From 64d72672ff1b00d44f935c26411598727ca9f529 Mon Sep 17 00:00:00 2001
From: Bill Monkman <bill.monkman@hootsuite.com>
Date: Fri, 3 Jun 2016 16:00:31 -0700
Subject: [PATCH] #1486 : Fixed sealed and leader checks for consul backend

---
 command/server.go  |  4 ++--
 physical/consul.go | 13 ++++++-------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/command/server.go b/command/server.go
index e962f7a454..e942c42681 100644
--- a/command/server.go
+++ b/command/server.go
@@ -301,14 +301,14 @@ func (c *ServerCommand) Run(args []string) int {
 		sd, ok := coreConfig.HAPhysical.(physical.ServiceDiscovery)
 		if ok {
 			activeFunc := func() bool {
-				if isLeader, _, err := core.Leader(); err != nil {
+				if isLeader, _, err := core.Leader(); err == nil {
 					return isLeader
 				}
 				return false
 			}
 
 			sealedFunc := func() bool {
-				if sealed, err := core.Sealed(); err != nil {
+				if sealed, err := core.Sealed(); err == nil {
 					return sealed
 				}
 				return true
diff --git a/physical/consul.go b/physical/consul.go
index 11dfaf048b..657bf2f63f 100644
--- a/physical/consul.go
+++ b/physical/consul.go
@@ -463,12 +463,12 @@ shutdown:
 			// Abort if service discovery is disabled or a
 			// reconcile handler is active
 			if !c.disableRegistration && atomic.CompareAndSwapInt64(&checkLock, 0, 1) {
-				// Enter handler with serviceRegLock held
+				// Enter handler with checkLock held
 				go func() {
 					defer atomic.CompareAndSwapInt64(&checkLock, 1, 0)
 					for !shutdown {
-						unsealed := sealedFunc()
-						if err := c.runCheck(unsealed); err != nil {
+						sealed := sealedFunc()
+						if err := c.runCheck(sealed); err != nil {
 							c.logger.Printf("[WARN]: consul: check unable to talk with Consul backend: %v", err)
 							time.Sleep(consulRetryInterval)
 							continue
@@ -573,12 +573,11 @@ func (c *ConsulBackend) reconcileConsul(registeredServiceID string, activeFunc a
 	return serviceID, nil
 }
 
-// runCheck immediately pushes a TTL check.  Assumes c.serviceLock is held
-// exclusively.
-func (c *ConsulBackend) runCheck(unsealed bool) error {
+// runCheck immediately pushes a TTL check.
+func (c *ConsulBackend) runCheck(sealed bool) error {
 	// Run a TTL check
 	agent := c.client.Agent()
-	if unsealed {
+	if !sealed {
 		return agent.PassTTL(c.checkID(), "Vault Unsealed")
 	} else {
 		return agent.FailTTL(c.checkID(), "Vault Sealed")