Unable to disable http & https

[IBMRob]

If you have a question, please direct it to the
consul mailing list if it hasn't been
addressed in either the FAQ or in one
of the Consul Guides.

When filing a bug, please include the following:

consul version for both Client and Server

Client: Consul v0.9.2
Server: Consul v0.9.2

consul info for both Client and Server

Client:

agent:
	check_monitors = 0
	check_ttls = 0
	checks = 0
	services = 1
build:
	prerelease = 
	revision = 75ca2ca
	version = 0.9.2
consul:
	known_servers = 3
	server = false
runtime:
	arch = amd64
	cpu_count = 4
	goroutines = 42
	max_procs = 4
	os = linux
	version = go1.8.3
serf_lan:
	coordinate_resets = 0
	encrypted = true
	event_queue = 0
	event_time = 5
	failed = 0
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 17
	members = 17
	query_queue = 0
	query_time = 1

Server:

agent:
	check_monitors = 0
	check_ttls = 0
	checks = 0
	services = 1
build:
	prerelease = 
	revision = 75ca2ca
	version = 0.9.2
consul:
	bootstrap = false
	known_datacenters = 1
	leader = false
	leader_addr = 172.17.0.4:8300
	server = true
raft:
	applied_index = 6875
	commit_index = 6875
	fsm_pending = 0
	last_contact = 12.283904ms
	last_log_index = 6875
	last_log_term = 6
	last_snapshot_index = 0
	last_snapshot_term = 0
	latest_configuration = [{Suffrage:Voter ID:172.17.0.2:8300 Address:172.17.0.2:8300} {Suffrage:Voter ID:172.17.0.3:8300 Address:172.17.0.3:8300} {Suffrage:Voter ID:172.17.0.4:8300 Address:172.17.0.4:8300}]
	latest_configuration_index = 1
	num_peers = 2
	protocol_version = 2
	protocol_version_max = 3
	protocol_version_min = 0
	snapshot_version_max = 1
	snapshot_version_min = 0
	state = Follower
	term = 6
runtime:
	arch = amd64
	cpu_count = 4
	goroutines = 139
	max_procs = 4
	os = linux
	version = go1.8.3
serf_lan:
	coordinate_resets = 0
	encrypted = true
	event_queue = 0
	event_time = 5
	failed = 0
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 17
	members = 17
	query_queue = 0
	query_time = 1
serf_wan:
	coordinate_resets = 0
	encrypted = true
	event_queue = 0
	event_time = 1
	failed = 0
	health_score = 0
	intent_queue = 0
	left = 0
	member_time = 5
	members = 3
	query_queue = 0
	query_time = 1

Operating system and Environment details

Ubuntu 14.04

Description of the Issue (and unexpected/desired result)

We have been migrating from Consul 0.5.0 (I know very old) to the latest version. On many of our client we disabled the http API as we don't want the ports open for access. This worked fine on 0.5.0 but when we run on 0.8.0 and above we get the following error when starting up in client mode:

==> WARNING: LAN keyring exists but -encrypt given, using keyring
==> Starting Consul agent...
==> Error starting agent: watch plans require an HTTP or HTTPS endpoint
==> Error starting agent: watch plans require an HTTP or HTTPS endpoint

We have no watch plans defined in this configuration so don't want to enable HTTP for certain clients.

If I enable the http port but then use iptables to block all access to the port consul seems to operate fine for us which asks the question why we have to have it set.
In our production environment we can't use iptables so this is currently blocking our migration.

Reproduction steps

set http and https to -1 in config json.

  "ports": {
    "http": -1,
    "https": -1
  },

Log Fragments or Link to gist

Include appropriate Client or Server log fragments. If the log is longer
than a few dozen lines, please include the URL to the
gist.

TIP: Use -log-level=TRACE on the client and server to capture the maximum log detail.

[magiconair]

I'm working on the config code right now and will keep that in mind.

[magiconair]

I'll address this for 1.0 beta - maybe even in #3480. The change should be simple:

1. stop existing watches
2. if there are no watches just return
3. check for HTTP endpoint and return error if there are none
4. start new watches