Commit graph

39 commits

Author SHA1 Message Date
Bill Monkman de8477244e #1486 : Fixed sealed and leader checks for consul backend 2016-06-03 16:00:31 -07:00
Sean Chittenden 7e5dbf409e Be idiomatic. Use a switch instead of if/else 2016-04-29 11:35:33 -07:00
Sean Chittenden 614104717c Remove useless return statement 2016-04-28 13:16:17 -07:00
Sean Chittenden 93ba3a0b8a Refactor the Consul Backend to match evented demuxer 2016-04-28 11:05:18 -07:00
Sean Chittenden e129273e4f Debug log consul configuration parameters when set 2016-04-28 11:05:18 -07:00
Sean Chittenden cc64778628 Fix logger output
Pointed out by: ryanuber
2016-04-28 11:05:18 -07:00
Sean Chittenden 557d8b8a24 Make use of logger interface inside of the Consul BE 2016-04-25 20:10:55 -07:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Sean Chittenden 5fd5869bc5 Rewriting history before it gets away from me 2016-04-25 18:05:50 -07:00
Sean Chittenden 9b8095d7ea Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden f5183fa506 Collapse UpdateAdvertiseAddr() into RunServiceDiscovery() 2016-04-25 18:01:13 -07:00
Sean Chittenden 7fe0b2c6a1 Persistently retry to update service registration
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second.  Allow for concurrent changes to the state with a single registration updater.  Fix standby initialization.
2016-04-25 18:01:13 -07:00
Sean Chittenden 60006f550f Various refactoring to clean up code organization
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden 53f9cea87c Compare the correct values when validating check_timeout 2016-04-25 18:01:13 -07:00
Sean Chittenden 70ae7f73b4 Detect type conversion failure 2016-04-25 18:01:13 -07:00
Sean Chittenden 6b2c83564e Teach Vault how to register with Consul
Vault will now register itself with Consul.  The active node can be found using `active.vault.service.consul`.  All standby vaults are available via `standby.vault.service.consul`.  All unsealed vaults are considered healthy and available via `vault.service.consul`.  Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).

Healthy/active:

```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo;
[
    {
        "Node": {
            "Node": "vm1",
            "Address": "127.0.0.1",
            "TaggedAddresses": {
                "wan": "127.0.0.1"
            },
            "CreateIndex": 3,
            "ModifyIndex": 20
        },
        "Service": {
            "ID": "vault:127.0.0.1:8200",
            "Service": "vault",
            "Tags": [
                "active"
            ],
            "Address": "127.0.0.1",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm1",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm1",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.1:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Healthy/standby:

```
[snip]
        "Service": {
            "ID": "vault:127.0.0.2:8200",
            "Service": "vault",
            "Tags": [
                "standby"
            ],
            "Address": "127.0.0.2",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Sealed:

```
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "critical",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "Vault Sealed",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 38
            }
        ]
```
2016-04-25 18:01:13 -07:00
Jeff Mitchell 5edaf522a8 Use a pooled transport for the Consul physical backend and give it 4 idle connections 2016-02-17 16:53:30 -05:00
Jeff Mitchell be1b4c8a46 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Jeff Mitchell bf2bf06997 Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs 2015-12-17 15:23:13 -05:00
Jeff Mitchell 3bdbd66f7d Remove datacenter from Consul configuration, as it cannot actually do
anything

Fixes #816
2015-12-03 15:16:37 -05:00
Jeff Mitchell 69b522f3ea Add new Consul API client MonitorRetries option 2015-12-01 00:08:14 -05:00
Jeff Mitchell 7f44a1b812 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell bf2e553785 Add a PermitPool to physical and consul/inmem
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.

Fixes #677
2015-11-03 11:49:20 -05:00
Jeff Mitchell cba4e82682 Don't use http.DefaultClient
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
2015-10-15 17:54:00 -04:00
Daniel Kaffee a5ad818d8e only use NewCertPool if there is a ca cert otherwise use host's certificates 2015-07-28 15:31:30 +03:00
Daniel Kaffee 280fec2913 fix potential insecure skip verification bug 2015-07-28 15:15:31 +03:00
Daniel Kaffee 7b743f12fe fix identification to go formatting 2015-07-28 15:06:56 +03:00
Daniel Kaffee 4146be770c refactor code 2015-07-28 14:55:33 +03:00
Armon Dadgar 47cfc85079 physical/consul: Fixing read of leader when standby. Fixes #178 2015-05-11 10:54:29 -07:00
Brandon Philips 3d3d725fc5 pysical: minor doc error in consul
ot -> to
2015-05-08 23:37:16 -07:00
Armon Dadgar ad3cfa206b physical/consul: Fixing path for locks 2015-05-08 15:34:29 -07:00
Armon Dadgar 5dad76d5a1 physical/consul: Support address detection using the agent 2015-05-02 15:34:39 -07:00
Armon Dadgar b28dac7cb2 physical: Support association of value with lock 2015-04-14 16:36:53 -07:00
Armon Dadgar cd6db0a637 physical: First pass at HABackend 2015-04-14 11:49:46 -07:00
Armon Dadgar 9aec9fe577 physical: Add profiling to Consul backend 2015-04-14 11:09:24 -07:00
Armon Dadgar 4bc10930b3 physical: Default consul path to vault/ 2015-04-03 17:05:18 -07:00
Armon Dadgar 1d839d033c physical: Adding Consul backend 2015-04-03 16:44:32 -07:00
Armon Dadgar 001bf70c68 physical: Factory constructor style for backends 2015-03-05 13:47:10 -08:00
Armon Dadgar 4060860194 physical: Adding interface, in-mem implementation, and skeleton for Consul/File 2015-03-02 10:48:53 -08:00