Documentation ¶
Index ¶
- Constants
- Variables
- func EnsurePath(path string, dir bool) error
- func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend, error)
- func NewRaftLayer(logger log.Logger, raftTLSKeyring *TLSKeyring, ...) (*raftLayer, error)
- type AutopilotConfig
- type AutopilotServer
- type AutopilotState
- type BoltSnapshotSink
- type BoltSnapshotStore
- func (f *BoltSnapshotStore) Create(version raft.SnapshotVersion, index, term uint64, ...) (raft.SnapshotSink, error)
- func (f *BoltSnapshotStore) List() ([]*raft.SnapshotMeta, error)
- func (f *BoltSnapshotStore) Open(id string) (*raft.SnapshotMeta, io.ReadCloser, error)
- func (f *BoltSnapshotStore) ReapSnapshots() error
- type CleanupDeadServersValue
- type ConfigurationValue
- func (*ConfigurationValue) Descriptor() ([]byte, []int)deprecated
- func (x *ConfigurationValue) GetIndex() uint64
- func (x *ConfigurationValue) GetServers() []*Server
- func (*ConfigurationValue) ProtoMessage()
- func (x *ConfigurationValue) ProtoReflect() protoreflect.Message
- func (x *ConfigurationValue) Reset()
- func (x *ConfigurationValue) String() string
- type Delegate
- func (d *Delegate) AutopilotConfig() *autopilot.Config
- func (d *Delegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats
- func (d *Delegate) KnownServers() map[raft.ServerID]*autopilot.Server
- func (d *Delegate) NotifyState(state *autopilot.State)
- func (d *Delegate) RemoveFailedServer(server *autopilot.Server)
- type FSM
- func (f *FSM) Apply(log *raft.Log) interface{}
- func (f *FSM) ApplyBatch(logs []*raft.Log) []interface{}
- func (f *FSM) Close() error
- func (f *FSM) Delete(ctx context.Context, path string) error
- func (f *FSM) DeletePrefix(ctx context.Context, prefix string) error
- func (f *FSM) DesiredSuffrage() string
- func (f *FSM) Get(ctx context.Context, path string) (*physical.Entry, error)
- func (f *FSM) LatestState() (*IndexValue, *ConfigurationValue)
- func (f *FSM) List(ctx context.Context, prefix string) ([]string, error)
- func (f *FSM) Put(ctx context.Context, entry *physical.Entry) error
- func (f *FSM) Restore(r io.ReadCloser) error
- func (f *FSM) SetNoopRestore(enabled bool)
- func (f *FSM) Snapshot() (raft.FSMSnapshot, error)
- func (f *FSM) Transaction(ctx context.Context, txns []*physical.TxnEntry) error
- type FSMApplyResponse
- type FSMChunkStorage
- func (f *FSMChunkStorage) FinalizeOp(opNum uint64) ([]*raftchunking.ChunkInfo, error)
- func (f *FSMChunkStorage) GetChunks() (raftchunking.ChunkMap, error)
- func (f *FSMChunkStorage) RestoreChunks(chunks raftchunking.ChunkMap) error
- func (f *FSMChunkStorage) StoreChunk(chunk *raftchunking.ChunkInfo) (bool, error)
- type FollowerState
- type FollowerStates
- type IndexValue
- type LeaderJoinInfo
- type LocalNodeConfigValue
- func (*LocalNodeConfigValue) Descriptor() ([]byte, []int)deprecated
- func (x *LocalNodeConfigValue) GetDesiredSuffrage() string
- func (*LocalNodeConfigValue) ProtoMessage()
- func (x *LocalNodeConfigValue) ProtoReflect() protoreflect.Message
- func (x *LocalNodeConfigValue) Reset()
- func (x *LocalNodeConfigValue) String() string
- type LogData
- type LogOperation
- func (*LogOperation) Descriptor() ([]byte, []int)deprecated
- func (x *LogOperation) GetFlags() uint64
- func (x *LogOperation) GetKey() string
- func (x *LogOperation) GetOpType() uint32
- func (x *LogOperation) GetValue() []byte
- func (*LogOperation) ProtoMessage()
- func (x *LogOperation) ProtoReflect() protoreflect.Message
- func (x *LogOperation) Reset()
- func (x *LogOperation) String() string
- type Peer
- type RaftBackend
