Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support systemd notifications after communication with a physical backend is established #5079

Open
jen20 opened this issue Aug 9, 2018 · 4 comments
Open

Support systemd notifications after communication with a physical backend is established #5079

jen20 opened this issue Aug 9, 2018 · 4 comments
Labels
core Issues and Pull-Requests specific to Vault Core enhancement feature-request

Comments

@jen20
Copy link
Contributor

jen20 commented Aug 9, 2018

Is your feature request related to a problem? Please describe.

There is no good way right now to chain systemd jobs from a Vault server and have them start only when that Vault server is ready to accept "requests" (usually an unseal).

Describe the solution you'd like

The same solution that Consul has implemented - the ability to notify systemd when startup is complete and the system is ready to handle requests. This was merged here: hashicorp/consul#3164
@jefferai
Copy link
Member

Sounds neat, would you be willing to submit a PR?

@JulienBalestra
Copy link
Contributor

I'm interested by this feature in the vault agent too.
I'd like to know if it's possible to submit a PR with the coreos library sdnotify for this ?

@chmarr
Copy link

chmarr commented Apr 9, 2019

A simple workaround would be to add a ExecStartPost to the vault.service, through a drop-in (/etc/systemd/system/vault.service.d/mything.conf)

The ExecStartPost program would wait until vault became ready – perhaps by test-polling – then exit.

vault.service will not become "activated" until all the ExecStartPost commands have completed successfully, and thus "After=vault.service" services will not be started until that point.

systemd-notify support directly in the application is considerably cleaner, though.

@catsby catsby added feature-request core Issues and Pull-Requests specific to Vault Core labels Nov 8, 2019
bmhughes added a commit to sous-chefs/hashicorp-vault that referenced this issue Jan 9, 2021
@bmhughes
Improve robustness of systemd service configuration
8d5eedd 
This is as good as we can get until
hashicorp/vault#5079 is merged.

Restarts will still NOT cause a Chef run failure, although any
subsequest starts WILL.
bmhughes added a commit to sous-chefs/hashicorp-vault that referenced this issue Jan 9, 2021
@bmhughes
Improve robustness of systemd service configuration
3e4394b 
This is as good as we can get until
hashicorp/vault#5079 is merged.

Notified restarts will still NOT cause a Chef run failure, although any
subsequest (re)starts WILL.
bmhughes added a commit to sous-chefs/hashicorp-vault that referenced this issue Jan 13, 2021
@bmhughes
Improve robustness of systemd service configuration
8dbc64a 
This is as good as we can get until
hashicorp/vault#5079 is merged.

Notified restarts will still NOT cause a Chef run failure, although any
subsequest (re)starts WILL.
bmhughes added a commit to sous-chefs/hashicorp-vault that referenced this issue Jan 13, 2021
@bmhughes
Improve robustness of systemd service configuration
978e721 
This is as good as we can get until
hashicorp/vault#5079 is merged.

Notified restarts will still NOT cause a Chef run failure, although any
subsequest (re)starts WILL.
bmhughes added a commit to sous-chefs/hashicorp-vault that referenced this issue Jan 13, 2021
@bmhughes
Improve robustness of systemd service configuration
abdc55b 
This is as good as we can get until
hashicorp/vault#5079 is merged.

Notified restarts will still NOT cause a Chef run failure, although any
subsequest (re)starts WILL.
@aphorise
Copy link
Contributor

aphorise commented Sep 2, 2022

@JulienBalestra there was #9802 as a recent systemd inclusion for agents which may be of interest if anyone wants to propose a DR for what's asked.

Aside from the suggestion from @chmarr - I'm thinking it may actually be a bit more of a challenge in the case of all 20+ storage backend types to do this. What may be an another approach is to have a read (like continues KV2 read) or some other event watched for in TRACE level logs of Vault for something unique to when everything is in sync / ready.

@jen20 can confirm how this is relevant for you still?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core Issues and Pull-Requests specific to Vault Core enhancement feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jefferai @catsby @chmarr @jen20 @aphorise @JulienBalestra @hsimon-hashicorp