr.SrcAddr(), hdr.DestAddr(), icmp.Type, icmp.Code)
+}
+
+func (icmp *Icmphdr) TypeString() (result string) {
+	switch icmp.Type {
+	case 0:
+		result = fmt.Sprintf("Echo reply seq=%d", icmp.Seq)
+	case 3:
+		switch icmp.Code {
+		case 0:
+			result = "Network unreachable"
+		case 1:
+			result = "Host unreachable"
+		case 2:
+			result = "Protocol unreachable"
+		case 3:
+			result = "Port unreachable"
+		default:
+			result = "Destination unreachable"
+		}
+	case 8:
+		result = fmt.Sprintf("Echo request seq=%d", icmp.Seq)
+	case 30:
+		result = "Traceroute"
+	}
+	return
+}
+
+type Ip6hdr struct {
+	// http://www.networksorcery.com/enp/protocol/ipv6.htm
+	Version      uint8  // 4 bits
+	TrafficClass uint8  // 8 bits
+	FlowLabel    uint32 // 20 bits
+	Length       uint16 // 16 bits
+	NextHeader   uint8  // 8 bits, same as Protocol in Iphdr
+	HopLimit     uint8  // 8 bits
+	SrcIp        []byte // 16 bytes
+	DestIp       []byte // 16 bytes
+}
+
+func (p *Packet) decodeIp6() {
+	if len(p.Payload) < 40 {
+		return
+	}
+
+	pkt := p.Payload
+	ip6 := new(Ip6hdr)
+	ip6.Version = uint8(pkt[0]) >> 4
+	ip6.TrafficClass = uint8((binary.BigEndian.Uint16(pkt[0:2]) >> 4) & 0x00FF)
+	ip6.FlowLabel = binary.BigEndian.Uint32(pkt[0:4]) & 0x000FFFFF
+	ip6.Length = binary.BigEndian.Uint16(pkt[4:6])
+	ip6.NextHeader = pkt[6]
+	ip6.HopLimit = pkt[7]
+	ip6.SrcIp = pkt[8:24]
+	ip6.DestIp = pkt[24:40]
+
+	if len(p.Payload) >= 40 {
+		p.Payload = pkt[40:]
+	}
+
+	p.Headers = append(p.Headers, ip6)
+
+	switch ip6.NextHeader {
+	case IP_TCP:
+		p.decodeTcp()
+	case IP_UDP:
+		p.decodeUdp()
+	case IP_ICMP:
+		p.decodeIcmp()
+	case IP_INIP:
+		p.decodeIp()
+	}
+}
+
+func (ip6 *Ip6hdr) SrcAddr() string  { return net.IP(ip6.SrcIp).String() }
+func (ip6 *Ip6hdr) DestAddr() string { return net.IP(ip6.DestIp).String() }
+func (ip6 *Ip6hdr) Len() int         { return int(ip6.Length) }
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/decode_test.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/decode_test.go
@ -0,0 +1,247 @@
+package pcap
+
+import (
+	"bytes"
+	"testing"
+	"time"
+)
+
+var testSimpleTcpPacket *Packet = &Packet{
+	Data: []byte{
+		0x00, 0x00, 0x0c, 0x9f, 0xf0, 0x20, 0xbc, 0x30, 0x5b, 0xe8, 0xd3, 0x49,
+		0x08, 0x00, 0x45, 0x00, 0x01, 0xa4, 0x39, 0xdf, 0x40, 0x00, 0x40, 0x06,
+		0x55, 0x5a, 0xac, 0x11, 0x51, 0x49, 0xad, 0xde, 0xfe, 0xe1, 0xc5, 0xf7,
+		0x00, 0x50, 0xc5, 0x7e, 0x0e, 0x48, 0x49, 0x07, 0x42, 0x32, 0x80, 0x18,
+		0x00, 0x73, 0xab, 0xb1, 0x00, 0x00, 0x01, 0x01, 0x08, 0x0a, 0x03, 0x77,
+		0x37, 0x9c, 0x42, 0x77, 0x5e, 0x3a, 0x47, 0x45, 0x54, 0x20, 0x2f, 0x20,
+		0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x31, 0x0d, 0x0a, 0x48, 0x6f,
+		0x73, 0x74, 0x3a, 0x20, 0x77, 0x77, 0x77, 0x2e, 0x66, 0x69, 0x73, 0x68,
+		0x2e, 0x63, 0x6f, 0x6d, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+		0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x20, 0x6b, 0x65, 0x65, 0x70, 0x2d, 0x61,
+		0x6c, 0x69, 0x76, 0x65, 0x0d, 0x0a, 0x55, 0x73, 0x65, 0x72, 0x2d, 0x41,
+		0x67, 0x65, 0x6e, 0x74, 0x3a, 0x20, 0x4d, 0x6f, 0x7a, 0x69, 0x6c, 0x6c,
+		0x61, 0x2f, 0x35, 0x2e, 0x30, 0x20, 0x28, 0x58, 0x31, 0x31, 0x3b, 0x20,
+		0x4c, 0x69, 0x6e, 0x75, 0x78, 0x20, 0x78, 0x38, 0x36, 0x5f, 0x36, 0x34,
+		0x29, 0x20, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x57, 0x65, 0x62, 0x4b, 0x69,
+		0x74, 0x2f, 0x35, 0x33, 0x35, 0x2e, 0x32, 0x20, 0x28, 0x4b, 0x48, 0x54,
+		0x4d, 0x4c, 0x2c, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x47, 0x65, 0x63,
+		0x6b, 0x6f, 0x29, 0x20, 0x43, 0x68, 0x72, 0x6f, 0x6d, 0x65, 0x2f, 0x31,
+		0x35, 0x2e, 0x30, 0x2e, 0x38, 0x37, 0x34, 0x2e, 0x31, 0x32, 0x31, 0x20,
+		0x53, 0x61, 0x66, 0x61, 0x72, 0x69, 0x2f, 0x35, 0x33, 0x35, 0x2e, 0x32,
+		0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x3a, 0x20, 0x74, 0x65,
+		0x78, 0x74, 0x2f, 0x68, 0x74, 0x6d, 0x6c, 0x2c, 0x61, 0x70, 0x70, 0x6c,
+		0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x78, 0x68, 0x74, 0x6d,
+		0x6c, 0x2b, 0x78, 0x6d, 0x6c, 0x2c, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63,
+		0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x78, 0x6d, 0x6c, 0x3b, 0x71, 0x3d,
+		0x30, 0x2e, 0x39, 0x2c, 0x2a, 0x2f, 0x2a, 0x3b, 0x71, 0x3d, 0x30, 0x2e,
+		0x38, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x45, 0x6e,
+		0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x3a, 0x20, 0x67, 0x7a, 0x69, 0x70,
+		0x2c, 0x64, 0x65, 0x66, 0x6c, 0x61, 0x74, 0x65, 0x2c, 0x73, 0x64, 0x63,
+		0x68, 0x0d, 0x0a, 0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x4c, 0x61,
+		0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x3a, 0x20, 0x65, 0x6e, 0x2d, 0x55,
+		0x53, 0x2c, 0x65, 0x6e, 0x3b, 0x71, 0x3d, 0x30, 0x2e, 0x38, 0x0d, 0x0a,
+		0x41, 0x63, 0x63, 0x65, 0x70, 0x74, 0x2d, 0x43, 0x68, 0x61, 0x72, 0x73,
+		0x65, 0x74, 0x3a, 0x20, 0x49, 0x53, 0x4f, 0x2d, 0x38, 0x38, 0x35, 0x39,
+		0x2d, 0x31, 0x2c, 0x75, 0x74, 0x66, 0x2d, 0x38, 0x3b, 0x71, 0x3d, 0x30,
+		0x2e, 0x37, 0x2c, 0x2a, 0x3b, 0x71, 0x3d, 0x30, 0x2e, 0x33, 0x0d, 0x0a,
+		0x0d, 0x0a,
+	}}
+
+func BenchmarkDecodeSimpleTcpPacket(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		testSimpleTcpPacket.Decode()
+	}
+}
+
+func TestDecodeSimpleTcpPacket(t *testing.T) {
+	p := testSimpleTcpPacket
+	p.Decode()
+	if p.DestMac != 0x00000c9ff020 {
+		t.Error("Dest mac", p.DestMac)
+	}
+	if p.SrcMac != 0xbc305be8d349 {
+		t.Error("Src mac", p.SrcMac)
+	}
+	if len(p.Headers) != 2 {
+		t.Error("Incorrect number of headers", len(p.Headers))
+		return
+	}
+	if ip, ipOk := p.Headers[0].(*Iphdr); ipOk {
+		if ip.Version != 4 {
+			t.Error("ip Version", ip.Version)
+		}
+		if ip.Ihl != 5 {
+			t.Error("ip header length", ip.Ihl)
+		}
+		if ip.Tos != 0 {
+			t.Error("ip TOS", ip.Tos)
+		}
+		if ip.Length != 420 {
+			t.Error("ip Length", ip.Length)
+		}
+		if ip.Id != 14815 {
+			t.Error("ip ID", ip.Id)
+		}
+		if ip.Flags != 0x02 {
+			t.Error("ip Flags", ip.Flags)
+		}
+		if ip.FragOffset != 0 {
+			t.Error("ip Fragoffset", ip.FragOffset)
+		}
+		if ip.Ttl != 64 {
+			t.Error("ip TTL", ip.Ttl)
+		}
+		if ip.Protocol != 6 {
+			t.Error("ip Protocol", ip.Protocol)
+		}
+		if ip.Checksum != 0x555A {
+			t.Error("ip Checksum", ip.Checksum)
+		}
+		if !bytes.Equal(ip.SrcIp, []byte{172, 17, 81, 73}) {
+			t.Error("ip Src", ip.SrcIp)
+		}
+		if !bytes.Equal(ip.DestIp, []byte{173, 222, 254, 225}) {
+			t.Error("ip Dest", ip.DestIp)
+		}
+		if tcp, tcpOk := p.Headers[1].(*Tcphdr); tcpOk {
+			if tcp.SrcPort != 50679 {
+				t.Error("tcp srcport", tcp.SrcPort)
+			}
+			if tcp.DestPort != 80 {
+				t.Error("tcp destport", tcp.DestPort)
+			}
+			if tcp.Seq != 0xc57e0e48 {
+				t.Error("tcp seq", tcp.Seq)
+			}
+			if tcp.Ack != 0x49074232 {
+				t.Error("tcp ack", tcp.Ack)
+			}
+			if tcp.DataOffset != 8 {
+				t.Error("tcp dataoffset", tcp.DataOffset)
+			}
+			if tcp.Flags != 0x18 {
+				t.Error("tcp flags", tcp.Flags)
+			}
+			if tcp.Window != 0x73 {
+				t.Error("tcp window", tcp.Window)
+			}
+			if tcp.Checksum != 0xabb1 {
+				t.Error("tcp checksum", tcp.Checksum)
+			}
+			if tcp.Urgent != 0 {
+				t.Error("tcp urgent", tcp.Urgent)
+			}
+		} else {
+			t.Error("Second header is not TCP header")
+		}
+	} else {
+		t.Error("First header is not IP header")
+	}
+	if string(p.Payload) != "GET / HTTP/1.1\r\nHost: www.fish.com\r\nConnection: keep-alive\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip,deflate,sdch\r\nAccept-Language: en-US,en;q=0.8\r\nAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n\r\n" {
+		t.Error("--- PAYLOAD STRING ---\n", string(p.Payload), "\n--- PAYLOAD BYTES ---\n", p.Payload)
+	}
+}
+
+// Makes sure packet payload doesn't display the 6 trailing null of this packet
+// as part of the payload.  They're actually the ethernet trailer.