- func (b *RaftBackend) AddNonVotingPeer(ctx context.Context, peerID, clusterAddr string) error
- func (b *RaftBackend) AddPeer(ctx context.Context, peerID, clusterAddr string) error
- func (b *RaftBackend) AppliedIndex() uint64
- func (b *RaftBackend) AutopilotConfig() *AutopilotConfig
- func (b *RaftBackend) AutopilotDisabled() bool
- func (b *RaftBackend) Bootstrap(peers []Peer) error
- func (b *RaftBackend) Close() error
- func (b *RaftBackend) CommittedIndex() uint64
- func (b *RaftBackend) Delete(ctx context.Context, path string) error
- func (b *RaftBackend) DesiredSuffrage() string
- func (b *RaftBackend) DisableAutopilot()
- func (b *RaftBackend) Get(ctx context.Context, path string) (*physical.Entry, error)
- func (b *RaftBackend) GetAutopilotServerState(ctx context.Context) (*AutopilotState, error)
- func (b *RaftBackend) GetConfiguration(ctx context.Context) (*RaftConfigurationResponse, error)
- func (b *RaftBackend) HAEnabled() bool
- func (b *RaftBackend) HasState() (bool, error)
- func (b *RaftBackend) Initialized() bool
- func (b *RaftBackend) JoinConfig() ([]*LeaderJoinInfo, error)
- func (b *RaftBackend) List(ctx context.Context, prefix string) ([]string, error)
- func (b *RaftBackend) LockWith(key, value string) (physical.Lock, error)
- func (b *RaftBackend) NodeID() string
- func (b *RaftBackend) Peers(ctx context.Context) ([]Peer, error)
- func (b *RaftBackend) Put(ctx context.Context, entry *physical.Entry) error
- func (b *RaftBackend) RemovePeer(ctx context.Context, peerID string) error
- func (b *RaftBackend) RestoreSnapshot(ctx context.Context, metadata raft.SnapshotMeta, snap io.Reader) error
- func (b *RaftBackend) SetAutopilotConfig(config *AutopilotConfig)
- func (b *RaftBackend) SetDesiredSuffrage(nonVoter bool) error
- func (r *RaftBackend) SetFSMApplyCallback(f func())
- func (r *RaftBackend) SetFSMDelay(delay time.Duration)
- func (b *RaftBackend) SetFollowerStates(states *FollowerStates)
- func (b *RaftBackend) SetRestoreCallback(restoreCb restoreCallback)
- func (b *RaftBackend) SetServerAddressProvider(provider raft.ServerAddressProvider)
- func (b *RaftBackend) SetTLSKeyring(keyring *TLSKeyring) error
- func (b *RaftBackend) SetupAutopilot(ctx context.Context, storageConfig *AutopilotConfig, ...)
- func (b *RaftBackend) SetupCluster(ctx context.Context, opts SetupOpts) error
- func (b *RaftBackend) Snapshot(out io.Writer, access *seal.Access) error
- func (b *RaftBackend) SnapshotHTTP(out *logical.HTTPResponseWriter, access *seal.Access) error
- func (b *RaftBackend) StartRecoveryCluster(ctx context.Context, peer Peer) error
- func (b *RaftBackend) StopAutopilot()
- func (b *RaftBackend) TeardownCluster(clusterListener cluster.ClusterHook) error
- func (b *RaftBackend) Term() uint64
- func (b *RaftBackend) Transaction(ctx context.Context, txns []*physical.TxnEntry) error
- func (b *RaftBackend) WriteSnapshotToTemp(in io.ReadCloser, access *seal.Access) (*os.File, func(), raft.SnapshotMeta, error)
- type RaftConfigurationResponse
- type RaftLock
- type RaftServer
- type ReadCloser
- type ReadableDuration
- type Reader
- type Server
- func (*Server) Descriptor() ([]byte, []int)deprecated
- func (x *Server) GetAddress() string
- func (x *Server) GetId() string
- func (x *Server) GetSuffrage() int32
- func (*Server) ProtoMessage()
- func (x *Server) ProtoReflect() protoreflect.Message
- func (x *Server) Reset()
- func (x *Server) String() string
- type SetupOpts
- type TLSKey
- type TLSKeyring
- type WriteCloser
- type Writer
Constants ¶
const EnvVaultRaftNodeID = "VAULT_RAFT_NODE_ID"
EnvVaultRaftNodeID is used to fetch the Raft node ID from the environment.
