luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Update documentation around dynamodb changes

This commit is contained in:
Jeff Mitchell 2016-07-18 14:10:55 -04:00
parent df621911d7
commit 04f0471a9f
4 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -4,6 +4,10 @@ DEPRECATIONS/BREAKING CHANGES:
* Issued certificates from the `pki` backend against new roles created or
modified after upgrading will contain a set of default key usages.
* The `dynamodb` physical data store no longer supports HA by default. It has
some non-ideal behavior around failover that was causing confusion. See the
[documentation] for information on enabling HA mode. It is very important
that this configuration is added _before upgrading_.
FEATURES:

4
website/source/docs/config/index.html.md
View File

@ -461,7 +461,9 @@ The DynamoDB backend has the following options:
* `ha_enabled` (optional) - Setting this to `"1"`, `"t"`, or `"true"` will
enable HA mode. Please ensure you have read the documentation for the
`recovery_mode` option before enabling this. This option can also be
provided via the environment variable `DYNAMODB_HA_ENABLED`.
provided via the environment variable `DYNAMODB_HA_ENABLED`. If you are
upgrading from a version of Vault where HA support was enabled by default,
it is _very important_ that you set this parameter _before_ upgrading!
* `recovery_mode` (optional) - When the Vault leader crashes or is killed
without being able to shut down properly, no other node can become the new

35
website/source/docs/install/upgrade-to-0.6.1.html.md Normal file
View File

@ -0,0 +1,35 @@
---
layout: "install"
page_title: "Upgrading to Vault 0.6.1"
sidebar_current: "docs-install-upgrade-to-0.6.1"
description: |-
Learn how to upgrade to Vault 0.6.1
---
# Overview
This page contains the list of breaking changes for Vault 0.6.1. Please read it
carefully.
## PKI Backend Certificates Will Contain Default Key Usages
Issued certificates from the `pki` backend against roles created or modified
after upgrading will contain a set of default key usages. This increases
compatibility with some software that requires strict adherence to RFCs, such
as OpenVPN.
This behavior is fully adjustable; see the [PKI backend
documentation](https://www.vaultproject.io/docs/secrets/pki/index.html) for
details.
## DynamoDB Does Not Support HA By Default
If using DynamoDB and want to use HA support, you will need to explicitly
enable it in Vault's configuration; see the
[documentation](https://www.vaultproject.io/docs/config/index.html#ha_enabled)
for details.
If you are already using DynamoDB in an HA fashion and wish to keep doing so,
it is *very important* that you set this option before upgrading your Vault
instances. Without doing so, each Vault instance will believe that it is
standalone and there will be consistency issues.

3
website/source/layouts/install.erb
View File

@ -28,6 +28,9 @@
<li<%= sidebar_current("docs-install-upgrade-to-0.6") %>>
<a href="/docs/install/upgrade-to-0.6.html">Upgrade to 0.6</a>
</li>
<li<%= sidebar_current("docs-install-upgrade-to-0.6.1") %>>
<a href="/docs/install/upgrade-to-0.6.1.html">Upgrade to 0.6.1</a>
</li>
</ul>
</li>
</ul>