1f36e2a846
Use 1-based indexing for unseal keys in three node dev cluster
2017-08-01 11:12:45 -04:00
d0f329e124
Add leader cluster address to status/leader output. ( #3061 )
...
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.
Fixes #3042
2017-07-31 18:25:27 -04:00
1bfc6d4fe7
Add a -dev-three-node option for devs. ( #3081 )
2017-07-31 11:28:06 -04:00
d55d75a79f
Convert listener arguments to map[string]interface{} ( #2905 )
...
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
2017-06-22 20:29:53 +01:00
286392c2a2
Fix tests
2017-06-21 11:19:38 -04:00
069764ea8f
Add option to have dev mode generic backend return leases
2017-06-21 10:42:50 -04:00
33ca94773f
Add DogStatsD metrics output. ( #2883 )
...
Fixes #2490
2017-06-16 23:51:46 -04:00
9d4801b1e8
Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff
2017-05-24 10:38:48 -04:00
5ee0d696d4
Merge remote-tracking branch 'oss/master' into database-refactor
2017-05-04 10:45:18 -07:00
3d939dbe50
Further Sethisize loglevel inputz
2017-04-25 11:14:25 -04:00
7283894f41
Sethisize log level
2017-04-25 11:12:38 -04:00
6c8239ba03
Update the builtin keys; move catalog to core; protect against unset plugin directory
2017-04-24 10:30:33 -07:00
6f9d178370
Calls to builtin plugins now go directly to the implementation instead of go-plugin
2017-04-20 18:46:41 -07:00
af9ff63e9a
Merge remote-tracking branch 'oss/master' into database-refactor
2017-04-19 15:16:00 -07:00
8a3ef906d5
Update the plugin directory logic
2017-04-13 11:22:53 -07:00
8ccf10641b
Merge branch 'master' into database-refactor
2017-04-12 14:29:10 -07:00
0034074691
Execute builtin plugins
2017-04-04 14:43:39 -07:00
a8d64c5721
Add some minor tweaks to the PR
2017-04-04 12:22:14 -04:00
e8781b6a2b
Plugin catalog
2017-04-03 17:52:29 -07:00
ad9546104b
Typo corrections and tweaks to commands' help info
...
* Normalize "X arguments expected" messages
* Use "Vault" when referring to the product and "vault" when referring to an instance of the product
* Various minor tweaks to improve readability and/or provide clarity
2017-03-25 12:51:12 -05:00
b11f92ba5a
Rename physical backend to storage and alias old value ( #2456 )
2017-03-08 09:17:00 -05:00
2cc0906b33
Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 ( #2412 )
2017-02-27 12:49:35 -05:00
42d1c28bf5
Change the default DisplayName for a Circonus check to be `Vault` instead of the InstanceID.
...
Trivial defaults change, committing direct to `master`.
2017-02-26 15:18:46 -08:00
3ab4a82e03
Don't try synthesizing cluster when not in dev mode
2017-02-24 12:50:26 -05:00
b29861f7bb
Do some porting to make diffing easier
2017-02-24 10:45:29 -05:00
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
388d8cd191
Correct port parsing. ( #2354 )
...
* Correct port parsing.
Fixes #2351
* use strings.Contains instead of strings.HasSuffix
* Make the error message point to the wrong input
2017-02-08 13:50:17 -05:00
dc0f751994
Change an output to an error
2016-12-06 07:56:45 -05:00
7865143c1d
Minor ports
2016-12-05 12:28:12 -05:00
fef97d9169
Print the revision, if known, separately from the version.
...
Also, indicate whether the build is dynamic or not.
2016-11-27 19:28:35 -05:00
f1f38de8d4
Only add version sha if known
2016-11-27 19:16:44 -05:00
545e338a9e
Add version sha to server startup output
2016-11-22 16:43:05 -05:00
fc81a301b8
Don't say mlock is supported on OSX when it isn't. ( #2120 )
...
Fixes #2119
2016-11-22 12:56:36 -05:00
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
53efd18dda
Make listener shutdown more synchronous ( #1985 )
2016-10-10 13:18:19 -04:00
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
4214a0199d
Advertise the cluster_(id|name) in the Scada handshake ( #1906 )
2016-09-23 10:55:51 -04:00
57f3904d74
Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT
2016-09-22 17:22:02 -04:00
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
90737d3b44
Merge pull request #1836 from hashicorp/truncate-version-string
...