const EnvVaultRaftPath = "VAULT_RAFT_PATH"
EnvVaultRaftPath is used to fetch the path where Raft data is stored from the environment.
Variables ¶
var File_physical_raft_types_proto protoreflect.FileDescriptor
Functions ¶
func EnsurePath ¶
EnsurePath is used to make sure a path exists
func NewRaftBackend ¶
NewRaftBackend constructs a RaftBackend using the given directory
func NewRaftLayer ¶
func NewRaftLayer(logger log.Logger, raftTLSKeyring *TLSKeyring, clusterListener cluster.ClusterHook) (*raftLayer, error)
NewRaftLayer creates a new raftLayer object. It parses the TLS information from the network config.
Types ¶
type AutopilotConfig ¶ added in v1.7.0
type AutopilotConfig struct { // CleanupDeadServers controls whether to remove dead servers from the Raft // peer list periodically or when a new server joins. CleanupDeadServers bool `mapstructure:"cleanup_dead_servers"` // CleanupDeadServersValue is used to shadow the CleanupDeadServers field in // storage. Having it as an int helps in knowing if the value was set explicitly // using the API or not. CleanupDeadServersValue CleanupDeadServersValue `mapstructure:"cleanup_dead_servers_value"` // LastContactThreshold is the limit on the amount of time a server can go // without leader contact before being considered unhealthy. LastContactThreshold time.Duration `mapstructure:"-"` // DeadServerLastContactThreshold is the limit on the amount of time a server // can go without leader contact before being considered failed. This takes // effect only when CleanupDeadServers is set. DeadServerLastContactThreshold time.Duration `mapstructure:"-"` // MaxTrailingLogs is the amount of entries in the Raft Log that a server can // be behind before being considered unhealthy. MaxTrailingLogs uint64 `mapstructure:"max_trailing_logs"` // MinQuorum sets the minimum number of servers allowed in a cluster before // autopilot can prune dead servers. MinQuorum uint `mapstructure:"min_quorum"` // ServerStabilizationTime is the minimum amount of time a server must be in a // stable, healthy state before it can be added to the cluster. Only applicable // with Raft protocol version 3 or higher. ServerStabilizationTime time.Duration `mapstructure:"-"` }
AutopilotConfig is used for querying/setting the Autopilot configuration.
func (*AutopilotConfig) Clone ¶ added in v1.7.0
func (ac *AutopilotConfig) Clone() *AutopilotConfig
Clone returns a duplicate instance of AutopilotConfig with the exact same values.
func (*AutopilotConfig) MarshalJSON ¶ added in v1.7.0
func (ac *AutopilotConfig) MarshalJSON() ([]byte, error)
MarshalJSON makes the autopilot config fields JSON compatible
func (*AutopilotConfig) Merge ¶ added in v1.7.0
func (to *AutopilotConfig) Merge(from *AutopilotConfig)
Merge combines the supplied config with the receiver. Supplied ones take priority.
func (*AutopilotConfig) UnmarshalJSON ¶ added in v1.7.0
func (ac *AutopilotConfig) UnmarshalJSON(b []byte) error
UnmarshalJSON parses the autopilot config JSON blob
type AutopilotServer ¶ added in v1.7.0
type AutopilotServer struct { ID string `json:"id"` Name string `json:"name"` Address string `json:"address"` NodeStatus string `json:"node_status"` LastContact *ReadableDuration `json:"last_contact"` LastTerm uint64 `json:"last_term"` LastIndex uint64 `json:"last_index"` Healthy bool `json:"healthy"` StableSince time.Time `json:"stable_since"` Status string `json:"status"` Meta map[string]string `json:"meta"` }
AutopilotServer represents the health information of individual server node retrieved from autopilot.
