diff --git a/vault/core.go b/vault/core.go index 62845b736..963b4d2f0 100644 --- a/vault/core.go +++ b/vault/core.go @@ -122,6 +122,9 @@ type Core struct { // renewal, expiration and revocation expiration *ExpirationManager + // rollback manager is used to run rollbacks periodically + rollback *RollbackManager + logger *log.Logger } @@ -464,12 +467,18 @@ func (c *Core) postUnseal() error { if err := c.setupExpiration(); err != nil { return err } + if err := c.startRollback(); err != nil { + return err + } return nil } // preSeal is invoked before the barrier is sealed, allowing // for any state teardown required. func (c *Core) preSeal() error { + if err := c.stopRollback(); err != nil { + return err + } if err := c.stopExpiration(); err != nil { return err } diff --git a/vault/rollback.go b/vault/rollback.go index 57427dc4e..d0ec33737 100644 --- a/vault/rollback.go +++ b/vault/rollback.go @@ -39,6 +39,8 @@ func (m *RollbackManager) Start() { return } + m.Logger.Printf("[INFO] rollback: starting rollback manager") + var mounts map[string]*uint32 tick := time.NewTicker(m.Period) defer tick.Stop() @@ -48,6 +50,7 @@ func (m *RollbackManager) Start() { // If we're quitting, then stop if atomic.LoadUint32(&m.running) != 1 { + m.Logger.Printf("[INFO] rollback: stopping rollback manager") return } @@ -101,3 +104,32 @@ func (m *RollbackManager) rollback(path string, state *uint32) { path, err) } } + +// The methods below are the hooks from core that are called pre/post seal. + +func (c *Core) startRollback() error { + // Ensure if we had a rollback it was stopped. This should never + // be the case but it doesn't hurt to check. + if c.rollback != nil { + c.rollback.Stop() + } + + c.rollback = &RollbackManager{ + Logger: c.logger, + Router: c.router, + Mounts: c.mounts, + Period: 1 * time.Minute, + } + go c.rollback.Start() + + return nil +} + +func (c *Core) stopRollback() error { + if c.rollback != nil { + c.rollback.Stop() + c.rollback = nil + } + + return nil +}