Remove the string 'Vault' from version information
2016-09-01 20:23:26 -04:00
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
61f1eee72c
Remove hex output from keys; standardize on B64 for CLI output. This ( #1831 )
...
aligns with all other interactions which use B64 encoding for bytes.
2016-09-01 12:59:15 -04:00
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
dd53c4b1d8
Don't validate a dev listen address as that makes a proper Docker
...
entrypoint difficult.
Fixes #1762
2016-08-23 08:34:43 -04:00
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
56940c282b
Force dev on when dev-ha is on
2016-08-19 08:29:34 -04:00
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
6ffefb649d
Close the shutdown channel instead of sending a value down
2016-08-01 11:58:45 -04:00
05b8ce8348
Address review feedback
2016-08-01 11:15:25 -04:00
5ed10f4074
Make the defer statement of waitgroup to execute last
2016-08-01 10:24:27 -04:00
ea2e677f02
Sharing shutdown message with physical consul backend
2016-07-31 10:09:16 -04:00
a8b4fc0d3c
Add waitgroup wait to allow physical consul to deregister checks
2016-07-30 13:17:29 -04:00
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
de8477244e
#1486 : Fixed sealed and leader checks for consul backend
2016-06-03 16:00:31 -07:00
0d9ea2a1a1
Initial Atlas listener implementation
2016-06-02 14:05:47 -04:00
c197414b3b
Prioritize dev flags over its env vars
2016-06-01 12:21:29 -04:00
885cc73b2e
Merge branch 'master-oss' into f-vault-service
2016-05-04 17:20:00 -04:00
2bbb39f4af
Properly handle sigint/hup
2016-05-03 14:30:58 -04:00
749b60d57d
Ensure seal finalizing happens even when using verify-only
2016-04-28 14:06:05 -04:00
0b72906fc3
Change the interface of ServiceDiscovery
...
Instead of passing state, signal that the state has changed and provide a callback handler that can query Core.
2016-04-28 11:05:18 -07:00
aeea7628d6
Add a *log.Logger argument to physical.Factory
...
Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
f5183fa506
Collapse UpdateAdvertiseAddr() into RunServiceDiscovery()
2016-04-25 18:01:13 -07:00
60006f550f
Various refactoring to clean up code organization
...
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
6b2c83564e
Teach Vault how to register with Consul
...
Vault will now register itself with Consul. The active node can be found using `active.vault.service.consul`. All standby vaults are available via `standby.vault.service.consul`. All unsealed vaults are considered healthy and available via `vault.service.consul`. Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).
Healthy/active:
```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty ' && echo;
[
{
"Node": {
"Node": "vm1",
"Address": "127.0.0.1",
"TaggedAddresses": {
"wan": "127.0.0.1"
},
"CreateIndex": 3,
"ModifyIndex": 20
},
"Service": {
"ID": "vault:127.0.0.1:8200",
"Service": "vault",
"Tags": [
"active"
],
"Address": "127.0.0.1",
"Port": 8200,
"EnableTagOverride": false,
"CreateIndex": 17,
"ModifyIndex": 20
},
"Checks": [
{
"Node": "vm1",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm1",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "passing",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "",
"ServiceID": "vault:127.0.0.1:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 19
}
]
}
]
```
Healthy/standby:
```
[snip]
"Service": {
"ID": "vault:127.0.0.2:8200",
"Service": "vault",
"Tags": [
"standby"
],
"Address": "127.0.0.2",
"Port": 8200,
"EnableTagOverride": false,
"CreateIndex": 17,
"ModifyIndex": 20
},
"Checks": [
{
"Node": "vm2",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm2",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "passing",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "",
"ServiceID": "vault:127.0.0.2:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 19
}
]
}
]
```
Sealed:
```
"Checks": [
{
"Node": "vm2",
"CheckID": "serfHealth",
"Name": "Serf Health Status",
"Status": "passing",
"Notes": "",
"Output": "Agent alive and reachable",
"ServiceID": "",
"ServiceName": "",
"CreateIndex": 3,
"ModifyIndex": 3
},
{
"Node": "vm2",
"CheckID": "vault-sealed-check",
"Name": "Vault Sealed Status",
"Status": "critical",
"Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
"Output": "Vault Sealed",
"ServiceID": "vault:127.0.0.2:8200",
"ServiceName": "vault",
"CreateIndex": 19,
"ModifyIndex": 38
}
]
```
2016-04-25 18:01:13 -07:00
230b59f34c
Stub out service discovery functionality
...
