mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 22:21:30 +01:00
Code Issues Projects Releases Wiki Activity

Add more docs for update-primary (#22677)

Browse Source 
* add more docs for update-primary

* Update website/content/api-docs/system/replication/replication-dr.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/system/replication/replication-dr.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/system/replication/replication-dr.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/system/replication/replication-performance.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* Update website/content/api-docs/system/replication/replication-performance.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

* PR feedback

* Apply suggestions from code review

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

---------

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
This commit is contained in:
Josh Black 2023-09-01 12:42:46 -07:00 committed by GitHub
parent 5dc85c58c1
commit dbf094940f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 73 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
website/content/api-docs/system/replication/replication-dr.mdx
View File

@ -423,7 +423,7 @@ underlying storage.
```json ```json
{ {
"dr_operation_token": "...", "dr_operation_token": "..."
} }
``` ```
@ -438,13 +438,30 @@ $ curl \
## Update DR secondary's primary ## Update DR secondary's primary
This endpoint changes a DR secondary cluster's assigned primary cluster using a The update endpoint changes the primary cluster assigned to a DR
secondary activation token. This does not wipe all data in the cluster. secondary cluster. Changing the primary cluster assignment does not
wipe data in the secondary cluster.
This endpoint requires a DR Operation Token to be provided as means of This endpoint requires a DR Operation Token to be provided as means of
authorization. See the [DR Operation Token API authorization. See the [DR Operation Token API
docs](#generate-disaster-recovery-operation-token) for more information. docs](#generate-disaster-recovery-operation-token) for more information.
There are two ways to update the primary assignment:
1. **Use a secondary activation token with the `token` parameter**. An
activation token is required after a DR failover when updating a newly
demoted DR secondary cluster.
1. **Use primary cluster addresses with the `update_primary_addrs` parameter**.
During the update, cluster addresses are pinged one at a time via gRPC.
The first cluster to respond successfully is assigned as the new primary
address. Updating with cluster addresses is not allowed after a DR
failover when updating a newly demoted DR secondary cluster.
The two update methods are mutually exclusive. You may use one or the
other, but not both. A good rule of thumb is to use `token` on DR secondary
clusters and `update_primary_addrs` on performance secondary clusters.
| Method | Path | | Method | Path |
| :----- | :--------------------------------------------- | | :----- | :--------------------------------------------- |
| `POST` | `/sys/replication/dr/secondary/update-primary` | | `POST` | `/sys/replication/dr/secondary/update-primary` |
@ -475,8 +492,7 @@ docs](#generate-disaster-recovery-operation-token) for more information.
primary clusters. These addresses will be pinged in sequence, and if any of them primary clusters. These addresses will be pinged in sequence, and if any of them
respond successfully, these will be recorded as the new primary addresses. This is respond successfully, these will be recorded as the new primary addresses. This is
a lighter weight version of specifying a token and should result in less disruption a lighter weight version of specifying a token and should result in less disruption
of replication. Note that it's invalid to specify this and `token` in the same API call. of replication.
They are mutually exclusive.
### Sample payload ### Sample payload
@ -497,6 +513,25 @@ $ curl \
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/update-primary http://127.0.0.1:8200/v1/sys/replication/dr/secondary/update-primary
``` ```
### Sample payload
```json
{
"dr_operation_token": "...",
"update_primary_addrs": ["10.0.0.2:8201"]
}
```
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/update-primary
```
## Generate disaster recovery operation token ## Generate disaster recovery operation token
The `/sys/replication/dr/secondary/generate-operation-token` endpoint is used to create a new Disaster The `/sys/replication/dr/secondary/generate-operation-token` endpoint is used to create a new Disaster

37
website/content/api-docs/system/replication/replication-performance.mdx
View File

@ -540,8 +540,20 @@ $ curl \
## Update performance secondary's primary ## Update performance secondary's primary
This endpoint changes a performance secondary cluster's assigned primary cluster using a The update endpoint changes the primary cluster assigned to a
secondary activation token. This does not wipe all data in the cluster. performance secondary cluster. Changing the primary cluster assignment
does not wipe data in the secondary cluster.
There are two ways to update the primary assignment:
1. **Use a secondary activation token with the `token` parameter**.
1. **Use primary cluster addresses with the `update_primary_addrs` parameter**.
During the update, cluster addresses are pinged one at a time via gRPC. The
first cluster to respond successfully is assigned as the new primary address.
The two update methods are mutually exclusive. You may use one or the other,
but not both. A good rule of thumb is to use `token` on DR secondary
clusters and `update_primary_addrs` on performance secondary clusters.
| Method | Path | | Method | Path |
| :----- | :------------------------------------------------------ | | :----- | :------------------------------------------------------ |
@ -571,8 +583,7 @@ secondary activation token. This does not wipe all data in the cluster.
primary clusters. These addresses will be pinged in sequence, and if any of them primary clusters. These addresses will be pinged in sequence, and if any of them
respond successfully, these will be recorded as the new primary addresses. This is respond successfully, these will be recorded as the new primary addresses. This is
a lighter weight version of specifying a token and should result in less disruption a lighter weight version of specifying a token and should result in less disruption
of replication. Note that it's invalid to specify this and `token` in the same API call. of replication.
They are mutually exclusive.
### Sample payload ### Sample payload
@ -591,3 +602,21 @@ $ curl \
--data @payload.json \ --data @payload.json \
http://127.0.0.1:8200/v1/sys/replication/performance/secondary/update-primary http://127.0.0.1:8200/v1/sys/replication/performance/secondary/update-primary
``` ```
### Sample payload
```json
{
"update_primary_addrs": ["10.0.0.2:8201"]
}
```
### Sample request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/replication/performance/secondary/update-primary
```