vault

mirror of https://github.com/hashicorp/vault.git synced 2025-09-02 04:21:08 +02:00

Author	SHA1	Message	Date
Bill Monkman	64d72672ff	#1486 : Fixed sealed and leader checks for consul backend	2016-06-03 16:00:31 -07:00
Sean Chittenden	1df788a73c	Be idiomatic. Use a switch instead of if/else	2016-04-29 11:35:33 -07:00
Sean Chittenden	01fac00f20	Remove useless return statement	2016-04-28 13:16:17 -07:00
Sean Chittenden	77dc1bd96b	Refactor the Consul Backend to match evented demuxer	2016-04-28 11:05:18 -07:00
Sean Chittenden	46f48f79f4	Debug log consul configuration parameters when set	2016-04-28 11:05:18 -07:00
Sean Chittenden	025b995f24	Fix logger output Pointed out by: ryanuber	2016-04-28 11:05:18 -07:00
Sean Chittenden	eaa60eec64	Make use of logger interface inside of the Consul BE	2016-04-25 20:10:55 -07:00
Sean Chittenden	455b76828f	Add a *log.Logger argument to physical.Factory Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.	2016-04-25 20:10:32 -07:00
Sean Chittenden	4db16355ec	Rewriting history before it gets away from me	2016-04-25 18:05:50 -07:00
Sean Chittenden	341abcae3a	Change to the pre-0.6.4 Consul Check API Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.	2016-04-25 18:01:13 -07:00
Sean Chittenden	9647f2e067	Collapse UpdateAdvertiseAddr() into RunServiceDiscovery()	2016-04-25 18:01:13 -07:00
Sean Chittenden	f4e1594ae9	Persistently retry to update service registration If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second. Allow for concurrent changes to the state with a single registration updater. Fix standby initialization.	2016-04-25 18:01:13 -07:00
Sean Chittenden	53dd43650e	Various refactoring to clean up code organization Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`	2016-04-25 18:01:13 -07:00
Sean Chittenden	40a3c534f4	Compare the correct values when validating check_timeout	2016-04-25 18:01:13 -07:00
Sean Chittenden	e54c990f50	Detect type conversion failure	2016-04-25 18:01:13 -07:00
Sean Chittenden	c0bbeba5ad	Teach Vault how to register with Consul Vault will now register itself with Consul. The active node can be found using `active.vault.service.consul`. All standby vaults are available via `standby.vault.service.consul`. All unsealed vaults are considered healthy and available via `vault.service.consul`. Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)). Healthy/active: ``` curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo; [ { "Node": { "Node": "vm1", "Address": "127.0.0.1", "TaggedAddresses": { "wan": "127.0.0.1" }, "CreateIndex": 3, "ModifyIndex": 20 }, "Service": { "ID": "vault:127.0.0.1:8200", "Service": "vault", "Tags": [ "active" ], "Address": "127.0.0.1", "Port": 8200, "EnableTagOverride": false, "CreateIndex": 17, "ModifyIndex": 20 }, "Checks": [ { "Node": "vm1", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm1", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "passing", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "", "ServiceID": "vault:127.0.0.1:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 19 } ] } ] ``` Healthy/standby: ``` [snip] "Service": { "ID": "vault:127.0.0.2:8200", "Service": "vault", "Tags": [ "standby" ], "Address": "127.0.0.2", "Port": 8200, "EnableTagOverride": false, "CreateIndex": 17, "ModifyIndex": 20 }, "Checks": [ { "Node": "vm2", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm2", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "passing", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "", "ServiceID": "vault:127.0.0.2:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 19 } ] } ] ``` Sealed: ``` "Checks": [ { "Node": "vm2", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm2", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "critical", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "Vault Sealed", "ServiceID": "vault:127.0.0.2:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 38 } ] ```	2016-04-25 18:01:13 -07:00
Jeff Mitchell	541edf8981	Use a pooled transport for the Consul physical backend and give it 4 idle connections	2016-02-17 16:53:30 -05:00
Jeff Mitchell	2667f08f97	Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it.	2016-01-22 10:07:32 -05:00
Jeff Mitchell	b38394e456	Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs	2015-12-17 15:23:13 -05:00
Jeff Mitchell	6800d5185b	Remove datacenter from Consul configuration, as it cannot actually do anything Fixes #816	2015-12-03 15:16:37 -05:00
Jeff Mitchell	4cdb7e9f44	Add new Consul API client MonitorRetries option	2015-12-01 00:08:14 -05:00
Jeff Mitchell	e0d2b1af78	Add configuration parameter for max parallel connections to Consul	2015-11-03 15:26:07 -05:00
Jeff Mitchell	867563de0d	Add a PermitPool to physical and consul/inmem The permit pool controls the number of outstanding operations that can be queued for Consul (and inmem, for testing purposes). This prevents possible situations where Vault launches thousands of concurrent connections to Consul if e.g. a huge number of leases need to be expired. Fixes #677	2015-11-03 11:49:20 -05:00
Jeff Mitchell	0dbbef1ac0	Don't use http.DefaultClient This strips out http.DefaultClient everywhere I could immediately find it. Too many things use it and then modify it in incompatible ways. Fixes #700, I believe.	2015-10-15 17:54:00 -04:00
Daniel Kaffee	cf0ac18577	only use NewCertPool if there is a ca cert otherwise use host's certificates	2015-07-28 15:31:30 +03:00
Daniel Kaffee	2aadddd8f2	fix potential insecure skip verification bug	2015-07-28 15:15:31 +03:00
Daniel Kaffee	08feed86af	fix identification to go formatting	2015-07-28 15:06:56 +03:00
Daniel Kaffee	68e340a285	refactor code	2015-07-28 14:55:33 +03:00
Armon Dadgar	b5acfcddb8	physical/consul: Fixing read of leader when standby. Fixes #178	2015-05-11 10:54:29 -07:00
Brandon Philips	4b83fe184e	pysical: minor doc error in consul ot -> to	2015-05-08 23:37:16 -07:00
Armon Dadgar	790a8f836e	physical/consul: Fixing path for locks	2015-05-08 15:34:29 -07:00
Armon Dadgar	b08560be57	physical/consul: Support address detection using the agent	2015-05-02 15:34:39 -07:00
Armon Dadgar	db309326c8	physical: Support association of value with lock	2015-04-14 16:36:53 -07:00
Armon Dadgar	9597035488	physical: First pass at HABackend	2015-04-14 11:49:46 -07:00
Armon Dadgar	ab90bde5e3	physical: Add profiling to Consul backend	2015-04-14 11:09:24 -07:00
Armon Dadgar	0d666e755c	physical: Default consul path to vault/	2015-04-03 17:05:18 -07:00
Armon Dadgar	1d2feafee3	physical: Adding Consul backend	2015-04-03 16:44:32 -07:00
Armon Dadgar	ce7d02f3b0	physical: Factory constructor style for backends	2015-03-05 13:47:10 -08:00
Armon Dadgar	f4e5b10952	physical: Adding interface, in-mem implementation, and skeleton for Consul/File	2015-03-02 10:48:53 -08:00

39 Commits