+func TestDecodeSmallTcpPacketHasEmptyPayload(t *testing.T) {
+	p := &Packet{
+		// This packet is only 54 bits (an empty TCP RST), thus 6 trailing null
+		// bytes are added by the ethernet layer to make it the minimum packet size.
+		Data: []byte{
+			0xbc, 0x30, 0x5b, 0xe8, 0xd3, 0x49, 0xb8, 0xac, 0x6f, 0x92, 0xd5, 0xbf,
+			0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x00, 0x00, 0x40, 0x00, 0x40, 0x06,
+			0x3f, 0x9f, 0xac, 0x11, 0x51, 0xc5, 0xac, 0x11, 0x51, 0x49, 0x00, 0x63,
+			0x9a, 0xef, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc1, 0x27, 0x83, 0x50, 0x14,
+			0x00, 0x00, 0xc3, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		}}
+	p.Decode()
+	if p.Payload == nil {
+		t.Error("Nil payload")
+	}
+	if len(p.Payload) != 0 {
+		t.Error("Non-empty payload:", p.Payload)
+	}
+}
+
+func TestDecodeVlanPacket(t *testing.T) {
+	p := &Packet{
+		Data: []byte{
+			0x00, 0x10, 0xdb, 0xff, 0x10, 0x00, 0x00, 0x15, 0x2c, 0x9d, 0xcc, 0x00, 0x81, 0x00, 0x01, 0xf7,
+			0x08, 0x00, 0x45, 0x00, 0x00, 0x28, 0x29, 0x8d, 0x40, 0x00, 0x7d, 0x06, 0x83, 0xa0, 0xac, 0x1b,
+			0xca, 0x8e, 0x45, 0x16, 0x94, 0xe2, 0xd4, 0x0a, 0x00, 0x50, 0xdf, 0xab, 0x9c, 0xc6, 0xcd, 0x1e,
+			0xe5, 0xd1, 0x50, 0x10, 0x01, 0x00, 0x5a, 0x74, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		}}
+	p.Decode()
+	if p.Type != TYPE_VLAN {
+		t.Error("Didn't detect vlan")
+	}
+	if len(p.Headers) != 3 {
+		t.Error("Incorrect number of headers:", len(p.Headers))
+		for i, h := range p.Headers {
+			t.Errorf("Header %d: %#v", i, h)
+		}
+		t.FailNow()
+	}
+	if _, ok := p.Headers[0].(*Vlanhdr); !ok {
+		t.Errorf("First header isn't vlan: %q", p.Headers[0])
+	}
+	if _, ok := p.Headers[1].(*Iphdr); !ok {
+		t.Errorf("Second header isn't IP: %q", p.Headers[1])
+	}
+	if _, ok := p.Headers[2].(*Tcphdr); !ok {
+		t.Errorf("Third header isn't TCP: %q", p.Headers[2])
+	}
+}
+
+func TestDecodeFuzzFallout(t *testing.T) {
+	testData := []struct {
+		Data []byte
+	}{
+		{[]byte("000000000000\x81\x000")},
+		{[]byte("000000000000\x81\x00000")},
+		{[]byte("000000000000\x86\xdd0")},
+		{[]byte("000000000000\b\x000")},
+		{[]byte("000000000000\b\x060")},
+		{[]byte{}},
+		{[]byte("000000000000\b\x0600000000")},
+		{[]byte("000000000000\x86\xdd000000\x01000000000000000000000000000000000")},
+		{[]byte("000000000000\x81\x0000\b\x0600000000")},
+		{[]byte("000000000000\b\x00n0000000000000000000")},
+		{[]byte("000000000000\x86\xdd000000\x0100000000000000000000000000000000000")},
+		{[]byte("000000000000\x81\x0000\b\x00g0000000000000000000")},
+		//{[]byte()},
+		{[]byte("000000000000\b\x00400000000\x110000000000")},
+		{[]byte("0nMء\xfe\x13\x13\x81\x00gr\b\x00&x\xc9\xe5b'\x1e0\x00\x04\x00\x0020596224")},
+		{[]byte("000000000000\x81\x0000\b\x00400000000\x110000000000")},
+		{[]byte("000000000000\b\x00000000000\x0600\xff0000000")},
+		{[]byte("000000000000\x86\xdd000000\x06000000000000000000000000000000000")},
+		{[]byte("000000000000\x81\x0000\b\x00000000000\x0600b0000000")},
+		{[]byte("000000000000\x81\x0000\b\x00400000000\x060000000000")},
+		{[]byte("000000000000\x86\xdd000000\x11000000000000000000000000000000000")},
+		{[]byte("000000000000\x86\xdd000000\x0600000000000000000000000000000000000000000000M")},
+		{[]byte("000000000000\b\x00500000000\x0600000000000")},
+		{[]byte("0nM\xd80\xfe\x13\x13\x81\x00gr\b\x00&x\xc9\xe5b'\x1e0\x00\x04\x00\x0020596224")},
+	}
+
+	for _, entry := range testData {
+		pkt := &Packet{
+			Time:   time.Now(),
+			Caplen: uint32(len(entry.Data)),
+			Len:    uint32(len(entry.Data)),
+			Data:   entry.Data,
+		}
+
+		pkt.Decode()
+		/*
+			func() {
+				defer func() {
+					if err := recover(); err != nil {
+						t.Fatalf("%d. %q failed: %v", idx, string(entry.Data), err)
+					}
+				}()
+				pkt.Decode()
+			}()
+		*/
+	}
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/io.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/io.go
@ -0,0 +1,206 @@
+package pcap
+
+import (
+	"encoding/binary"
+	"fmt"
+	"io"
+	"time"
+)
+
+// FileHeader is the parsed header of a pcap file.
+// http://wiki.wireshark.org/Development/LibpcapFileFormat
+type FileHeader struct {
+	MagicNumber  uint32
+	VersionMajor uint16
+	VersionMinor uint16
+	TimeZone     int32
+	SigFigs      uint32
+	SnapLen      uint32
+	Network      uint32
+}
+
+type PacketTime struct {
+	Sec  int32
+	Usec int32
+}
+
+// Convert the PacketTime to a go Time struct.
+func (p *PacketTime) Time() time.Time {
+	return time.Unix(int64(p.Sec), int64(p.Usec)*1000)
+}
+
+// Packet is a single packet parsed from a pcap file.
+//
+// Convenient access to IP, TCP, and UDP headers is provided after Decode()
+// is called if the packet is of the appropriate type.
+type Packet struct {
+	Time   time.Time // packet send/receive time
+	Caplen uint32    // bytes stored in the file (caplen <= len)
+	Len    uint32    // bytes sent/received
+	Data   []byte    // packet data
+
+	Type    int // protocol type, see LINKTYPE_*
+	DestMac uint64
+	SrcMac  uint64
+
+	Headers []interface{} // decoded headers, in order
+	Payload []byte        // remaining non-header bytes
+
+	IP  *Iphdr  // IP header (for IP packets, after decoding)
+	TCP *Tcphdr // TCP header (for TCP packets, after decoding)
+	UDP *Udphdr // UDP header (for UDP packets after decoding)
+}
+
+// Reader parses pcap files.
+type Reader struct {
+	flip         bool
+	buf          io.Reader
+	err          error
+	fourBytes    []byte
+	twoBytes     []byte
+	sixteenBytes []byte
+	Header       FileHeader
+}
+
+// NewReader reads pcap data from an io.Reader.
+func NewReader(reader io.Reader) (*Reader, error) {
+	r := &Reader{
+		buf:          reader,
+		fourBytes:    make([]byte, 4),
+		twoBytes:     make([]byte, 2),
+		sixteenBytes: make([]byte, 16),
+	}
+	switch magic := r.readUint32(); magic {
+	case 0xa1b2c3d4:
+		r.flip = false
+	case 0xd4c3b2a1:
+		r.flip = true
+	default:
+		return nil, fmt.Errorf("pcap: bad magic number: %0x", magic)
+	}
+	r.Header = FileHeader{
+		MagicNumber:  0xa1b2c3d4,
+		VersionMajor: r.readUint16(),
+		VersionMinor: r.readUint16(),
+		TimeZone:     r.readInt32(),
+		SigFigs:      r.readUint32(),
+		SnapLen:      r.readUint32(),
+		Network:      r.readUint32(),
+	}
+	return r, nil
+}
+
+// Next returns the next packet or nil if no more packets can be read.
+func (r *Reader) Next() *Packet {
+	d := r.sixteenBytes
+	r.err = r.read(d)
+	if r.err != nil {
+		return nil
+	}
+	timeSec := asUint32(d[0:4], r.flip)
+	timeUsec := asUint32(d[4:8], r.flip)
+	capLen := asUint32(d[8:12], r.flip)
+	origLen := asUint32(d[12:16], r.flip)
+
+	data := make([]byte, capLen)
+	if r.err = r.read(data); r.err != nil {
+		return nil
+	}
+	return &Packet{
+		Time:   time.Unix(int64(timeSec), int64(timeUsec)),
+		Caplen: capLen,
+		Len:    origLen,
+		Data:   data,
+	}
+}
+
+func (r *Reader) read(data []byte) error {
+	var err error
+	n, err := r.buf.Read(data)
+	for err == nil && n != len(data) {
+		var chunk int
+		chunk, err = r.buf.Read(data[n:])
+		n += chunk
+	}
+	if len(data) == n {
+		return nil
+	}
+	return err
+}
+
+func (r *Reader) readUint32() uint32 {
+	data := r.fourBytes
+	if r.err = r.read(data); r.err != nil {
+		return 0
+	}
+	return asUint32(data, r.flip)
+}
+
+func (r *Reader) readInt32() int32 {
+	data := r.fourBytes
+	if r.err = r.read(data); r.err != nil {
+		return 0
+	}
+	return int32(asUint32(data, r.flip))
+}
+
+func (r *Reader) readUint16() uint16 {
+	data := r.twoBytes
+	if r.err = r.read(data); r.err != nil {
+		return 0
+	}
+	return asUint16(data, r.flip)
+}
+
+// Writer writes a pcap file.
