Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault 6773/raft rejoin nonvoter #16324

Merged
merged 4 commits into from Jul 18, 2022
Merged

Vault 6773/raft rejoin nonvoter #16324

merged 4 commits into from Jul 18, 2022

Conversation

mpalmi
Copy link
Contributor

@mpalmi mpalmi commented Jul 18, 2022

raft: Ensure init before setting suffrage

@mpalmi mpalmi force-pushed the VAULT-6773/raft-rejoin-nonvoter branch from 2e5dd8d to 434a813 Compare July 18, 2022 14:30
@mladlow mladlow added this to the 1.9.8 milestone Jul 18, 2022
@mpalmi
raft: Ensure init before setting suffrage
31c4da9 
As reported in https://hashicorp.atlassian.net/browse/VAULT-6773:

	The /sys/storage/raft/join endpoint is intended to be unauthenticated. We rely
	on the seal to manage trust.

	It’s possible to use multiple join requests to switch nodes from voter to
	non-voter. The screenshot shows a 3 node cluster where vault_2 is the leader,
	and vault_3 and vault_4 are followers with non-voters set to false.  sent two
	requests to the raft join endpoint to have vault_3 and vault_4 join the cluster
	with non_voters:true.

This commit fixes the issue by delaying the call to SetDesiredSuffrage until after
the initialization check, preventing unauthenticated mangling of voter status.

Tested locally using
https://github.com/hashicorp/vault-tools/blob/main/users/ncabatoff/cluster/raft.sh
and the reproducer outlined in VAULT-6773.
@mpalmi
raft: Return join err on failure
1a19070 
This is necessary to correctly distinguish errors returned from the Join
workflow. Previously, errors were being masked as timeouts.
@mpalmi
raft: Default autopilot parameters in teststorage
667711e 
Change some defaults so we don't have to pass in parameters or set them
in the originating tests. These storage types are only used in two
places:

1) Raft HA testing
2) Seal migration testing

Both consumers have been tested and pass with this change.
@mpalmi mpalmi force-pushed the VAULT-6773/raft-rejoin-nonvoter branch from 434a813 to 1f1b484 Compare July 18, 2022 15:39
@mpalmi mpalmi force-pushed the VAULT-6773/raft-rejoin-nonvoter branch from 1f1b484 to 1a54726 Compare July 18, 2022 15:43
@mpalmi mpalmi added backport/1.9.x bug Used to indicate a potential bug labels Jul 18, 2022
hghaf099
hghaf099 approved these changes Jul 18, 2022
View reviewed changes
Copy link
Contributor

@hghaf099 hghaf099 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mpalmi mpalmi merged commit cc64092 into main Jul 18, 2022
@mpalmi mpalmi deleted the VAULT-6773/raft-rejoin-nonvoter branch July 18, 2022 18:37
This was referenced Jul 18, 2022
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VioletHynes VioletHynes VioletHynes approved these changes

@hghaf099 hghaf099 hghaf099 approved these changes

@hc-github-team-secure-vault-core hc-github-team-secure-vault-core Awaiting requested review from hc-github-team-secure-vault-core

Assignees
No one assigned
Labels
bug Used to indicate a potential bug
Projects
None yet
Milestone
1.9.8
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@mpalmi @VioletHynes @hghaf099 @mladlow