Don't copy HA lock file during migration (#5503)
This commit is contained in:
parent
6e82953694
commit
123e34f4a7
|
@ -16,6 +16,7 @@ import (
|
||||||
"github.com/hashicorp/vault/command/server"
|
"github.com/hashicorp/vault/command/server"
|
||||||
"github.com/hashicorp/vault/helper/logging"
|
"github.com/hashicorp/vault/helper/logging"
|
||||||
"github.com/hashicorp/vault/physical"
|
"github.com/hashicorp/vault/physical"
|
||||||
|
"github.com/hashicorp/vault/vault"
|
||||||
"github.com/mitchellh/cli"
|
"github.com/mitchellh/cli"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"github.com/posener/complete"
|
"github.com/posener/complete"
|
||||||
|
@ -196,7 +197,7 @@ func (c *OperatorMigrateCommand) migrate(config *migratorConfig) error {
|
||||||
// migrateAll copies all keys in lexicographic order.
|
// migrateAll copies all keys in lexicographic order.
|
||||||
func (c *OperatorMigrateCommand) migrateAll(ctx context.Context, from physical.Backend, to physical.Backend) error {
|
func (c *OperatorMigrateCommand) migrateAll(ctx context.Context, from physical.Backend, to physical.Backend) error {
|
||||||
return dfsScan(ctx, from, func(ctx context.Context, path string) error {
|
return dfsScan(ctx, from, func(ctx context.Context, path string) error {
|
||||||
if path < c.flagStart || path == migrationLock {
|
if path < c.flagStart || path == migrationLock || path == vault.CoreLockPath {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import (
|
||||||
"github.com/hashicorp/vault/helper/base62"
|
"github.com/hashicorp/vault/helper/base62"
|
||||||
"github.com/hashicorp/vault/helper/testhelpers"
|
"github.com/hashicorp/vault/helper/testhelpers"
|
||||||
"github.com/hashicorp/vault/physical"
|
"github.com/hashicorp/vault/physical"
|
||||||
|
"github.com/hashicorp/vault/vault"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -262,6 +263,10 @@ func generateData() map[string][]byte {
|
||||||
result[strings.Join(segments, "/")] = data
|
result[strings.Join(segments, "/")] = data
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add special keys that should be excluded from migration
|
||||||
|
result[migrationLock] = []byte{}
|
||||||
|
result[vault.CoreLockPath] = []byte{}
|
||||||
|
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -286,6 +291,14 @@ func compareStoredData(s physical.Backend, ref map[string][]byte, start string)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if k == migrationLock || k == vault.CoreLockPath {
|
||||||
|
if entry == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
return fmt.Errorf("key found that should have been excluded: %s", k)
|
||||||
|
}
|
||||||
|
|
||||||
if k >= start {
|
if k >= start {
|
||||||
if entry == nil {
|
if entry == nil {
|
||||||
return fmt.Errorf("key not found: %s", k)
|
return fmt.Errorf("key not found: %s", k)
|
||||||
|
|
|
@ -37,9 +37,9 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// coreLockPath is the path used to acquire a coordinating lock
|
// CoreLockPath is the path used to acquire a coordinating lock
|
||||||
// for a highly-available deploy.
|
// for a highly-available deploy.
|
||||||
coreLockPath = "core/lock"
|
CoreLockPath = "core/lock"
|
||||||
|
|
||||||
// The poison pill is used as a check during certain scenarios to indicate
|
// The poison pill is used as a check during certain scenarios to indicate
|
||||||
// to standby nodes that they should seal
|
// to standby nodes that they should seal
|
||||||
|
|
|
@ -91,7 +91,7 @@ func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err erro
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize a lock
|
// Initialize a lock
|
||||||
lock, err := c.ha.LockWith(coreLockPath, "read")
|
lock, err := c.ha.LockWith(CoreLockPath, "read")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.stateLock.RUnlock()
|
c.stateLock.RUnlock()
|
||||||
return false, "", "", err
|
return false, "", "", err
|
||||||
|
@ -392,7 +392,7 @@ func (c *Core) waitForLeadership(newLeaderCh chan func(), manualStepDownCh, stop
|
||||||
c.logger.Error("failed to generate uuid", "error", err)
|
c.logger.Error("failed to generate uuid", "error", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
lock, err := c.ha.LockWith(coreLockPath, uuid)
|
lock, err := c.ha.LockWith(CoreLockPath, uuid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.logger.Error("failed to create lock", "error", err)
|
c.logger.Error("failed to create lock", "error", err)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in New Issue