+type Writer struct {
+	writer io.Writer
+	buf    []byte
+}
+
+// NewWriter creates a Writer that stores output in an io.Writer.
+// The FileHeader is written immediately.
+func NewWriter(writer io.Writer, header *FileHeader) (*Writer, error) {
+	w := &Writer{
+		writer: writer,
+		buf:    make([]byte, 24),
+	}
+	binary.LittleEndian.PutUint32(w.buf, header.MagicNumber)
+	binary.LittleEndian.PutUint16(w.buf[4:], header.VersionMajor)
+	binary.LittleEndian.PutUint16(w.buf[6:], header.VersionMinor)
+	binary.LittleEndian.PutUint32(w.buf[8:], uint32(header.TimeZone))
+	binary.LittleEndian.PutUint32(w.buf[12:], header.SigFigs)
+	binary.LittleEndian.PutUint32(w.buf[16:], header.SnapLen)
+	binary.LittleEndian.PutUint32(w.buf[20:], header.Network)
+	if _, err := writer.Write(w.buf); err != nil {
+		return nil, err
+	}
+	return w, nil
+}
+
+// Writer writes a packet to the underlying writer.
+func (w *Writer) Write(pkt *Packet) error {
+	binary.LittleEndian.PutUint32(w.buf, uint32(pkt.Time.Unix()))
+	binary.LittleEndian.PutUint32(w.buf[4:], uint32(pkt.Time.Nanosecond()))
+	binary.LittleEndian.PutUint32(w.buf[8:], uint32(pkt.Time.Unix()))
+	binary.LittleEndian.PutUint32(w.buf[12:], pkt.Len)
+	if _, err := w.writer.Write(w.buf[:16]); err != nil {
+		return err
+	}
+	_, err := w.writer.Write(pkt.Data)
+	return err
+}
+
+func asUint32(data []byte, flip bool) uint32 {
+	if flip {
+		return binary.BigEndian.Uint32(data)
+	}
+	return binary.LittleEndian.Uint32(data)
+}
+
+func asUint16(data []byte, flip bool) uint16 {
+	if flip {
+		return binary.BigEndian.Uint16(data)
+	}
+	return binary.LittleEndian.Uint16(data)
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/pcap.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/pcap.go
@ -0,0 +1,266 @@
+// Interface to both live and offline pcap parsing.
+package pcap
+
+/*
+#cgo linux LDFLAGS: -lpcap
+#cgo freebsd LDFLAGS: -lpcap
+#cgo darwin LDFLAGS: -lpcap
+#cgo windows CFLAGS: -I C:/WpdPack/Include
+#cgo windows,386 LDFLAGS: -L C:/WpdPack/Lib -lwpcap
+#cgo windows,amd64 LDFLAGS: -L C:/WpdPack/Lib/x64 -lwpcap
+#include <stdlib.h>
+#include <pcap.h>
+
+// Workaround for not knowing how to cast to const u_char**
+int hack_pcap_next_ex(pcap_t *p, struct pcap_pkthdr **pkt_header,
+                      u_char **pkt_data) {
+    return pcap_next_ex(p, pkt_header, (const u_char **)pkt_data);
+}
+*/
+import "C"
+import (
+	"errors"
+	"net"
+	"syscall"
+	"time"
+	"unsafe"
+)
+
+type Pcap struct {
+	cptr *C.pcap_t
+}
+
+type Stat struct {
+	PacketsReceived  uint32
+	PacketsDropped   uint32
+	PacketsIfDropped uint32
+}
+
+type Interface struct {
+	Name        string
+	Description string
+	Addresses   []IFAddress
+	// TODO: add more elements
+}
+
+type IFAddress struct {
+	IP      net.IP
+	Netmask net.IPMask
+	// TODO: add broadcast + PtP dst ?
+}
+
+func (p *Pcap) Next() (pkt *Packet) {
+	rv, _ := p.NextEx()
+	return rv
+}
+
+// Openlive opens a device and returns a *Pcap handler
+func Openlive(device string, snaplen int32, promisc bool, timeout_ms int32) (handle *Pcap, err error) {
+	var buf *C.char
+	buf = (*C.char)(C.calloc(ERRBUF_SIZE, 1))
+	h := new(Pcap)
+	var pro int32
+	if promisc {
+		pro = 1
+	}
+
+	dev := C.CString(device)
+	defer C.free(unsafe.Pointer(dev))
+
+	h.cptr = C.pcap_open_live(dev, C.int(snaplen), C.int(pro), C.int(timeout_ms), buf)
+	if nil == h.cptr {
+		handle = nil
+		err = errors.New(C.GoString(buf))
+	} else {
+		handle = h
+	}
+	C.free(unsafe.Pointer(buf))
+	return
+}
+
+func Openoffline(file string) (handle *Pcap, err error) {
+	var buf *C.char
+	buf = (*C.char)(C.calloc(ERRBUF_SIZE, 1))
+	h := new(Pcap)
+
+	cf := C.CString(file)
+	defer C.free(unsafe.Pointer(cf))
+
+	h.cptr = C.pcap_open_offline(cf, buf)
+	if nil == h.cptr {
+		handle = nil
+		err = errors.New(C.GoString(buf))
+	} else {
+		handle = h
+	}
+	C.free(unsafe.Pointer(buf))
+	return
+}
+
+func (p *Pcap) NextEx() (pkt *Packet, result int32) {
+	var pkthdr *C.struct_pcap_pkthdr
+
+	var buf_ptr *C.u_char
+	var buf unsafe.Pointer
+	result = int32(C.hack_pcap_next_ex(p.cptr, &pkthdr, &buf_ptr))
+
+	buf = unsafe.Pointer(buf_ptr)
+	if nil == buf {
+		return
+	}
+
+	pkt = new(Packet)
+	pkt.Time = time.Unix(int64(pkthdr.ts.tv_sec), int64(pkthdr.ts.tv_usec)*1000)
+	pkt.Caplen = uint32(pkthdr.caplen)
+	pkt.Len = uint32(pkthdr.len)
+	pkt.Data = C.GoBytes(buf, C.int(pkthdr.caplen))
+	return
+}
+
+func (p *Pcap) Close() {
+	C.pcap_close(p.cptr)
+}
+
+func (p *Pcap) Geterror() error {
+	return errors.New(C.GoString(C.pcap_geterr(p.cptr)))
+}
+
+func (p *Pcap) Getstats() (stat *Stat, err error) {
+	var cstats _Ctype_struct_pcap_stat
+	if -1 == C.pcap_stats(p.cptr, &cstats) {
+		return nil, p.Geterror()
+	}
+	stats := new(Stat)
+	stats.PacketsReceived = uint32(cstats.ps_recv)
+	stats.PacketsDropped = uint32(cstats.ps_drop)
+	stats.PacketsIfDropped = uint32(cstats.ps_ifdrop)
+
+	return stats, nil
+}
+
+func (p *Pcap) Setfilter(expr string) (err error) {
+	var bpf _Ctype_struct_bpf_program
+	cexpr := C.CString(expr)
+	defer C.free(unsafe.Pointer(cexpr))
+
+	if -1 == C.pcap_compile(p.cptr, &bpf, cexpr, 1, 0) {
+		return p.Geterror()
+	}
+
+	if -1 == C.pcap_setfilter(p.cptr, &bpf) {
+		C.pcap_freecode(&bpf)
+		return p.Geterror()
+	}
+	C.pcap_freecode(&bpf)
+	return nil
+}
+
+func Version() string {
+	return C.GoString(C.pcap_lib_version())
+}
+
+func (p *Pcap) Datalink() int {
+	return int(C.pcap_datalink(p.cptr))
+}
+
+func (p *Pcap) Setdatalink(dlt int) error {
+	if -1 == C.pcap_set_datalink(p.cptr, C.int(dlt)) {
+		return p.Geterror()
+	}
+	return nil
+}
+
+func DatalinkValueToName(dlt int) string {
+	if name := C.pcap_datalink_val_to_name(C.int(dlt)); name != nil {
+		return C.GoString(name)
+	}
+	return ""
+}
+
+func DatalinkValueToDescription(dlt int) string {
+	if desc := C.pcap_datalink_val_to_description(C.int(dlt)); desc != nil {
+		return C.GoString(desc)
+	}
+	return ""
+}
+
+func Findalldevs() (ifs []Interface, err error) {
+	var buf *C.char
+	buf = (*C.char)(C.calloc(ERRBUF_SIZE, 1))
+	defer C.free(unsafe.Pointer(buf))
+	var alldevsp *C.pcap_if_t
+
+	if -1 == C.pcap_findalldevs((**C.pcap_if_t)(&alldevsp), buf) {
+		return nil, errors.New(C.GoString(buf))
+	}
+	defer C.pcap_freealldevs((*C.pcap_if_t)(alldevsp))
+	dev := alldevsp
+	var i uint32
+	for i = 0; dev != nil; dev = (*C.pcap_if_t)(dev.next) {
+		i++
+	}
+	ifs = make([]Interface, i)
+	dev = alldevsp
+	for j := uint32(0); dev != nil; dev = (*C.pcap_if_t)(dev.next) {
+		var iface Interface
+		iface.Name = C.GoString(dev.name)
+		iface.Description = C.GoString(dev.description)
+		iface.Addresses = findalladdresses(dev.addresses)
+		// TODO: add more elements
+		ifs[j] = iface
+		j++
+	}
+	return
+}
+
+func findalladdresses(addresses *_Ctype_struct_pcap_addr) (retval []IFAddress) {
+	// TODO - make it support more than IPv4 and IPv6?