type AutopilotState ¶ added in v1.7.0
type AutopilotState struct { Healthy bool `json:"healthy"` FailureTolerance int `json:"failure_tolerance"` Servers map[string]*AutopilotServer `json:"servers"` Leader string `json:"leader"` Voters []string `json:"voters"` NonVoters []string `json:"non_voters,omitempty"` }
AutopilotState represents the health information retrieved from autopilot.
type BoltSnapshotSink ¶
type BoltSnapshotSink struct {
// contains filtered or unexported fields
}
BoltSnapshotSink implements SnapshotSink optionally choosing to write to a file.
func (*BoltSnapshotSink) Cancel ¶
func (s *BoltSnapshotSink) Cancel() error
Cancel is used to indicate an unsuccessful end.
func (*BoltSnapshotSink) Close ¶
func (s *BoltSnapshotSink) Close() error
Close is used to indicate a successful end.
func (*BoltSnapshotSink) ID ¶
func (s *BoltSnapshotSink) ID() string
ID returns the ID of the snapshot, can be used with Open() after the snapshot is finalized.
type BoltSnapshotStore ¶
type BoltSnapshotStore struct {
// contains filtered or unexported fields
}
BoltSnapshotStore implements the SnapshotStore interface and allows snapshots to be stored in BoltDB files on local disk. Since we always have an up to date FSM we use a special snapshot ID to indicate that the snapshot can be pulled from the BoltDB file that is currently backing the FSM. This allows us to provide just-in-time snapshots without doing incremental data dumps.
When a snapshot is being installed on the node we will Create and Write data to it. This will cause the snapshot store to create a new BoltDB file and write the snapshot data to it. Then, we can simply rename the snapshot to the FSM's filename. This allows us to atomically install the snapshot and reduces the amount of disk i/o. Older snapshots are reaped on startup and before each subsequent snapshot write. This ensures we only have one snapshot on disk at a time.
func NewBoltSnapshotStore ¶
NewBoltSnapshotStore creates a new BoltSnapshotStore based on a base directory.
func (*BoltSnapshotStore) Create ¶
func (f *BoltSnapshotStore) Create(version raft.SnapshotVersion, index, term uint64, configuration raft.Configuration, configurationIndex uint64, trans raft.Transport) (raft.SnapshotSink, error)
Create is used to start a new snapshot
func (*BoltSnapshotStore) List ¶
func (f *BoltSnapshotStore) List() ([]*raft.SnapshotMeta, error)
List returns available snapshots in the store. It only returns bolt snapshots. No snapshot will be returned if there are no indexes in the FSM.
func (*BoltSnapshotStore) Open ¶
func (f *BoltSnapshotStore) Open(id string) (*raft.SnapshotMeta, io.ReadCloser, error)
Open takes a snapshot ID and returns a ReadCloser for that snapshot.
func (*BoltSnapshotStore) ReapSnapshots ¶
func (f *BoltSnapshotStore) ReapSnapshots() error
ReapSnapshots reaps all snapshots.
type CleanupDeadServersValue ¶ added in v1.7.0
type CleanupDeadServersValue int
const ( CleanupDeadServersUnset CleanupDeadServersValue = 0 CleanupDeadServersTrue CleanupDeadServersValue = 1 CleanupDeadServersFalse CleanupDeadServersValue = 2 )
func (CleanupDeadServersValue) Value ¶ added in v1.7.0
func (c CleanupDeadServersValue) Value() bool
type ConfigurationValue ¶
type ConfigurationValue struct { Index uint64 `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"` Servers []*Server `protobuf:"bytes,2,rep,name=servers,proto3" json:"servers,omitempty"` // contains filtered or unexported fields }
func (*ConfigurationValue) Descriptor
deprecated
func (*ConfigurationValue) Descriptor() ([]byte, []int)
Deprecated: Use ConfigurationValue.ProtoReflect.Descriptor instead.
