diff --git a/CHANGELOG.md b/CHANGELOG.md index c8cf359e786c9..92a21cd1a452a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ DEPRECATIONS/BREAKING CHANGES: IMPROVEMENTS: * api: API client now uses a 30 second timeout instead of indefinite [GH-681] + * core: The physical storage read cache can now be disabled via "disable_cache" [GH-674] * core: Tokens can now renew themselves [GH-455] * core: Base64-encoded PGP keys can be used with the CLI for `init` and `rekey` operations [GH-653] * logical: Responses now contain a "warnings" key containing a list of warnings returned from the server. These are conditions that did not require failing an operation, but of which the client should be aware. [GH-676] diff --git a/command/server/config.go b/command/server/config.go index d9d8764edd7d5..073b42e0242c6 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -18,6 +18,7 @@ type Config struct { Listeners []*Listener `hcl:"-"` Backend *Backend `hcl:"-"` + DisableCache bool `hcl:"disable_cache"` DisableMlock bool `hcl:"disable_mlock"` Telemetry *Telemetry `hcl:"telemetry"` @@ -31,6 +32,7 @@ type Config struct { // DevConfig is a Config that is used for dev mode of Vault. func DevConfig() *Config { return &Config{ + DisableCache: false, DisableMlock: true, Backend: &Backend{ @@ -106,7 +108,12 @@ func (c *Config) Merge(c2 *Config) *Config { result.Telemetry = c2.Telemetry } - // merging this boolean via an OR operation + // merging these booleans via an OR operation + result.DisableCache = c.DisableCache + if c2.DisableCache { + result.DisableCache = c2.DisableCache + } + result.DisableMlock = c.DisableMlock if c2.DisableMlock { result.DisableMlock = c2.DisableMlock diff --git a/command/server/config_test.go b/command/server/config_test.go index 95456424c1b0b..020493defc93b 100644 --- a/command/server/config_test.go +++ b/command/server/config_test.go @@ -36,6 +36,7 @@ func TestLoadConfigFile(t *testing.T) { DisableHostname: false, }, + DisableCache: true, DisableMlock: true, MaxLeaseTTL: 10 * time.Hour, @@ -128,6 +129,7 @@ func TestLoadConfigDir(t *testing.T) { } expected := &Config{ + DisableCache: true, DisableMlock: true, Listeners: []*Listener{ diff --git a/command/server/test-fixtures/config-dir/foo.hcl b/command/server/test-fixtures/config-dir/foo.hcl index 068e9ee1c34f2..00d1a3c603c58 100644 --- a/command/server/test-fixtures/config-dir/foo.hcl +++ b/command/server/test-fixtures/config-dir/foo.hcl @@ -1,3 +1,4 @@ +disable_cache = true disable_mlock = true backend "consul" { diff --git a/command/server/test-fixtures/config.hcl b/command/server/test-fixtures/config.hcl index 3d13a13c1ea8d..e945d612c3181 100644 --- a/command/server/test-fixtures/config.hcl +++ b/command/server/test-fixtures/config.hcl @@ -1,3 +1,4 @@ +disable_cache = true disable_mlock = true statsd_addr = "bar" statsite_addr = "foo" diff --git a/website/source/docs/config/index.html.md b/website/source/docs/config/index.html.md index b4faba5c354c1..799d2afb5dced 100644 --- a/website/source/docs/config/index.html.md +++ b/website/source/docs/config/index.html.md @@ -42,6 +42,10 @@ to specify where the configuration is. "tcp" is currently the only option available. A full reference for the inner syntax is below. +* `disable_cache` (optional) - A boolean. If true, this will disable the + read cache used by the physical storage subsystem. This will very + significantly impact performance. + * `disable_mlock` (optional) - A boolean. If true, this will disable the server from executing the `mlock` syscall to prevent memory from being swapped to disk. This is not recommended in production (see below).