+	retval = make([]IFAddress, 0, 1)
+	for curaddr := addresses; curaddr != nil; curaddr = (*_Ctype_struct_pcap_addr)(curaddr.next) {
+		var a IFAddress
+		var err error
+		if a.IP, err = sockaddr_to_IP((*syscall.RawSockaddr)(unsafe.Pointer(curaddr.addr))); err != nil {
+			continue
+		}
+		if a.Netmask, err = sockaddr_to_IP((*syscall.RawSockaddr)(unsafe.Pointer(curaddr.addr))); err != nil {
+			continue
+		}
+		retval = append(retval, a)
+	}
+	return
+}
+
+func sockaddr_to_IP(rsa *syscall.RawSockaddr) (IP []byte, err error) {
+	switch rsa.Family {
+	case syscall.AF_INET:
+		pp := (*syscall.RawSockaddrInet4)(unsafe.Pointer(rsa))
+		IP = make([]byte, 4)
+		for i := 0; i < len(IP); i++ {
+			IP[i] = pp.Addr[i]
+		}
+		return
+	case syscall.AF_INET6:
+		pp := (*syscall.RawSockaddrInet6)(unsafe.Pointer(rsa))
+		IP = make([]byte, 16)
+		for i := 0; i < len(IP); i++ {
+			IP[i] = pp.Addr[i]
+		}
+		return
+	}
+	err = errors.New("Unsupported address type")
+	return
+}
+
+func (p *Pcap) Inject(data []byte) (err error) {
+	buf := (*C.char)(C.malloc((C.size_t)(len(data))))
+
+	for i := 0; i < len(data); i++ {
+		*(*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(buf)) + uintptr(i))) = data[i]
+	}
+
+	if -1 == C.pcap_sendpacket(p.cptr, (*C.u_char)(unsafe.Pointer(buf)), (C.int)(len(data))) {
+		err = p.Geterror()
+	}
+	C.free(unsafe.Pointer(buf))
+	return
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/benchmark/benchmark.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/benchmark/benchmark.go
@ -0,0 +1,49 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"os"
+	"runtime/pprof"
+	"time"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/akrennmair/gopcap"
+)
+
+func main() {
+	var filename *string = flag.String("file", "", "filename")
+	var decode *bool = flag.Bool("d", false, "If true, decode each packet")
+	var cpuprofile *string = flag.String("cpuprofile", "", "filename")
+
+	flag.Parse()
+
+	h, err := pcap.Openoffline(*filename)
+	if err != nil {
+		fmt.Printf("Couldn't create pcap reader: %v", err)
+	}
+
+	if *cpuprofile != "" {
+		if out, err := os.Create(*cpuprofile); err == nil {
+			pprof.StartCPUProfile(out)
+			defer func() {
+				pprof.StopCPUProfile()
+				out.Close()
+			}()
+		} else {
+			panic(err)
+		}
+	}
+
+	i, nilPackets := 0, 0
+	start := time.Now()
+	for pkt, code := h.NextEx(); code != -2; pkt, code = h.NextEx() {
+		if pkt == nil {
+			nilPackets++
+		} else if *decode {
+			pkt.Decode()
+		}
+		i++
+	}
+	duration := time.Since(start)
+	fmt.Printf("Took %v to process %v packets, %v per packet, %d nil packets\n", duration, i, duration/time.Duration(i), nilPackets)
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/pass/pass.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/pass/pass.go
@ -0,0 +1,96 @@
+package main
+
+// Parses a pcap file, writes it back to disk, then verifies the files
+// are the same.
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"io"
+	"os"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/akrennmair/gopcap"
+)
+
+var input *string = flag.String("input", "", "input file")
+var output *string = flag.String("output", "", "output file")
+var decode *bool = flag.Bool("decode", false, "print decoded packets")
+
+func copyPcap(dest, src string) {
+	f, err := os.Open(src)
+	if err != nil {
+		fmt.Printf("couldn't open %q: %v\n", src, err)
+		return
+	}
+	defer f.Close()
+	reader, err := pcap.NewReader(bufio.NewReader(f))
+	if err != nil {
+		fmt.Printf("couldn't create reader: %v\n", err)
+		return
+	}
+	w, err := os.Create(dest)
+	if err != nil {
+		fmt.Printf("couldn't open %q: %v\n", dest, err)
+		return
+	}
+	defer w.Close()
+	buf := bufio.NewWriter(w)
+	writer, err := pcap.NewWriter(buf, &reader.Header)
+	if err != nil {
+		fmt.Printf("couldn't create writer: %v\n", err)
+		return
+	}
+	for {
+		pkt := reader.Next()
+		if pkt == nil {
+			break
+		}
+		if *decode {
+			pkt.Decode()
+			fmt.Println(pkt.String())
+		}
+		writer.Write(pkt)
+	}
+	buf.Flush()
+}
+
+func check(dest, src string) {
+	f, err := os.Open(src)
+	if err != nil {
+		fmt.Printf("couldn't open %q: %v\n", src, err)
+		return
+	}
+	defer f.Close()
+	freader := bufio.NewReader(f)
+
+	g, err := os.Open(dest)
+	if err != nil {
+		fmt.Printf("couldn't open %q: %v\n", src, err)
+		return
+	}
+	defer g.Close()
+	greader := bufio.NewReader(g)
+
+	for {
+		fb, ferr := freader.ReadByte()
+		gb, gerr := greader.ReadByte()
+
+		if ferr == io.EOF && gerr == io.EOF {
+			break
+		}
+		if fb == gb {
+			continue
+		}
+		fmt.Println("FAIL")
+		return
+	}
+
+	fmt.Println("PASS")
+}
+
+func main() {
+	flag.Parse()
+
+	copyPcap(*output, *input)
+	check(*output, *input)
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/pcaptest/pcaptest.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/pcaptest/pcaptest.go
@ -0,0 +1,82 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"time"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/akrennmair/gopcap"
+)
+
+func min(x uint32, y uint32) uint32 {
+	if x < y {
+		return x
+	}
+	return y
+}
+
+func main() {
+	var device *string = flag.String("d", "", "device")
+	var file *string = flag.String("r", "", "file")
+	var expr *string = flag.String("e", "", "filter expression")
+
+	flag.Parse()
+
+	var h *pcap.Pcap
+	var err error
+
+	ifs, err := pcap.Findalldevs()
+	if len(ifs) == 0 {
+		fmt.Printf("Warning: no devices found : %s\n", err)
+	} else {
+		for i := 0; i < len(ifs); i++ {
+			fmt.Printf("dev %d: %s (%s)\n", i+1, ifs[i].Name, ifs[i].Description)
+		}
+	}
+
+	if *device != "" {
+		h, err = pcap.Openlive(*device, 65535, true, 0)
+		if h == nil {
+			fmt.Printf("Openlive(%s) failed: %s\n", *device, err)
+			return
+		}
+	} else if *file != "" {
+		h, err = pcap.Openoffline(*file)
+		if h == nil {
+			fmt.Printf("Openoffline(%s) failed: %s\n", *file, err)
+			return
+		}
+	} else {
+		fmt.Printf("usage: pcaptest [-d <device> | -r <file>]\n")
+		return
+	}
+	defer h.Close()
+
+	fmt.Printf("pcap version: %s\n", pcap.Version())
+
+	if *expr != "" {
+		fmt.Printf("Setting filter: %s\n", *expr)
+		err := h.Setfilter(*expr)
+		if err != nil {
+			fmt.Printf("Warning: setting filter failed: %s\n", err)
+		}
+	}
+
+	for pkt := h.Next(); pkt != nil; pkt = h.Next() {
+		fmt.Printf("time: %d.%06d (%s) caplen: %d len: %d\nData:",
+			int64(pkt.Time.Second()), int64(pkt.Time.Nanosecond()),
+			time.Unix(int64(pkt.Time.Second()), 0).String(), int64(pkt.Caplen), int64(pkt.Len))
+		for i := uint32(0); i < pkt.Caplen; i++ {
+			if i%32 == 0 {
+				fmt.Printf("\n")
+			}
+			if 32 <= pkt.Data[i] && pkt.Data[i] <= 126 {
+				fmt.Printf("%c", pkt.Data[i])
+			} else {
+				fmt.Printf(".")
+			}
+		}
+		fmt.Printf("\n\n")
+	}
+
+}
--- a/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/tcpdump/tcpdump.go
+++ b/Godeps/_workspace/src/github.com/akrennmair/gopcap/tools/tcpdump/tcpdump.go
@ -0,0 +1,121 @@
+package main
+
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"os"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/akrennmair/gopcap"
+)
+
+const (
+	TYPE_IP  = 0x0800
+	TYPE_ARP = 0x0806
+	TYPE_IP6 = 0x86DD
+
+	IP_ICMP = 1
+	IP_INIP = 4
+	IP_TCP  = 6
+	IP_UDP  = 17
+)
+
+var out *bufio.Writer
+var errout *bufio.Writer
+
+func main() {
+	var device *string = flag.String("i", "", "interface")
+	var snaplen *int = flag.Int("s", 65535, "snaplen")
+	var hexdump *bool = flag.Bool("X", false, "hexdump")
+	expr := ""
+
+	out = bufio.NewWriter(os.Stdout)
+	errout = bufio.NewWriter(os.Stderr)
+
+	flag.Usage = func() {
+		fmt.Fprintf(errout, "usage: %s [ -i interface ] [ -s snaplen ] [ -X ] [ expression ]\n", os.Args[0])
+		errout.Flush()
+		os.Exit(1)
+	}
+
+	flag.Parse()
+
+	if len(flag.Args()) > 0 {
+		expr = flag.Arg(0)
+	}
+
+	if *device == "" {
+		devs, err := pcap.Findalldevs()
+		if err != nil {
+			fmt.Fprintf(errout, "tcpdump: couldn't find any devices: %s\n", err)
+		}
+		if 0 == len(devs) {
+			flag.Usage()
+		}
+		*device = devs[0].Name
+	}
+
+	h, err := pcap.Openlive(*device, int32(*snaplen), true, 0)
+	if h == nil {
+		fmt.Fprintf(errout, "tcpdump: %s\n", err)
+		errout.Flush()
+		return
+	}
+	defer h.Close()
+
+	if expr != "" {
+		ferr := h.Setfilter(expr)
+		if ferr != nil {
+			fmt.Fprintf(out, "tcpdump: %s\n", ferr)
+			out.Flush()
+		}
+	}
+
+	for pkt := h.Next(); pkt != nil; pkt = h.Next() {
+		pkt.Decode()
+		fmt.Fprintf(out, "%s\n", pkt.String())
+		if *hexdump {
+			Hexdump(pkt)
+		}
+		out.Flush()
+	}
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
+
+func Hexdump(pkt *pcap.Packet) {
+	for i := 0; i < len(pkt.Data); i += 16 {
+		Dumpline(uint32(i), pkt.Data[i:min(i+16, len(pkt.Data))])
+	}
+}
+
+func Dumpline(addr uint32, line []byte) {
+	fmt.Fprintf(out, "\t0x%04x: ", int32(addr))
+	var i uint16
+	for i = 0; i < 16 && i < uint16(len(line)); i++ {
+		if i%2 == 0 {
+			out.WriteString(" ")
+		}
+		fmt.Fprintf(out, "%02x", line[i])
+	}
+	for j := i; j <= 16; j++ {
+		if j%2 == 0 {
+			out.WriteString(" ")
+		}
+		out.WriteString("  ")
+	}
+	out.WriteString("  ")
+	for i = 0; i < 16 && i < uint16(len(line)); i++ {
+		if line[i] >= 32 && line[i] <= 126 {
+			fmt.Fprintf(out, "%c", line[i])
+		} else {
+			out.WriteString(".")
