Don't copy HA lock file during migration (#5503)
This commit is contained in:
Jim Kalafut
GitHub
parent
6e82953694
commit
123e34f4a7
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/hashicorp/vault/command/server"
|
||||
"github.com/hashicorp/vault/helper/logging"
|
||||
"github.com/hashicorp/vault/physical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
"github.com/mitchellh/cli"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/posener/complete"
|
||||
|
|
@ -196,7 +197,7 @@ func (c *OperatorMigrateCommand) migrate(config *migratorConfig) error {
|
|||
// migrateAll copies all keys in lexicographic order.
|
||||
func (c *OperatorMigrateCommand) migrateAll(ctx context.Context, from physical.Backend, to physical.Backend) error {
|
||||
return dfsScan(ctx, from, func(ctx context.Context, path string) error {
|
||||
if path < c.flagStart || path == migrationLock {
|
||||
if path < c.flagStart || path == migrationLock || path == vault.CoreLockPath {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import (
|
|||
"github.com/hashicorp/vault/helper/base62"
|
||||
"github.com/hashicorp/vault/helper/testhelpers"
|
||||
"github.com/hashicorp/vault/physical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
@ -262,6 +263,10 @@ func generateData() map[string][]byte {
|
|||
result[strings.Join(segments, "/")] = data
|
||||
}
|
||||
|
||||
// Add special keys that should be excluded from migration
|
||||
result[migrationLock] = []byte{}
|
||||
result[vault.CoreLockPath] = []byte{}
|
||||
|
||||
return result
|
||||
}
|
||||
|
||||
|
|
@ -286,6 +291,14 @@ func compareStoredData(s physical.Backend, ref map[string][]byte, start string)
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if k == migrationLock || k == vault.CoreLockPath {
|
||||
if entry == nil {
|
||||
continue
|
||||
}
|
||||
return fmt.Errorf("key found that should have been excluded: %s", k)
|
||||
}
|
||||
|
||||
if k >= start {
|
||||
if entry == nil {
|
||||
return fmt.Errorf("key not found: %s", k)
|
||||
|
|
|
|||
|
|
@ -37,9 +37,9 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
// coreLockPath is the path used to acquire a coordinating lock
|
||||
// CoreLockPath is the path used to acquire a coordinating lock
|
||||
// for a highly-available deploy.
|
||||
coreLockPath = "core/lock"
|
||||
CoreLockPath = "core/lock"
|
||||
|
||||
// The poison pill is used as a check during certain scenarios to indicate
|
||||
// to standby nodes that they should seal
|
||||
|
|
|
|||
|
|
@ -91,7 +91,7 @@ func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err erro
|
|||
}
|
||||
|
||||
// Initialize a lock
|
||||
lock, err := c.ha.LockWith(coreLockPath, "read")
|
||||
lock, err := c.ha.LockWith(CoreLockPath, "read")
|
||||
if err != nil {
|
||||
c.stateLock.RUnlock()
|
||||
return false, "", "", err
|
||||
|
|
@ -392,7 +392,7 @@ func (c *Core) waitForLeadership(newLeaderCh chan func(), manualStepDownCh, stop
|
|||
c.logger.Error("failed to generate uuid", "error", err)
|
||||
return
|
||||
}
|
||||
lock, err := c.ha.LockWith(coreLockPath, uuid)
|
||||
lock, err := c.ha.LockWith(CoreLockPath, uuid)
|
||||
if err != nil {
|
||||
c.logger.Error("failed to create lock", "error", err)
|
||||
return
|
||||
|
|
|
|||
Loading…
Reference in New Issue