Clarify the disable_mlock option

This commit is contained in:
Sheldon Hearn 2015-05-28 12:40:56 +02:00
parent daa5b9c1b5
commit 71c462b3b2

View file

@ -39,7 +39,7 @@ to specify where the configuration is.
* `disable_mlock` (optional) - A boolean. If true, this will disable the
server from executing the `mlock` syscall to prevent memory from being
swapped to disk. This is not recommended.
swapped to disk. This is not recommended in production (see below).
* `statsite_addr` (optional) - An address to a [Statsite](https://github.com/armon/statsite)
instances for metrics. This is highly recommended for production usage.
@ -47,6 +47,16 @@ to specify where the configuration is.
* `statsd_addr` (optional) - This is the same as `statsite_addr` but
for StatsD.
In production, you should only consider setting the `disable_mlock` option
on Linux systems that only use encrypted swap or do not use swap at all.
Vault does not currently support memory locking on Mac OS X and Windows
and so the feature is automatically disabled on those platforms. To give
the Vault executable access to the `mlock` syscall on Linux systems:
```shell
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
```
## Backend Reference
For the `backend` section, the supported backends are shown below.