Allow Raft storage to be configured via env variables (#7745)

* Fix unordered imports * Allow Raft node ID to be set via the environment variable `VAULT_RAFT_NODE_ID` * Allow Raft path to be set via the environment variable `VAULT_RAFT_PATH` * Prioritize the environment when fetching the Raft configuration values Values in environment variables should override the config as per the documentation as well as common sense.
2025-08-20 06:01:10 +02:00 · 2019-10-28 17:43:12 +01:00 · 2019-10-28 17:43:12 +01:00 · 00ef4e3281
commit 00ef4e3281
parent efb76c0dfd
2 changed files with 26 additions and 7 deletions
--- a/physical/raft/raft.go
+++ b/physical/raft/raft.go
@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"github.com/armon/go-metrics"
 	"io"
 	"io/ioutil"
 	"os"
@ -13,6 +12,7 @@ import (
 	"sync"
 	"time"

+	"github.com/armon/go-metrics"
 	"github.com/golang/protobuf/proto"
 	"github.com/hashicorp/errwrap"
 	log "github.com/hashicorp/go-hclog"
@ -29,6 +29,12 @@ import (
 	"github.com/hashicorp/vault/sdk/physical"
 )

+// EnvVaultRaftNodeID is used to fetch the Raft node ID from the environment.
+const EnvVaultRaftNodeID = "VAULT_RAFT_NODE_ID"
+
+// EnvVaultRaftPath is used to fetch the path where Raft data is stored from the environment.
+const EnvVaultRaftPath = "VAULT_RAFT_PATH"
+
 // Verify RaftBackend satisfies the correct interfaces
 var _ physical.Backend = (*RaftBackend)(nil)
 var _ physical.Transactional = (*RaftBackend)(nil)
@ -116,9 +122,13 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend
 		return nil, fmt.Errorf("failed to create fsm: %v", err)
 	}

-	path, ok := conf["path"]
-	if !ok {
-		return nil, fmt.Errorf("'path' must be set")
+	path := os.Getenv(EnvVaultRaftPath)
+	if path == "" {
+		pathFromConfig, ok := conf["path"]
+		if !ok {
+			return nil, fmt.Errorf("'path' must be set")
+		}
+		path = pathFromConfig
 	}

 	// Build an all in-memory setup for dev mode, otherwise prepare a full
@ -163,8 +173,15 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend

 	var localID string
 	{
-		// Determine the local node ID
-		localID = conf["node_id"]
+		// Determine the local node ID from the environment.
+		if raftNodeID := os.Getenv(EnvVaultRaftNodeID); raftNodeID != "" {
+			localID = raftNodeID
+		}
+
+		// If not set in the environment check the configuration file.
+		if len(localID) == 0 {
+			localID = conf["node_id"]
+		}

 		// If not set in the config check the "node-id" file.
 		if len(localID) == 0 {
@ -180,7 +197,7 @@ func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend
 			}
 		}

-		// If the file didn't exist generate a UUID and persist it to tne
+		// If all of the above fails generate a UUID and persist it to the
 		// "node-id" file.
 		if len(localID) == 0 {
 			id, err := uuid.GenerateUUID()
--- a/website/source/docs/configuration/storage/raft.html.md
+++ b/website/source/docs/configuration/storage/raft.html.md
@ -44,7 +44,9 @@ cluster_addr = "http://127.0.0.1:8201"

 - `path` `(string: "")` – The file system path where all the Vault data gets
  stored.
+  This value can be overridden by setting the `VAULT_RAFT_PATH` environment variable.

 - `node_id` `(string: "")` - The identifier for the node in the Raft cluster.
+  This value can be overridden by setting the `VAULT_RAFT_NODE_ID` environment variable.

 [raft]: https://raft.github.io/ "The Raft Consensus Algorithm"