ed14061578
* Work on raft backend * Add logstore locally * Add encryptor and unsealable interfaces * Add clustering support to raft * Remove client and handler * Bootstrap raft on init * Cleanup raft logic a bit * More raft work * Work on TLS config * More work on bootstrapping * Fix build * More work on bootstrapping * More bootstrapping work * fix build * Remove consul dep * Fix build * merged oss/master into raft-storage * Work on bootstrapping * Get bootstrapping to work * Clean up FMS and node-id * Update local node ID logic * Cleanup node-id change * Work on snapshotting * Raft: Add remove peer API (#906) * Add remove peer API * Add some comments * Fix existing snapshotting (#909) * Raft get peers API (#912) * Read raft configuration * address review feedback * Use the Leadership Transfer API to step-down the active node (#918) * Raft join and unseal using Shamir keys (#917) * Raft join using shamir * Store AEAD instead of master key * Split the raft join process to answer the challenge after a successful unseal * get the follower to standby state * Make unseal work * minor changes * Some input checks * reuse the shamir seal access instead of new default seal access * refactor joinRaftSendAnswer function * Synchronously send answer in auto-unseal case * Address review feedback * Raft snapshots (#910) * Fix existing snapshotting * implement the noop snapshotting * Add comments and switch log libraries * add some snapshot tests * add snapshot test file * add TODO * More work on raft snapshotting * progress on the ConfigStore strategy * Don't use two buckets * Update the snapshot store logic to hide the file logic * Add more backend tests * Cleanup code a bit * [WIP] Raft recovery (#938) * Add recovery functionality * remove fmt.Printfs * Fix a few fsm bugs * Add max size value for raft backend (#942) * Add max size value for raft backend * Include physical.ErrValueTooLarge in the message * Raft snapshot Take/Restore API (#926) * Inital work on raft snapshot APIs * Always redirect snapshot install/download requests * More work on the snapshot APIs * Cleanup code a bit * On restore handle special cases * Use the seal to encrypt the sha sum file * Add sealer mechanism and fix some bugs * Call restore while state lock is held * Send restore cb trigger through raft log * Make error messages nicer * Add test helpers * Add snapshot test * Add shamir unseal test * Add more raft snapshot API tests * Fix locking * Change working to initalize * Add underlying raw object to test cluster core * Move leaderUUID to core * Add raft TLS rotation logic (#950) * Add TLS rotation logic * Cleanup logic a bit * Add/Remove from follower state on add/remove peer * add comments * Update more comments * Update request_forwarding_service.proto * Make sure we populate all nodes in the followerstate obj * Update times * Apply review feedback * Add more raft config setting (#947) * Add performance config setting * Add more config options and fix tests * Test Raft Recovery (#944) * Test raft recovery * Leave out a node during recovery * remove unused struct * Update physical/raft/snapshot_test.go * Update physical/raft/snapshot_test.go * fix vendoring * Switch to new raft interface * Remove unused files * Switch a gogo -> proto instance * Remove unneeded vault dep in go.sum * Update helper/testhelpers/testhelpers.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update vault/cluster/cluster.go * track active key within the keyring itself (#6915) * track active key within the keyring itself * lookup and store using the active key ID * update docstring * minor refactor * Small text fixes (#6912) * Update physical/raft/raft.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * review feedback * Move raft logical system into separate file * Update help text a bit * Enforce cluster addr is set and use it for raft bootstrapping * Fix tests * fix http test panic * Pull in latest raft-snapshot library * Add comment
99 lines
2.8 KiB
Go
99 lines
2.8 KiB
Go
package raft
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/json"
|
|
"io/ioutil"
|
|
)
|
|
|
|
// ReadPeersJSON consumes a legacy peers.json file in the format of the old JSON
|
|
// peer store and creates a new-style configuration structure. This can be used
|
|
// to migrate this data or perform manual recovery when running protocol versions
|
|
// that can interoperate with older, unversioned Raft servers. This should not be
|
|
// used once server IDs are in use, because the old peers.json file didn't have
|
|
// support for these, nor non-voter suffrage types.
|
|
func ReadPeersJSON(path string) (Configuration, error) {
|
|
// Read in the file.
|
|
buf, err := ioutil.ReadFile(path)
|
|
if err != nil {
|
|
return Configuration{}, err
|
|
}
|
|
|
|
// Parse it as JSON.
|
|
var peers []string
|
|
dec := json.NewDecoder(bytes.NewReader(buf))
|
|
if err := dec.Decode(&peers); err != nil {
|
|
return Configuration{}, err
|
|
}
|
|
|
|
// Map it into the new-style configuration structure. We can only specify
|
|
// voter roles here, and the ID has to be the same as the address.
|
|
var configuration Configuration
|
|
for _, peer := range peers {
|
|
server := Server{
|
|
Suffrage: Voter,
|
|
ID: ServerID(peer),
|
|
Address: ServerAddress(peer),
|
|
}
|
|
configuration.Servers = append(configuration.Servers, server)
|
|
}
|
|
|
|
// We should only ingest valid configurations.
|
|
if err := checkConfiguration(configuration); err != nil {
|
|
return Configuration{}, err
|
|
}
|
|
return configuration, nil
|
|
}
|
|
|
|
// configEntry is used when decoding a new-style peers.json.
|
|
type configEntry struct {
|
|
// ID is the ID of the server (a UUID, usually).
|
|
ID ServerID `json:"id"`
|
|
|
|
// Address is the host:port of the server.
|
|
Address ServerAddress `json:"address"`
|
|
|
|
// NonVoter controls the suffrage. We choose this sense so people
|
|
// can leave this out and get a Voter by default.
|
|
NonVoter bool `json:"non_voter"`
|
|
}
|
|
|
|
// ReadConfigJSON reads a new-style peers.json and returns a configuration
|
|
// structure. This can be used to perform manual recovery when running protocol
|
|
// versions that use server IDs.
|
|
func ReadConfigJSON(path string) (Configuration, error) {
|
|
// Read in the file.
|
|
buf, err := ioutil.ReadFile(path)
|
|
if err != nil {
|
|
return Configuration{}, err
|
|
}
|
|
|
|
// Parse it as JSON.
|
|
var peers []configEntry
|
|
dec := json.NewDecoder(bytes.NewReader(buf))
|
|
if err := dec.Decode(&peers); err != nil {
|
|
return Configuration{}, err
|
|
}
|
|
|
|
// Map it into the new-style configuration structure.
|
|
var configuration Configuration
|
|
for _, peer := range peers {
|
|
suffrage := Voter
|
|
if peer.NonVoter {
|
|
suffrage = Nonvoter
|
|
}
|
|
server := Server{
|
|
Suffrage: suffrage,
|
|
ID: peer.ID,
|
|
Address: peer.Address,
|
|
}
|
|
configuration.Servers = append(configuration.Servers, server)
|
|
}
|
|
|
|
// We should only ingest valid configurations.
|
|
if err := checkConfiguration(configuration); err != nil {
|
|
return Configuration{}, err
|
|
}
|
|
return configuration, nil
|
|
}
|