Don't copy HA lock file during migration (#5503)

This commit is contained in:
Jim Kalafut 2018-10-12 09:29:15 -07:00 committed by GitHub
parent 6e82953694
commit 123e34f4a7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 5 deletions

View File

@ -16,6 +16,7 @@ import (
"github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/logging" "github.com/hashicorp/vault/helper/logging"
"github.com/hashicorp/vault/physical" "github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault"
"github.com/mitchellh/cli" "github.com/mitchellh/cli"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/posener/complete" "github.com/posener/complete"
@ -196,7 +197,7 @@ func (c *OperatorMigrateCommand) migrate(config *migratorConfig) error {
// migrateAll copies all keys in lexicographic order. // migrateAll copies all keys in lexicographic order.
func (c *OperatorMigrateCommand) migrateAll(ctx context.Context, from physical.Backend, to physical.Backend) error { func (c *OperatorMigrateCommand) migrateAll(ctx context.Context, from physical.Backend, to physical.Backend) error {
return dfsScan(ctx, from, func(ctx context.Context, path string) error { return dfsScan(ctx, from, func(ctx context.Context, path string) error {
if path < c.flagStart || path == migrationLock { if path < c.flagStart || path == migrationLock || path == vault.CoreLockPath {
return nil return nil
} }

View File

@ -20,6 +20,7 @@ import (
"github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/base62"
"github.com/hashicorp/vault/helper/testhelpers" "github.com/hashicorp/vault/helper/testhelpers"
"github.com/hashicorp/vault/physical" "github.com/hashicorp/vault/physical"
"github.com/hashicorp/vault/vault"
) )
func init() { func init() {
@ -262,6 +263,10 @@ func generateData() map[string][]byte {
result[strings.Join(segments, "/")] = data result[strings.Join(segments, "/")] = data
} }
// Add special keys that should be excluded from migration
result[migrationLock] = []byte{}
result[vault.CoreLockPath] = []byte{}
return result return result
} }
@ -286,6 +291,14 @@ func compareStoredData(s physical.Backend, ref map[string][]byte, start string)
if err != nil { if err != nil {
return err return err
} }
if k == migrationLock || k == vault.CoreLockPath {
if entry == nil {
continue
}
return fmt.Errorf("key found that should have been excluded: %s", k)
}
if k >= start { if k >= start {
if entry == nil { if entry == nil {
return fmt.Errorf("key not found: %s", k) return fmt.Errorf("key not found: %s", k)

View File

@ -37,9 +37,9 @@ import (
) )
const ( const (
// coreLockPath is the path used to acquire a coordinating lock // CoreLockPath is the path used to acquire a coordinating lock
// for a highly-available deploy. // for a highly-available deploy.
coreLockPath = "core/lock" CoreLockPath = "core/lock"
// The poison pill is used as a check during certain scenarios to indicate // The poison pill is used as a check during certain scenarios to indicate
// to standby nodes that they should seal // to standby nodes that they should seal

View File

@ -91,7 +91,7 @@ func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err erro
} }
// Initialize a lock // Initialize a lock
lock, err := c.ha.LockWith(coreLockPath, "read") lock, err := c.ha.LockWith(CoreLockPath, "read")
if err != nil { if err != nil {
c.stateLock.RUnlock() c.stateLock.RUnlock()
return false, "", "", err return false, "", "", err
@ -392,7 +392,7 @@ func (c *Core) waitForLeadership(newLeaderCh chan func(), manualStepDownCh, stop
c.logger.Error("failed to generate uuid", "error", err) c.logger.Error("failed to generate uuid", "error", err)
return return
} }
lock, err := c.ha.LockWith(coreLockPath, uuid) lock, err := c.ha.LockWith(CoreLockPath, uuid)
if err != nil { if err != nil {
c.logger.Error("failed to create lock", "error", err) c.logger.Error("failed to create lock", "error", err)
return return