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
0c23acb818
Comment nits
2016-04-25 18:00:54 -07:00
069d9cf021
Fix SIGINT handling.
...
No signal handler was setup to receive SIGINT. I didn't investigate to
see if signal(2) mask was setup (ala `SIG_IGN`) or if sigprocmask(2) is
being used, but in either case, the correct behavior is to capture and
treat SIGINT the same as SIGTERM. At some point in the future these two
signals may affect the running process differently, but we will clarify
that difference in the future.
2016-04-15 10:03:22 -07:00
119238149b
Add Finalize method to seal.
2016-04-14 20:37:34 +00:00
a4ff72841e
Check for seal status when initing and change logic order to avoid defer
2016-04-14 01:13:59 +00:00
58846f8eac
Reinstall the mlockall(2) command
...
Requested by: jefferai
2016-04-05 13:58:26 -07:00
47c3202811
Unconditionally warn on systems w/o mlock support
...
If someone begins using Vault on Windows in dev mode, always hint so that this isn't a surprise when they get to production.
2016-04-05 12:32:53 -07:00
9102b994aa
Sync some seal stuff
2016-04-04 13:46:33 -04:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
b0888e8af1
Remove config from Meta; it's only used right now with the token helper.
2016-04-01 16:02:18 -04:00
a137081241
Move token helper out of meta
2016-04-01 14:23:15 -04:00
133d9c1008
Move meta into its own package
2016-04-01 13:16:05 -04:00
1be69ae235
Sort infokeys on startup and add more padding
2016-03-30 12:31:47 -04:00
6d7cbc890d
Fix Typo
2016-03-18 14:06:49 +00:00
0e3764832a
Add test for listener reloading, and update website docs.
2016-03-14 14:05:47 -04:00
b3218d26d6
Properly scope config objects for reloading
2016-03-14 11:18:02 -04:00
84af6ec8ac
Don't generate an ID; use address for the ID. Generally speaking we'll need to sane against what's in the config
2016-03-11 17:28:03 -05:00
9ce1be3b00
For not shutdown triggered...
2016-03-11 17:01:26 -05:00
d75ce9de9b
Retool to have reloading logic run in command/server
2016-03-11 16:47:03 -05:00
baf0763b3c
Add reload capability for Vault listener certs. No tests (other than
...
manual) yet, and no documentation yet.
2016-03-11 14:05:52 -05:00
0998e1cdf9
Update help text exporting dev mode listen address.
...
Ping #1160
2016-03-03 18:10:14 -05:00
69c853fd2f
Add the ability to specify dev mode address via CLI flag and envvar.
...
Fixes #1160
2016-03-03 10:48:52 -05:00
750b33c51b
Add ability to control dev root token id with
...
VAULT_DEV_ROOT_TOKEN_ID env var, and change the CLI flag to match.
Ping #1160
2016-03-03 10:24:44 -05:00
8011148fb5
Allow specifying an initial root token ID in dev mode.
...
Ping #1160
2016-03-02 12:03:26 -05:00
1e65c4a01f
don't panic when config directory is empty
2016-02-12 16:40:19 -08:00
7e0d4bef3e
Add test for HA availability to command/server
2016-02-02 17:47:02 -05:00
a2bb51e7de
remove unneeded assignment
2016-02-02 15:11:35 -05:00
a5bf677bb3
Ensure that we fall back to Backend if HABackend is not specified.
2016-02-02 15:09:58 -05:00
5d7537ff85
Docs typo in server command
2016-01-28 08:26:49 +00:00
c642feebe2
Remove some outdated comments
2015-12-30 21:00:27 -05:00
e8e492f574
Fix ipv6 address advertisement
2015-12-22 21:40:36 +01:00
5017907785
Move telemetry metrics up to fix one possible race, but deeper problems in go-metrics can't be solved with this
2015-12-17 16:38:17 -05:00
db7a2083bf
Allow setting the advertise address via an environment variable.
...
Fixes #581
2015-12-14 21:22:55 -05:00
1e653442cd
Ensure advertise address detection runs without a specified HA backend
...
Ping #840
2015-12-14 21:13:27 -05:00
7ce8aff906
Address review feedback
2015-12-14 17:58:30 -05:00
ced0835574
Allow separate HA physical backend.
