New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault-driven Consul TTL checks #1349
Commits on Apr 26, 2016
-
Configuration menu - View commit details
-
Copy full SHA for f2dc2f6 - Browse repository at this point
Copy the full SHA f2dc2f6View commit details -
Stub out service discovery functionality
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
Configuration menu - View commit details
-
Copy full SHA for bd5305e - Browse repository at this point
Copy the full SHA bd5305eView commit details -
Update vendor'ed version of hashicorp/consul/lib
Note: Godeps.json not updated
Configuration menu - View commit details
-
Copy full SHA for 0d3ce59 - Browse repository at this point
Copy the full SHA 0d3ce59View commit details -
Teach Vault how to register with Consul
Vault will now register itself with Consul. The active node can be found using `active.vault.service.consul`. All standby vaults are available via `standby.vault.service.consul`. All unsealed vaults are considered healthy and available via `vault.service.consul`. Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)). Healthy/active: ``` curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo; [ { "Node": { "Node": "vm1", "Address": "127.0.0.1", "TaggedAddresses": { "wan": "127.0.0.1" }, "CreateIndex": 3, "ModifyIndex": 20 }, "Service": { "ID": "vault:127.0.0.1:8200", "Service": "vault", "Tags": [ "active" ], "Address": "127.0.0.1", "Port": 8200, "EnableTagOverride": false, "CreateIndex": 17, "ModifyIndex": 20 }, "Checks": [ { "Node": "vm1", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm1", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "passing", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "", "ServiceID": "vault:127.0.0.1:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 19 } ] } ] ``` Healthy/standby: ``` [snip] "Service": { "ID": "vault:127.0.0.2:8200", "Service": "vault", "Tags": [ "standby" ], "Address": "127.0.0.2", "Port": 8200, "EnableTagOverride": false, "CreateIndex": 17, "ModifyIndex": 20 }, "Checks": [ { "Node": "vm2", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm2", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "passing", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "", "ServiceID": "vault:127.0.0.2:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 19 } ] } ] ``` Sealed: ``` "Checks": [ { "Node": "vm2", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm2", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "critical", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "Vault Sealed", "ServiceID": "vault:127.0.0.2:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 38 } ] ```
Configuration menu - View commit details
-
Copy full SHA for c0bbeba - Browse repository at this point
Copy the full SHA c0bbebaView commit details -
Configuration menu - View commit details
-
Copy full SHA for afa6c22 - Browse repository at this point
Copy the full SHA afa6c22View commit details -
Configuration menu - View commit details
-
Copy full SHA for c92f9cb - Browse repository at this point
Copy the full SHA c92f9cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for e54c990 - Browse repository at this point
Copy the full SHA e54c990View commit details -
Improve error handling re: homedir expansion
Useful if the HOME envvar is not set because `vault` was launched in a clean environment (e.g. `env -i vault ...`).
Configuration menu - View commit details
-
Copy full SHA for 9a21151 - Browse repository at this point
Copy the full SHA 9a21151View commit details -
Configuration menu - View commit details
-
Copy full SHA for 40a3c53 - Browse repository at this point
Copy the full SHA 40a3c53View commit details -
Various refactoring to clean up code organization
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
Configuration menu - View commit details
-
Copy full SHA for 53dd436 - Browse repository at this point
Copy the full SHA 53dd436View commit details -
Use spaces in tests to be consistent
The rest of the tests here use spaces, not tabs
Configuration menu - View commit details
-
Copy full SHA for 3e43da2 - Browse repository at this point
Copy the full SHA 3e43da2View commit details -
Consistently skip Consul checks
Hide all Consul checks behind `CONSUL_HTTP_ADDR` env vs `CONSUL_ADDR` which is non-standard.
Configuration menu - View commit details
-
Copy full SHA for 1601508 - Browse repository at this point
Copy the full SHA 1601508View commit details -
Configuration menu - View commit details
-
Copy full SHA for 529f3e5 - Browse repository at this point
Copy the full SHA 529f3e5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 38a3ea3 - Browse repository at this point
Copy the full SHA 38a3ea3View commit details -
Add a small bit of wording re:
disable_registration
Consul service registration for Vault requires Consul 0.6.4.
Configuration menu - View commit details
-
Copy full SHA for f1c170e - Browse repository at this point
Copy the full SHA f1c170eView commit details -
Persistently retry to update service registration
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second. Allow for concurrent changes to the state with a single registration updater. Fix standby initialization.
Configuration menu - View commit details
-
Copy full SHA for f4e1594 - Browse repository at this point
Copy the full SHA f4e1594View commit details -
Configuration menu - View commit details
-
Copy full SHA for 85ca7b3 - Browse repository at this point
Copy the full SHA 85ca7b3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9647f2e - Browse repository at this point
Copy the full SHA 9647f2eView commit details -
Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.
Configuration menu - View commit details
-
Copy full SHA for 341abca - Browse repository at this point
Copy the full SHA 341abcaView commit details -
Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.
Configuration menu - View commit details
-
Copy full SHA for 00d1e5a - Browse repository at this point
Copy the full SHA 00d1e5aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4db1635 - Browse repository at this point
Copy the full SHA 4db1635View commit details