+		}
+	}
+	out.WriteString("\n")
+}
--- a/Godeps/_workspace/src/github.com/beorn7/perks/quantile/bench_test.go
+++ b/Godeps/_workspace/src/github.com/beorn7/perks/quantile/bench_test.go
@ -0,0 +1,63 @@
+package quantile
+
+import (
+	"testing"
+)
+
+func BenchmarkInsertTargeted(b *testing.B) {
+	b.ReportAllocs()
+
+	s := NewTargeted(Targets)
+	b.ResetTimer()
+	for i := float64(0); i < float64(b.N); i++ {
+		s.Insert(i)
+	}
+}
+
+func BenchmarkInsertTargetedSmallEpsilon(b *testing.B) {
+	s := NewTargeted(TargetsSmallEpsilon)
+	b.ResetTimer()
+	for i := float64(0); i < float64(b.N); i++ {
+		s.Insert(i)
+	}
+}
+
+func BenchmarkInsertBiased(b *testing.B) {
+	s := NewLowBiased(0.01)
+	b.ResetTimer()
+	for i := float64(0); i < float64(b.N); i++ {
+		s.Insert(i)
+	}
+}
+
+func BenchmarkInsertBiasedSmallEpsilon(b *testing.B) {
+	s := NewLowBiased(0.0001)
+	b.ResetTimer()
+	for i := float64(0); i < float64(b.N); i++ {
+		s.Insert(i)
+	}
+}
+
+func BenchmarkQuery(b *testing.B) {
+	s := NewTargeted(Targets)
+	for i := float64(0); i < 1e6; i++ {
+		s.Insert(i)
+	}
+	b.ResetTimer()
+	n := float64(b.N)
+	for i := float64(0); i < n; i++ {
+		s.Query(i / n)
+	}
+}
+
+func BenchmarkQuerySmallEpsilon(b *testing.B) {
+	s := NewTargeted(TargetsSmallEpsilon)
+	for i := float64(0); i < 1e6; i++ {
+		s.Insert(i)
+	}
+	b.ResetTimer()
+	n := float64(b.N)
+	for i := float64(0); i < n; i++ {
+		s.Query(i / n)
+	}
+}
--- a/Godeps/_workspace/src/github.com/beorn7/perks/quantile/example_test.go
+++ b/Godeps/_workspace/src/github.com/beorn7/perks/quantile/example_test.go
@ -0,0 +1,121 @@
+// +build go1.1
+
+package quantile_test
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"os"
+	"strconv"
+	"time"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/beorn7/perks/quantile"
+)
+
+func Example_simple() {
+	ch := make(chan float64)
+	go sendFloats(ch)
+
+	// Compute the 50th, 90th, and 99th percentile.
+	q := quantile.NewTargeted(map[float64]float64{
+		0.50: 0.005,
+		0.90: 0.001,
+		0.99: 0.0001,
+	})
+	for v := range ch {
+		q.Insert(v)
+	}
+
+	fmt.Println("perc50:", q.Query(0.50))
+	fmt.Println("perc90:", q.Query(0.90))
+	fmt.Println("perc99:", q.Query(0.99))
+	fmt.Println("count:", q.Count())
+	// Output:
+	// perc50: 5
+	// perc90: 16
+	// perc99: 223
+	// count: 2388
+}
+
+func Example_mergeMultipleStreams() {
+	// Scenario:
+	// We have multiple database shards. On each shard, there is a process
+	// collecting query response times from the database logs and inserting
+	// them into a Stream (created via NewTargeted(0.90)), much like the
+	// Simple example. These processes expose a network interface for us to
+	// ask them to serialize and send us the results of their
+	// Stream.Samples so we may Merge and Query them.
+	//
+	// NOTES:
+	// * These sample sets are small, allowing us to get them
+	// across the network much faster than sending the entire list of data
+	// points.
+	//
+	// * For this to work correctly, we must supply the same quantiles
+	// a priori the process collecting the samples supplied to NewTargeted,
+	// even if we do not plan to query them all here.
+	ch := make(chan quantile.Samples)
+	getDBQuerySamples(ch)
+	q := quantile.NewTargeted(map[float64]float64{0.90: 0.001})
+	for samples := range ch {
+		q.Merge(samples)
+	}
+	fmt.Println("perc90:", q.Query(0.90))
+}
+
+func Example_window() {
+	// Scenario: We want the 90th, 95th, and 99th percentiles for each
+	// minute.
+
+	ch := make(chan float64)
+	go sendStreamValues(ch)
+
+	tick := time.NewTicker(1 * time.Minute)
+	q := quantile.NewTargeted(map[float64]float64{
+		0.90: 0.001,
+		0.95: 0.0005,
+		0.99: 0.0001,
+	})
+	for {
+		select {
+		case t := <-tick.C:
+			flushToDB(t, q.Samples())
+			q.Reset()
+		case v := <-ch:
+			q.Insert(v)
+		}
+	}
+}
+
+func sendStreamValues(ch chan float64) {
+	// Use your imagination
+}
+
+func flushToDB(t time.Time, samples quantile.Samples) {
+	// Use your imagination
+}
+
+// This is a stub for the above example. In reality this would hit the remote
+// servers via http or something like it.
+func getDBQuerySamples(ch chan quantile.Samples) {}
+
+func sendFloats(ch chan<- float64) {
+	f, err := os.Open("exampledata.txt")
+	if err != nil {
+		log.Fatal(err)
+	}
+	sc := bufio.NewScanner(f)
+	for sc.Scan() {
+		b := sc.Bytes()
+		v, err := strconv.ParseFloat(string(b), 64)
+		if err != nil {
+			log.Fatal(err)
+		}
+		ch <- v
+	}
+	if sc.Err() != nil {
+		log.Fatal(sc.Err())
+	}
+	close(ch)
+}
--- a/Godeps/_workspace/src/github.com/beorn7/perks/quantile/exampledata.txt
+++ b/Godeps/_workspace/src/github.com/beorn7/perks/quantile/exampledata.txt
--- a/Godeps/_workspace/src/github.com/beorn7/perks/quantile/stream.go
+++ b/Godeps/_workspace/src/github.com/beorn7/perks/quantile/stream.go
@ -0,0 +1,292 @@
+// Package quantile computes approximate quantiles over an unbounded data
+// stream within low memory and CPU bounds.
+//
+// A small amount of accuracy is traded to achieve the above properties.
+//
+// Multiple streams can be merged before calling Query to generate a single set
+// of results. This is meaningful when the streams represent the same type of
+// data. See Merge and Samples.
+//
+// For more detailed information about the algorithm used, see:
+//
+// Effective Computation of Biased Quantiles over Data Streams
+//
+// http://www.cs.rutgers.edu/~muthu/bquant.pdf
+package quantile
+
+import (
+	"math"
+	"sort"
+)
+
+// Sample holds an observed value and meta information for compression. JSON
+// tags have been added for convenience.
+type Sample struct {
+	Value float64 `json:",string"`
+	Width float64 `json:",string"`
+	Delta float64 `json:",string"`
+}
+
+// Samples represents a slice of samples. It implements sort.Interface.
+type Samples []Sample
+
+func (a Samples) Len() int           { return len(a) }
+func (a Samples) Less(i, j int) bool { return a[i].Value < a[j].Value }
+func (a Samples) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+
+type invariant func(s *stream, r float64) float64
+
+// NewLowBiased returns an initialized Stream for low-biased quantiles
+// (e.g. 0.01, 0.1, 0.5) where the needed quantiles are not known a priori, but
+// error guarantees can still be given even for the lower ranks of the data
+// distribution.
+//
+// The provided epsilon is a relative error, i.e. the true quantile of a value
+// returned by a query is guaranteed to be within (1±Epsilon)*Quantile.
+//
+// See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error
+// properties.
+func NewLowBiased(epsilon float64) *Stream {
+	ƒ := func(s *stream, r float64) float64 {
+		return 2 * epsilon * r
+	}
+	return newStream(ƒ)
+}
+
+// NewHighBiased returns an initialized Stream for high-biased quantiles
+// (e.g. 0.01, 0.1, 0.5) where the needed quantiles are not known a priori, but
+// error guarantees can still be given even for the higher ranks of the data
+// distribution.
+//
+// The provided epsilon is a relative error, i.e. the true quantile of a value
+// returned by a query is guaranteed to be within 1-(1±Epsilon)*(1-Quantile).
+//
+// See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error
+// properties.
+func NewHighBiased(epsilon float64) *Stream {
+	ƒ := func(s *stream, r float64) float64 {
+		return 2 * epsilon * (s.n - r)
+	}
+	return newStream(ƒ)
+}
+
+// NewTargeted returns an initialized Stream concerned with a particular set of
+// quantile values that are supplied a priori. Knowing these a priori reduces
+// space and computation time. The targets map maps the desired quantiles to
+// their absolute errors, i.e. the true quantile of a value returned by a query
+// is guaranteed to be within (Quantile±Epsilon).
+//
+// See http://www.cs.rutgers.edu/~muthu/bquant.pdf for time, space, and error properties.
+func NewTargeted(targets map[float64]float64) *Stream {
+	ƒ := func(s *stream, r float64) float64 {
+		var m = math.MaxFloat64
+		var f float64
+		for quantile, epsilon := range targets {
+			if quantile*s.n <= r {
+				f = (2 * epsilon * r) / quantile
+			} else {
+				f = (2 * epsilon * (s.n - r)) / (1 - quantile)
+			}
+			if f < m {
+				m = f
+			}
+		}
+		return m
+	}
+	return newStream(ƒ)
+}
+
+// Stream computes quantiles for a stream of float64s. It is not thread-safe by
+// design. Take care when using across multiple goroutines.
