From 26ea86a1008fa7dfed9d0f4fe29315aa54477eea Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Fri, 22 Jul 2016 11:22:10 -0400 Subject: [PATCH] Update docs on the init command --- CHANGELOG.md | 6 +++++- command/init.go | 33 +++++++++++++++++---------------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ed16e1089..c5f254680e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,11 @@ FEATURES: environment variable. See the [environment variable documentation](https://www.vaultproject.io/docs/commands/environment.html) for more details. [GH-1594] + * **Service Discovery in `vault init`**: `-auto` option on `vault init` + will perform service discovery using Consul. When only one node is + discovered, an initialization attempt will be made and when more than + one node is discovered, they will be output. See `vault init --help` + for more details. [GH-1642] * **MongoDB Secret Backend**: Generate dynamic unique MongoDB database credentials based on configured roles. Sponsored by [CommerceHub](http://www.commercehub.com/). [GH-1414] @@ -49,7 +54,6 @@ IMPROVEMENTS: fields [GH-1567] * cli: `vault write -field` now allows selecting wrapped response fields [GH-1567] - * command/init: Added service discovery to `init` command [GH-1642] * core: Response wrapping is now enabled for login endpoints [GH-1588] * core: The duration of leadership is now exported via events through telemetry [GH-1625] diff --git a/command/init.go b/command/init.go index 20ffd34839..84e0e3f522 100644 --- a/command/init.go +++ b/command/init.go @@ -303,27 +303,28 @@ Init Options: -recovery-pgp-keys If provided, behaves like "pgp-keys" but for the recovery key shares. This is not normally available. - -auto If set, performs service discovery using the underlying - Consul storage backend. When one or more Vault servers - are using Consul for data storage, setting this flag - will create a Consul client and discover nodes using - the service name under which Vault nodes are registered - with Consul. The service name can be changed using - 'consul-service' flag. This option works well when each - Vault cluster is registered under a unique service name. + -auto If set, performs service discovery using Consul. When + all the nodes of a Vault cluster are registered with + Consul, setting this flag will trigger service discovery + using the service name with which Vault nodes are + registered. This option works well when each Vault + cluster is registered under a unique service name. + Note that, when Consul is serving as Vault's HA backend, + Vault nodes are registered with Consul by default. The + service name can be changed using 'consul-service' flag. Ensure that environment variables required to communicate with Consul, like (CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, - CONSUL_HTTP_SSL, et al) are properly set. If only one - Vault node is discovered, then an initialization attempt - will be made. If more than one Vault node is discovered, + CONSUL_HTTP_SSL, et al) are properly set. When only one + Vault node is discovered, an initialization attempt will + be made. When more than one Vault node is discovered, they will be output. -consul-service Service name under which all the nodes of a Vault cluster - are registered with Consul. When Vault uses Consul as its - storage backend, by default, it will register as a service - with Consul by the name "vault". This name can be modified - in Vault's configuration file, using the "service" option - for the Consul backend. + are registered with Consul. Note that, when Vault uses + Consul as its HA backend, by default, Vault will register + itself as a service with Consul by the service name "vault". + This name can be modified in Vault's configuration file, + using the "service" option for the Consul backend. ` return strings.TrimSpace(helpText) }