...
With no separate backend specified, HA will be attempted on the normal
physical backend.
Fixes #395 .
2015-12-14 07:59:58 -05:00
75f1c1e40c
Print version on startup.
...
Fixes #765
2015-11-09 13:52:55 -05:00
7b25204a19
Fix cache disabling
2015-10-28 13:05:56 -04:00
1da78942e8
Modifies documentation in output of vault server -dev
...
Environment variable setting is different in windows
2015-10-22 00:48:46 -07:00
0532682816
improve documentation for available log levels
2015-09-16 11:01:33 -06:00
3f45f3f41b
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 07:50:24 -07:00
4bad987e58
PR review updates
2015-07-30 13:21:41 -04:00
151ec72d00
Add configuration options for default lease duration and max lease duration.
2015-07-30 09:42:49 -04:00
0ec0b41aa3
Telemetry object in config
2015-07-14 15:36:28 -07:00
d2c048d870
Disable hostname prefix for runtime telemetry
2015-07-13 13:17:57 -07:00
7394c7bd8d
command/server: fixing output weirdness
2015-06-18 13:48:18 -07:00
6bc2b06de4
server: graceful shutdown for fast failover. Fixes #308
2015-06-17 18:24:56 -07:00
3a0e19cb4e
Merge pull request #270 from sheldonh/no_export_vault_token
...
Don't recommend exporting VAULT_TOKEN
2015-06-01 11:52:40 -04:00
8155b3927e
Add help info for -dev flag
2015-05-31 18:05:15 +02:00
6cda28f9e7
Don't recommend exporting VAULT_TOKEN
...
It's not needed by the dev server (which writes ~/.vault-token),
and breaks the Getting Started guide (e.g. #267 ).
2015-05-28 14:39:35 +02:00
a3ddd9ddb2
server: Minor copy change
2015-05-20 17:49:16 -07:00
b04332f8fc
Fail gracefully if a phys backend is not supplied
2015-05-18 22:55:12 -05:00
88d5d6a4c8
Use strconv.ParseBool
2015-05-15 16:41:30 -04:00
a2831b0144
Explicitly check if tls_disable == 1
2015-05-15 16:39:30 -04:00
bbddaff5c9
Make the VAULT_TOKEN and VAULT_ADDR copy-pastable in dev mode
...
This allows someone to quickly start a dev mode server and hit the ground
running without the need to copy-paste twice.
2015-05-07 18:32:40 -04:00
c76b59812e
command/server: Attempt advertise address detection
2015-05-02 15:57:40 -07:00
d29ada47eb
command/server: disable mlock in dev mode
2015-04-28 15:11:39 -07:00
006d4fccfd
command/server: allow disabling mlock
2015-04-28 15:09:30 -07:00
6898c60292
command/server: warning if no mlock
2015-04-28 15:04:40 -07:00
1346040c86
Update server.go
...
Did you mean "talking?" Or something else?
2015-04-28 14:01:45 -06:00
ff352c32fe
command/server: Catch error from core initialization. Fixes #42
2015-04-27 21:29:40 -07:00
ee254a332e
command/server: can set advertise addr
2015-04-17 12:56:31 -07:00
44b634c0d5
command/server: not HA possibilities when starting
2015-04-17 12:56:31 -07:00
f04d33b170
command/server: Enable telemetry. cc: @mitchellh
2015-04-14 18:44:09 -07:00
169666972a
command/server: env var for dev mode
2015-04-06 10:28:17 -07:00
8bfa12297d
builtin/audit: add file audit
2015-04-04 18:10:25 -07:00
929931175c
command/server: log levels
2015-04-04 12:11:10 -07:00
afc71d2a7b
command/server: cleaner output
2015-04-04 12:06:41 -07:00
cee51ddde9
command/server: support CredentialBackends
2015-04-01 15:48:13 -07:00
19283eb5f7
command/server: dev mode
2015-03-31 16:44:47 -07:00
86a6062ba2
main: enable AWS backend
2015-03-20 19:32:18 +01:00
f71f29b801
command/server: initial working
2015-03-13 12:53:08 -07:00
86c7a4c155
command/server: load config from flags
2015-03-12 15:30:07 -07:00
d88c20e293
command/server: add config loading
2015-03-12 15:21:11 -07:00
Jeff Mitchell