+type Stream struct {
+	*stream
+	b      Samples
+	sorted bool
+}
+
+func newStream(ƒ invariant) *Stream {
+	x := &stream{ƒ: ƒ}
+	return &Stream{x, make(Samples, 0, 500), true}
+}
+
+// Insert inserts v into the stream.
+func (s *Stream) Insert(v float64) {
+	s.insert(Sample{Value: v, Width: 1})
+}
+
+func (s *Stream) insert(sample Sample) {
+	s.b = append(s.b, sample)
+	s.sorted = false
+	if len(s.b) == cap(s.b) {
+		s.flush()
+	}
+}
+
+// Query returns the computed qth percentiles value. If s was created with
+// NewTargeted, and q is not in the set of quantiles provided a priori, Query
+// will return an unspecified result.
+func (s *Stream) Query(q float64) float64 {
+	if !s.flushed() {
+		// Fast path when there hasn't been enough data for a flush;
+		// this also yields better accuracy for small sets of data.
+		l := len(s.b)
+		if l == 0 {
+			return 0
+		}
+		i := int(float64(l) * q)
+		if i > 0 {
+			i -= 1
+		}
+		s.maybeSort()
+		return s.b[i].Value
+	}
+	s.flush()
+	return s.stream.query(q)
+}
+
+// Merge merges samples into the underlying streams samples. This is handy when
+// merging multiple streams from separate threads, database shards, etc.
+//
+// ATTENTION: This method is broken and does not yield correct results. The
+// underlying algorithm is not capable of merging streams correctly.
+func (s *Stream) Merge(samples Samples) {
+	sort.Sort(samples)
+	s.stream.merge(samples)
+}
+
+// Reset reinitializes and clears the list reusing the samples buffer memory.
+func (s *Stream) Reset() {
+	s.stream.reset()
+	s.b = s.b[:0]
+}
+
+// Samples returns stream samples held by s.
+func (s *Stream) Samples() Samples {
+	if !s.flushed() {
+		return s.b
+	}
+	s.flush()
+	return s.stream.samples()
+}
+
+// Count returns the total number of samples observed in the stream
+// since initialization.
+func (s *Stream) Count() int {
+	return len(s.b) + s.stream.count()
+}
+
+func (s *Stream) flush() {
+	s.maybeSort()
+	s.stream.merge(s.b)
+	s.b = s.b[:0]
+}
+
+func (s *Stream) maybeSort() {
+	if !s.sorted {
+		s.sorted = true
+		sort.Sort(s.b)
+	}
+}
+
+func (s *Stream) flushed() bool {
+	return len(s.stream.l) > 0
+}
+
+type stream struct {
+	n float64
+	l []Sample
+	ƒ invariant
+}
+
+func (s *stream) reset() {
+	s.l = s.l[:0]
+	s.n = 0
+}
+
+func (s *stream) insert(v float64) {
+	s.merge(Samples{{v, 1, 0}})
+}
+
+func (s *stream) merge(samples Samples) {
+	// TODO(beorn7): This tries to merge not only individual samples, but
+	// whole summaries. The paper doesn't mention merging summaries at
+	// all. Unittests show that the merging is inaccurate. Find out how to
+	// do merges properly.
+	var r float64
+	i := 0
+	for _, sample := range samples {
+		for ; i < len(s.l); i++ {
+			c := s.l[i]
+			if c.Value > sample.Value {
+				// Insert at position i.
+				s.l = append(s.l, Sample{})
+				copy(s.l[i+1:], s.l[i:])
+				s.l[i] = Sample{
+					sample.Value,
+					sample.Width,
+					math.Max(sample.Delta, math.Floor(s.ƒ(s, r))-1),
+					// TODO(beorn7): How to calculate delta correctly?
+				}
+				i++
+				goto inserted
+			}
+			r += c.Width
+		}
+		s.l = append(s.l, Sample{sample.Value, sample.Width, 0})
+		i++
+	inserted:
+		s.n += sample.Width
+		r += sample.Width
+	}
+	s.compress()
+}
+
+func (s *stream) count() int {
+	return int(s.n)
+}
+
+func (s *stream) query(q float64) float64 {
+	t := math.Ceil(q * s.n)
+	t += math.Ceil(s.ƒ(s, t) / 2)
+	p := s.l[0]
+	var r float64
+	for _, c := range s.l[1:] {
+		r += p.Width
+		if r+c.Width+c.Delta > t {
+			return p.Value
+		}
+		p = c
+	}
+	return p.Value
+}
+
+func (s *stream) compress() {
+	if len(s.l) < 2 {
+		return
+	}
+	x := s.l[len(s.l)-1]
+	xi := len(s.l) - 1
+	r := s.n - 1 - x.Width
+
+	for i := len(s.l) - 2; i >= 0; i-- {
+		c := s.l[i]
+		if c.Width+x.Width+x.Delta <= s.ƒ(s, r) {
+			x.Width += c.Width
+			s.l[xi] = x
+			// Remove element at i.
+			copy(s.l[i:], s.l[i+1:])
+			s.l = s.l[:len(s.l)-1]
+			xi -= 1
+		} else {
+			x = c
+			xi = i
+		}
+		r -= c.Width
+	}
+}
+
+func (s *stream) samples() Samples {
+	samples := make(Samples, len(s.l))
+	copy(samples, s.l)
+	return samples
+}
--- a/Godeps/_workspace/src/github.com/beorn7/perks/quantile/stream_test.go
+++ b/Godeps/_workspace/src/github.com/beorn7/perks/quantile/stream_test.go
@ -0,0 +1,188 @@
+package quantile
+
+import (
+	"math"
+	"math/rand"
+	"sort"
+	"testing"
+)
+
+var (
+	Targets = map[float64]float64{
+		0.01: 0.001,
+		0.10: 0.01,
+		0.50: 0.05,
+		0.90: 0.01,
+		0.99: 0.001,
+	}
+	TargetsSmallEpsilon = map[float64]float64{
+		0.01: 0.0001,
+		0.10: 0.001,
+		0.50: 0.005,
+		0.90: 0.001,
+		0.99: 0.0001,
+	}
+	LowQuantiles  = []float64{0.01, 0.1, 0.5}
+	HighQuantiles = []float64{0.99, 0.9, 0.5}
+)
+
+const RelativeEpsilon = 0.01
+
+func verifyPercsWithAbsoluteEpsilon(t *testing.T, a []float64, s *Stream) {
+	sort.Float64s(a)
+	for quantile, epsilon := range Targets {
+		n := float64(len(a))
+		k := int(quantile * n)
+		lower := int((quantile - epsilon) * n)
+		if lower < 1 {
+			lower = 1
+		}
+		upper := int(math.Ceil((quantile + epsilon) * n))
+		if upper > len(a) {
+			upper = len(a)
+		}
+		w, min, max := a[k-1], a[lower-1], a[upper-1]
+		if g := s.Query(quantile); g < min || g > max {
+			t.Errorf("q=%f: want %v [%f,%f], got %v", quantile, w, min, max, g)
+		}
+	}
+}
+
+func verifyLowPercsWithRelativeEpsilon(t *testing.T, a []float64, s *Stream) {
+	sort.Float64s(a)
+	for _, qu := range LowQuantiles {
+		n := float64(len(a))
+		k := int(qu * n)
+
+		lowerRank := int((1 - RelativeEpsilon) * qu * n)
+		upperRank := int(math.Ceil((1 + RelativeEpsilon) * qu * n))
+		w, min, max := a[k-1], a[lowerRank-1], a[upperRank-1]
+		if g := s.Query(qu); g < min || g > max {
+			t.Errorf("q=%f: want %v [%f,%f], got %v", qu, w, min, max, g)
+		}
+	}
+}
+
+func verifyHighPercsWithRelativeEpsilon(t *testing.T, a []float64, s *Stream) {
+	sort.Float64s(a)
+	for _, qu := range HighQuantiles {
+		n := float64(len(a))
+		k := int(qu * n)
+
+		lowerRank := int((1 - (1+RelativeEpsilon)*(1-qu)) * n)
+		upperRank := int(math.Ceil((1 - (1-RelativeEpsilon)*(1-qu)) * n))
+		w, min, max := a[k-1], a[lowerRank-1], a[upperRank-1]
+		if g := s.Query(qu); g < min || g > max {
+			t.Errorf("q=%f: want %v [%f,%f], got %v", qu, w, min, max, g)
+		}
+	}
+}
+
+func populateStream(s *Stream) []float64 {
+	a := make([]float64, 0, 1e5+100)
+	for i := 0; i < cap(a); i++ {
+		v := rand.NormFloat64()
+		// Add 5% asymmetric outliers.
+		if i%20 == 0 {
+			v = v*v + 1
+		}
+		s.Insert(v)
+		a = append(a, v)
+	}
+	return a
+}
+
+func TestTargetedQuery(t *testing.T) {
+	rand.Seed(42)
+	s := NewTargeted(Targets)
+	a := populateStream(s)
+	verifyPercsWithAbsoluteEpsilon(t, a, s)
+}
+
+func TestLowBiasedQuery(t *testing.T) {
+	rand.Seed(42)
+	s := NewLowBiased(RelativeEpsilon)
+	a := populateStream(s)
+	verifyLowPercsWithRelativeEpsilon(t, a, s)
+}
+
+func TestHighBiasedQuery(t *testing.T) {
+	rand.Seed(42)
+	s := NewHighBiased(RelativeEpsilon)
+	a := populateStream(s)
+	verifyHighPercsWithRelativeEpsilon(t, a, s)
+}
+
+// BrokenTestTargetedMerge is broken, see Merge doc comment.
+func BrokenTestTargetedMerge(t *testing.T) {
+	rand.Seed(42)
+	s1 := NewTargeted(Targets)
+	s2 := NewTargeted(Targets)
+	a := populateStream(s1)
+	a = append(a, populateStream(s2)...)
+	s1.Merge(s2.Samples())
+	verifyPercsWithAbsoluteEpsilon(t, a, s1)
+}
+
+// BrokenTestLowBiasedMerge is broken, see Merge doc comment.
+func BrokenTestLowBiasedMerge(t *testing.T) {
+	rand.Seed(42)
+	s1 := NewLowBiased(RelativeEpsilon)
+	s2 := NewLowBiased(RelativeEpsilon)
+	a := populateStream(s1)
+	a = append(a, populateStream(s2)...)
+	s1.Merge(s2.Samples())
+	verifyLowPercsWithRelativeEpsilon(t, a, s2)
+}
+
+// BrokenTestHighBiasedMerge is broken, see Merge doc comment.
