raft: add support for using backend for ha_storage#9193
Merged
Conversation
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
vishalnayak
reviewed
Jun 18, 2020
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
…rage # Conflicts: # vault/logical_system.go
| // If we encountered and error we should try to create the key | ||
| // again. | ||
| if backoff { | ||
| nextRotationTime = time.Now().Add(10 * time.Second) |
Contributor
There was a problem hiding this comment.
Just curious, is the 10 seconds here arbitrary? How many times do we foresee backoff to be hit before success?
Contributor
Author
There was a problem hiding this comment.
Yeah, this is just an arbitrary value that's short enough for a retry. I'm assuming this is to guard against any potential errors encountered during rotation, such as inability to access physical storage due to some transient failure. @briankassouf might have more context on this.
Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
Contributor
alexanderbez
left a comment
alexanderbez
left a comment
There was a problem hiding this comment.
Performed another review. Looks good @calvn 👍
Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com>
| c.logger.Error("failed to create raft TLS keyring", "error", err) | ||
| return nil, err | ||
| if raftBackend != nil { | ||
| if _, err := c.raftCreateTLSKeyring(ctx); err != nil { |
Contributor
There was a problem hiding this comment.
You've wrapped these functions in that nil check a few places, but don't they already check if we are running raft storage in the function?
Contributor
Author
There was a problem hiding this comment.
Yeah, it's not necessary to wrap in this case. The other call is based on onInit though, so I'll leave that untouched.
Contributor
Author
There was a problem hiding this comment.
Actually I've been trying to get away from returning (nil, nil) as a pattern. I'll keep this as-is and return (nil, error) instead on that method.
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
vishalnayak
approved these changes
Jun 23, 2020
Contributor
vishalnayak
left a comment
vishalnayak
left a comment
There was a problem hiding this comment.
This is looking great!
catsby
added a commit
that referenced
this pull request
Jun 24, 2020
* master: Entity and alias counts (#9262) Token gauge metrics implementation. (#9239) mfa: fix import path on test file (#9303) doc: update vault helm enterprise image examples (#9299) raft: add support for using backend for ha_storage (#9193) Document new and previously undocumented telemetry metrics: (#9283) Improve the performance of snapshot installs by using rename (#9247) docs: add additional info around transform for tweak and template type (#9203) Update CHANGELOG.md CL++: Add go version to server message output
andaley
pushed a commit
that referenced
this pull request
Jul 17, 2020
* raft: initial work on raft ha storage support * add note on join * add todo note * raft: add support for bootstrapping and joining existing nodes * raft: gate bootstrap join by reading leader api address from storage * raft: properly check for raft-only for certain conditionals * raft: add bootstrap to api and cli * raft: fix bootstrap cli command * raft: add test for setting up new cluster with raft HA * raft: extend TestRaft_HA_NewCluster to include inmem and consul backends * raft: add test for updating an existing cluster to use raft HA * raft: remove debug log lines, clean up verifyRaftPeers * raft: minor cleanup * raft: minor cleanup * Update physical/raft/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/ha.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/ha.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * address feedback comments * address feedback comments * raft: refactor tls keyring logic * address feedback comments * Update vault/raft.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * address feedback comments * testing: fix import ordering * raft: rename var, cleanup comment line * docs: remove ha_storage restriction note on raft * docs: more raft HA interaction updates with migration and recovery mode * docs: update the raft join command * raft: update comments * raft: add missing isRaftHAOnly check for clearing out state set earlier * raft: update a few ha_storage config checks * Update command/operator_raft_bootstrap.go Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com> * raft: address feedback comments * raft: fix panic when checking for config.HAStorage.Type * Update vault/raft.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update website/pages/docs/commands/operator/raft.mdx Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * raft: remove bootstrap cli command * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * raft: address review feedback * raft: revert vendored sdk * raft: don't send applied index and node ID info if we're HA-only Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.