+func BrokenTestHighBiasedMerge(t *testing.T) {
+	rand.Seed(42)
+	s1 := NewHighBiased(RelativeEpsilon)
+	s2 := NewHighBiased(RelativeEpsilon)
+	a := populateStream(s1)
+	a = append(a, populateStream(s2)...)
+	s1.Merge(s2.Samples())
+	verifyHighPercsWithRelativeEpsilon(t, a, s2)
+}
+
+func TestUncompressed(t *testing.T) {
+	q := NewTargeted(Targets)
+	for i := 100; i > 0; i-- {
+		q.Insert(float64(i))
+	}
+	if g := q.Count(); g != 100 {
+		t.Errorf("want count 100, got %d", g)
+	}
+	// Before compression, Query should have 100% accuracy.
+	for quantile := range Targets {
+		w := quantile * 100
+		if g := q.Query(quantile); g != w {
+			t.Errorf("want %f, got %f", w, g)
+		}
+	}
+}
+
+func TestUncompressedSamples(t *testing.T) {
+	q := NewTargeted(map[float64]float64{0.99: 0.001})
+	for i := 1; i <= 100; i++ {
+		q.Insert(float64(i))
+	}
+	if g := q.Samples().Len(); g != 100 {
+		t.Errorf("want count 100, got %d", g)
+	}
+}
+
+func TestUncompressedOne(t *testing.T) {
+	q := NewTargeted(map[float64]float64{0.99: 0.01})
+	q.Insert(3.14)
+	if g := q.Query(0.90); g != 3.14 {
+		t.Error("want PI, got", g)
+	}
+}
+
+func TestDefaults(t *testing.T) {
+	if g := NewTargeted(map[float64]float64{0.99: 0.001}).Query(0.99); g != 0 {
+		t.Errorf("want 0, got %f", g)
+	}
+}
--- a/Godeps/_workspace/src/github.com/bgentry/speakeasy/.gitignore
+++ b/Godeps/_workspace/src/github.com/bgentry/speakeasy/.gitignore
@ -0,0 +1,2 @@
+example/example
+example/example.exe
--- a/Godeps/_workspace/src/github.com/bgentry/speakeasy/LICENSE_WINDOWS
+++ b/Godeps/_workspace/src/github.com/bgentry/speakeasy/LICENSE_WINDOWS
@ -0,0 +1,201 @@
+                              Apache License
+                        Version 2.0, January 2004
+                     http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+   "License" shall mean the terms and conditions for use, reproduction,
+   and distribution as defined by Sections 1 through 9 of this document.
+
+   "Licensor" shall mean the copyright owner or entity authorized by
+   the copyright owner that is granting the License.
+
+   "Legal Entity" shall mean the union of the acting entity and all
+   other entities that control, are controlled by, or are under common
+   control with that entity. For the purposes of this definition,
+   "control" means (i) the power, direct or indirect, to cause the
+   direction or management of such entity, whether by contract or
+   otherwise, or (ii) ownership of fifty percent (50%) or more of the
+   outstanding shares, or (iii) beneficial ownership of such entity.
+
+   "You" (or "Your") shall mean an individual or Legal Entity
+   exercising permissions granted by this License.
+
+   "Source" form shall mean the preferred form for making modifications,
+   including but not limited to software source code, documentation
+   source, and configuration files.
+
+   "Object" form shall mean any form resulting from mechanical
+   transformation or translation of a Source form, including but
+   not limited to compiled object code, generated documentation,
+   and conversions to other media types.
+
+   "Work" shall mean the work of authorship, whether in Source or
+   Object form, made available under the License, as indicated by a
+   copyright notice that is included in or attached to the work
+   (an example is provided in the Appendix below).
+
+   "Derivative Works" shall mean any work, whether in Source or Object
+   form, that is based on (or derived from) the Work and for which the
+   editorial revisions, annotations, elaborations, or other modifications
+   represent, as a whole, an original work of authorship. For the purposes
+   of this License, Derivative Works shall not include works that remain
+   separable from, or merely link (or bind by name) to the interfaces of,
+   the Work and Derivative Works thereof.
+
+   "Contribution" shall mean any work of authorship, including
+   the original version of the Work and any modifications or additions
+   to that Work or Derivative Works thereof, that is intentionally
+   submitted to Licensor for inclusion in the Work by the copyright owner
+   or by an individual or Legal Entity authorized to submit on behalf of
+   the copyright owner. For the purposes of this definition, "submitted"
+   means any form of electronic, verbal, or written communication sent
+   to the Licensor or its representatives, including but not limited to
+   communication on electronic mailing lists, source code control systems,
+   and issue tracking systems that are managed by, or on behalf of, the
+   Licensor for the purpose of discussing and improving the Work, but
+   excluding communication that is conspicuously marked or otherwise
+   designated in writing by the copyright owner as "Not a Contribution."
+
+   "Contributor" shall mean Licensor and any individual or Legal Entity
+   on behalf of whom a Contribution has been received by Licensor and
+   subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   copyright license to reproduce, prepare Derivative Works of,
+   publicly display, publicly perform, sublicense, and distribute the
+   Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+   this License, each Contributor hereby grants to You a perpetual,
+   worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+   (except as stated in this section) patent license to make, have made,
+   use, offer to sell, sell, import, and otherwise transfer the Work,
+   where such license applies only to those patent claims licensable
+   by such Contributor that are necessarily infringed by their
+   Contribution(s) alone or by combination of their Contribution(s)
+   with the Work to which such Contribution(s) was submitted. If You
+   institute patent litigation against any entity (including a
+   cross-claim or counterclaim in a lawsuit) alleging that the Work
+   or a Contribution incorporated within the Work constitutes direct
+   or contributory patent infringement, then any patent licenses
+   granted to You under this License for that Work shall terminate
+   as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+   Work or Derivative Works thereof in any medium, with or without
+   modifications, and in Source or Object form, provided that You
+   meet the following conditions:
+
+   (a) You must give any other recipients of the Work or
+       Derivative Works a copy of this License; and
+
+   (b) You must cause any modified files to carry prominent notices
+       stating that You changed the files; and
+
+   (c) You must retain, in the Source form of any Derivative Works
+       that You distribute, all copyright, patent, trademark, and
+       attribution notices from the Source form of the Work,
+       excluding those notices that do not pertain to any part of
+       the Derivative Works; and
+
+   (d) If the Work includes a "NOTICE" text file as part of its
+       distribution, then any Derivative Works that You distribute must
+       include a readable copy of the attribution notices contained
+       within such NOTICE file, excluding those notices that do not
+       pertain to any part of the Derivative Works, in at least one
+       of the following places: within a NOTICE text file distributed
+       as part of the Derivative Works; within the Source form or
+       documentation, if provided along with the Derivative Works; or,
+       within a display generated by the Derivative Works, if and
+       wherever such third-party notices normally appear. The contents
+       of the NOTICE file are for informational purposes only and
+       do not modify the License. You may add Your own attribution
+       notices within Derivative Works that You distribute, alongside
+       or as an addendum to the NOTICE text from the Work, provided
+       that such additional attribution notices cannot be construed
+       as modifying the License.
+
+   You may add Your own copyright statement to Your modifications and
+   may provide additional or different license terms and conditions
+   for use, reproduction, or distribution of Your modifications, or
+   for any such Derivative Works as a whole, provided Your use,
+   reproduction, and distribution of the Work otherwise complies with
+   the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+   any Contribution intentionally submitted for inclusion in the Work
+   by You to the Licensor shall be under the terms and conditions of
+   this License, without any additional terms or conditions.
+   Notwithstanding the above, nothing herein shall supersede or modify
+   the terms of any separate license agreement you may have executed
+   with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+   names, trademarks, service marks, or product names of the Licensor,
+   except as required for reasonable and customary use in describing the
+   origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+   agreed to in writing, Licensor provides the Work (and each
+   Contributor provides its Contributions) on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+   implied, including, without limitation, any warranties or conditions
+   of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+   PARTICULAR PURPOSE. You are solely responsible for determining the
+   appropriateness of using or redistributing the Work and assume any
+   risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+   whether in tort (including negligence), contract, or otherwise,
+   unless required by applicable law (such as deliberate and grossly
+   negligent acts) or agreed to in writing, shall any Contributor be
+   liable to You for damages, including any direct, indirect, special,
+   incidental, or consequential damages of any character arising as a
+   result of this License or out of the use or inability to use the
+   Work (including but not limited to damages for loss of goodwill,
+   work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses), even if such Contributor
+   has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+   the Work or Derivative Works thereof, You may choose to offer,
+   and charge a fee for, acceptance of support, warranty, indemnity,
+   or other liability obligations and/or rights consistent with this
+   License. However, in accepting such obligations, You may act only
+   on Your own behalf and on Your sole responsibility, not on behalf
+   of any other Contributor, and only if You agree to indemnify,
+   defend, and hold each Contributor harmless for any liability
+   incurred by, or claims asserted against, such Contributor by reason
+   of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+   To apply the Apache License to your work, attach the following
+   boilerplate notice, with the fields enclosed by brackets "[]"
+   replaced with your own identifying information. (Don't include
+   the brackets!)  The text should be enclosed in the appropriate
+   comment syntax for the file format. We also recommend that a
+   file or class name and description of purpose be included on the
+   same "printed page" as the copyright notice for easier
+   identification within third-party archives.
+
+Copyright [2013] [the CloudFoundry Authors]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- a/Godeps/_workspace/src/github.com/bgentry/speakeasy/Readme.md
+++ b/Godeps/_workspace/src/github.com/bgentry/speakeasy/Readme.md
@ -0,0 +1,30 @@
+# Speakeasy
+
+This package provides cross-platform Go (#golang) helpers for taking user input
+from the terminal while not echoing the input back (similar to `getpasswd`). The
+package uses syscalls to avoid any dependence on cgo, and is therefore
+compatible with cross-compiling.
+
+[![GoDoc](https://godoc.org/github.com/bgentry/speakeasy?status.png)][godoc]
+
+## Unicode
+
+Multi-byte unicode characters work successfully on Mac OS X. On Windows,
+however, this may be problematic (as is UTF in general on Windows). Other
+platforms have not been tested.
+
+## License
+
+The code herein was not written by me, but was compiled from two separate open
+source packages. Unix portions were imported from [gopass][gopass], while
+Windows portions were imported from the [CloudFoundry Go CLI][cf-cli]'s
+[Windows terminal helpers][cf-ui-windows].
+
+The [license for the windows portion](./LICENSE_WINDOWS) has been copied exactly
+from the source (though I attempted to fill in the correct owner in the
+boilerplate copyright notice).
+
+[cf-cli]: https://github.com/cloudfoundry/cli "CloudFoundry Go CLI"
+[cf-ui-windows]: https://github.com/cloudfoundry/cli/blob/master/src/cf/terminal/ui_windows.go "CloudFoundry Go CLI Windows input helpers"
+[godoc]: https://godoc.org/github.com/bgentry/speakeasy "speakeasy on Godoc.org"
+[gopass]: https://code.google.com/p/gopass "gopass"
--- a/Godeps/_workspace/src/github.com/bgentry/speakeasy/example/main.go
+++ b/Godeps/_workspace/src/github.com/bgentry/speakeasy/example/main.go
@ -0,0 +1,18 @@
+package main
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/coreos/etcd/Godeps/_workspace/src/github.com/bgentry/speakeasy"
+)
+
+func main() {
+	password, err := speakeasy.Ask("Please enter a password: ")
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+	fmt.Printf("Password result: %q\n", password)
+	fmt.Printf("Password len: %d\n", len(password))
+}
--- a/Godeps/_workspace/src/github.com/bgentry/speakeasy/speakeasy.go
+++ b/Godeps/_workspace/src/github.com/bgentry/speakeasy/speakeasy.go
@ -0,0 +1,47 @@
+package speakeasy
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+)
+
+// Ask the user to enter a password with input hidden. prompt is a string to
+// display before the user's input. Returns the provided password, or an error
+// if the command failed.
+func Ask(prompt string) (password string, err error) {
+	return FAsk(os.Stdout, prompt)
+}
+
+// Same as the Ask function, except it is possible to specify the file to write
+// the prompt to.
+func FAsk(file *os.File, prompt string) (password string, err error) {
+	if prompt != "" {
+		fmt.Fprint(file, prompt) // Display the prompt.
+	}
+	password, err = getPassword()
+
+	// Carriage return after the user input.
+	fmt.Fprintln(file, "")
+	return
+}
+
+func readline() (value string, err error) {
+	var valb []byte
+	var n int
+	b := make([]byte, 1)
+	for {
+		// read one byte at a time so we don't accidentally read extra bytes
+		n, err = os.Stdin.Read(b)
+		if err != nil && err != io.EOF {
+			return "", err
+		}
+		if n == 0 || b[0] == '\n' {
+			break
+		}
+		valb = append(valb, b[0])
+	}
+
+	return strings.TrimSuffix(string(valb), "\r"), nil
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gyu-Ho Lee	7e4fc7eaa9	version: bump up to 2.3.8	2017-02-15 19:25:01 -08:00
Gyu-Ho Lee	61eee5c884	test: skip govet tests in CI	2017-02-15 19:24:37 -08:00
Gyu-Ho Lee	ae24914aec	etcdhttp: fix govet	2017-02-15 19:17:38 -08:00
Gyu-Ho Lee	653789bcbc	etcdserver: fix govet	2017-02-15 19:11:23 -08:00
Gyu-Ho Lee	62c1e9a824	travis: use Go 1.7.5	2017-02-15 17:02:50 -08:00
Gyu-Ho Lee	67228bf5d8	tools: remove 'etcd-top' for CI tests	2017-02-15 10:24:58 -08:00
Gyu-Ho Lee	316adb4bcc	test: do not run 'goword' tests in CI	2017-02-14 23:22:44 -08:00
Anthony Romano	756992d30f	travis: disable email notifications Was spamming security@coreos.com	2017-02-14 23:19:35 -08:00
Xiang Li	aaf0ac9ff4	Merge pull request #7282 from heyitsanthony/fix-write-snap-2.3 snap: fix write snap	2017-02-08 20:16:25 -08:00
Xiang Li	d1ba8ee6d3	snap: fix write snap Do not use writeFile since it does not sync file before closing. This can lead to slient file corruption when disk is full.	2017-02-06 09:50:14 -08:00
Jeff Zellner	97dd45122b	hack: install goreman in tls-setup example	2016-06-30 09:30:50 -07:00
Jeff Zellner	6ac6f5d67b	hack: add tls-setup example generated certs to gitignore	2016-06-30 09:30:40 -07:00
Josh Wood	e401e17d2c	Merge pull request #5756 from joshix/proxyport Documentation/proxy: Change proxy port from 8080 to 2379	2016-06-23 11:37:21 -07:00
Josh Wood	809949b687	Documentation/proxy: Change proxy port from 8080 to 2379 Ref https://github.com/coreos/etcd/pull/5693 in v3 track (master). Ref backport to 2.3.7 docs in https://github.com/coreos-inc/coreos-pages/pull/747	2016-06-22 23:50:52 -07:00
Gyu-Ho Lee	9108045e65	version: bump to v2.3.7+git	2016-06-17 11:35:22 -07:00
Gyu-Ho Lee	fd17c9101d	version: bump to v2.3.7	2016-06-17 11:08:26 -07:00
Xiang Li	9ce0e8bf81	store: copy old value when refresh + cas	2016-06-17 11:07:40 -07:00
Gyu-Ho Lee	5b3ffa86fa	version: bump to v2.3.6+git	2016-05-27 13:45:16 -07:00
Gyu-Ho Lee	128344c455	version: bump to v2.3.6	2016-05-27 13:27:14 -07:00
Xiang Li	3b100ad142	etcd: fix refresh feature When using refresh, etcd store v2 watch is broken. Although with refresh store should not trigger current watchers, it should still add events into the watchhub to make a complete history. Current store fails to add the event into the watchhub, which causes issues.	2016-05-27 13:25:22 -07:00
Gyu-Ho Lee	20793a29e3	version: bump to v2.3.5+git	2016-05-20 11:11:05 -07:00
Gyu-Ho Lee	a535dc994b	version: bump to v2.3.5	2016-05-20 10:36:58 -07:00
Anthony Romano	46d347812b	etcdserver: wait for snapshots before closing raft Fixes #5374	2016-05-20 10:35:50 -07:00
Anthony Romano	1d12212e60	etcdserver: stop raft after stopping apply scheduler Was causing a pipeline leak.	2016-05-20 10:35:28 -07:00
Xiang Li	1f17d7204e	etcdsever: fix the leaky snashot routine issue	2016-05-20 10:34:48 -07:00
Gyu-Ho Lee	198664e49c	Documentation/v2: fix typo for updating a member Fix https://github.com/coreos/etcd/issues/5358.	2016-05-20 10:33:49 -07:00
xiaohuang	ee872bb7ca	Documentation/v2: fix auth_api.md bug role guest read and write is "/", not "", same with other roles.	2016-05-20 10:33:47 -07:00
Xiang Li	8c9a3c55bd	raft: do not panic when removing all the nodes from cluster	2016-05-20 10:33:45 -07:00
Gyu-Ho Lee	6f1ceee9a3	v2http: allow empty role for GET /users Fix https://github.com/coreos/etcd/issues/5246.	2016-05-20 10:33:43 -07:00
Gyu-Ho Lee	f47375af89	version: bump to v2.3.4+git	2016-05-13 11:58:24 -07:00
Gyu-Ho Lee	df60227765	version: bump to v2.3.4	2016-05-12 14:33:37 -07:00
Gyu-Ho Lee	4db35c113d	README: add known bugs cherry-picked from https://github.com/coreos/etcd/pull/5320.	2016-05-12 14:22:45 -07:00
Ajit Yagaty	cf68c2285e	etcdctl: Add --wal-dir and --backup-wal-dir options to backup command. If the WAL is stored in a separate directory then the backup command would need a --wal-dir option to pick the path to the WAL directory. The user might also want to store the backup of data and wal separately for which --backup-wal-dir option is provided.	2016-05-12 14:17:31 -07:00
Gyu-Ho Lee	743f9c9bb0	etcdctl/ctlv2: total-timeout for Sync Fix https://github.com/coreos/etcd/issues/4897.	2016-05-12 14:15:13 -07:00
Anthony Romano	f9e09e1b1a	httpproxy: fix race on getting close notifier channel Fixes #5267	2016-05-12 14:14:16 -07:00
Gyu-Ho Lee	d6eb1e7a5f	*: bump to v2.3.3+git	2016-04-29 14:18:50 -07:00
Gyu-Ho Lee	c41345d393	*: bump to v2.3.3	2016-04-29 12:38:04 -07:00
Gyu-Ho Lee	506ef9fe8d	etcdserver/auth: check empty password in merge Fix https://github.com/coreos/etcd/issues/5182.	2016-04-29 12:37:24 -07:00
Gyu-Ho Lee	49141d5916	*: bump to v2.3.2+git	2016-04-21 12:57:57 -07:00
Gyu-Ho Lee	ce63f10738	*: bump to v2.3.2	2016-04-21 11:26:37 -07:00
magicwang-cn	31bd750141	etcdserver: close response body when getting cluster information	2016-04-21 10:58:58 -07:00
Anthony Romano	37510d0306	e2e: test etcdtl user list on root user	2016-04-21 10:58:46 -07:00
Anthony Romano	d7da3787bc	client: accept roles in response for ListUser Fixes #5046	2016-04-21 10:58:40 -07:00
Anthony Romano	54d0f1d43b	e2e: test etcdctl v2 double user grant Crashes in 2.3.1	2016-04-21 10:58:30 -07:00
Anthony Romano	20db10f6f7	etcdctl: print grant/revoke error instead of scanning roles for changes Fixes #5045	2016-04-21 10:58:17 -07:00
Anthony Romano	11c09373e1	etcdmain: start on unsupported arch when ETCD_UNSUPPORTED_ARCH is set	2016-04-21 10:42:45 -07:00
Gyu-Ho Lee	96f412e4d7	*: bump to v2.3.1+git	2016-04-01 14:56:48 -07:00
Gyu-Ho Lee	2b67f5256a	*: bump to v2.3.1	2016-04-01 14:32:28 -07:00
Gyu-Ho Lee	6aa8b631e6	client: return original ctx error Fix https://github.com/coreos/etcd/issues/3209.	2016-04-01 14:30:31 -07:00
Xiang Li	72dea51e6a	rafthttp: do not block on proposal	2016-04-01 14:28:50 -07:00
Gyu-Ho Lee	74fa0270a4	*: bump to v2.3.0+git	2016-03-18 10:23:04 -07:00
				`@ -1,2 +0,0 @@`

				`Please read https://etcd.io/docs/latest/reporting_bugs/`
				`@ -1,2 +0,0 @@`

				`Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.`