func (*ConfigurationValue) GetIndex ¶
func (x *ConfigurationValue) GetIndex() uint64
func (*ConfigurationValue) GetServers ¶
func (x *ConfigurationValue) GetServers() []*Server
func (*ConfigurationValue) ProtoMessage ¶
func (*ConfigurationValue) ProtoMessage()
func (*ConfigurationValue) ProtoReflect ¶ added in v1.5.0
func (x *ConfigurationValue) ProtoReflect() protoreflect.Message
func (*ConfigurationValue) Reset ¶
func (x *ConfigurationValue) Reset()
func (*ConfigurationValue) String ¶
func (x *ConfigurationValue) String() string
type Delegate ¶ added in v1.7.0
type Delegate struct { *RaftBackend // contains filtered or unexported fields }
Delegate is an implementation of autopilot.ApplicationIntegration interface. This is used by the autopilot library to retrieve information and to have application specific tasks performed.
func (*Delegate) AutopilotConfig ¶ added in v1.7.0
AutopilotConfig is called by the autopilot library to know the desired autopilot configuration.
func (*Delegate) FetchServerStats ¶ added in v1.7.0
func (d *Delegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats
FetchServerStats is called by the autopilot library to retrieve information about all the nodes in the raft cluster.
func (*Delegate) KnownServers ¶ added in v1.7.0
KnownServers is called by the autopilot library to know the status of each node in the raft cluster. If the application thinks that certain nodes left, it is here that we let the autopilot library know of the same.
func (*Delegate) NotifyState ¶ added in v1.7.0
NotifyState is called by the autopilot library whenever there is a state change. We update a few metrics when this happens.
func (*Delegate) RemoveFailedServer ¶ added in v1.7.0
RemoveFailedServer is called by the autopilot library when it desires a node to be removed from the raft configuration. This function removes the node from the raft cluster and stops tracking its information in follower states. This function needs to return quickly. Hence removal is performed in a goroutine.
type FSM ¶
type FSM struct {
// contains filtered or unexported fields
}
FSM is Vault's primary state storage. It writes updates to an bolt db file that lives on local disk. FSM implements raft.FSM and physical.Backend interfaces.
func (*FSM) ApplyBatch ¶ added in v1.3.0
ApplyBatch will apply a set of logs to the FSM. This is called from the raft library.
func (*FSM) DeletePrefix ¶
Delete deletes the given key from the bolt file.
func (*FSM) DesiredSuffrage ¶ added in v1.7.0
func (*FSM) LatestState ¶
func (f *FSM) LatestState() (*IndexValue, *ConfigurationValue)
LatestState returns the latest index and configuration values we have seen on this FSM.
func (*FSM) Restore ¶
func (f *FSM) Restore(r io.ReadCloser) error
Restore installs a new snapshot from the provided reader. It does an atomic rename of the snapshot file into the database filepath. While a restore is happening the FSM is locked and no writes or reads can be performed.
func (*FSM) SetNoopRestore ¶
SetNoopRestore is used to disable restore operations on raft startup. Because we are using persistent storage in our FSM we do not need to issue a restore on startup.
type FSMApplyResponse ¶
type FSMApplyResponse struct {
Success bool
}
FSMApplyResponse is returned from an FSM apply. It indicates if the apply was successful or not.
type FSMChunkStorage ¶
type FSMChunkStorage struct {
// contains filtered or unexported fields
}
func (*FSMChunkStorage) FinalizeOp ¶
func (f *FSMChunkStorage) FinalizeOp(opNum uint64) ([]*raftchunking.ChunkInfo, error)
func (*FSMChunkStorage) GetChunks ¶
func (f *FSMChunkStorage) GetChunks() (raftchunking.ChunkMap, error)
func (*FSMChunkStorage) RestoreChunks ¶
func (f *FSMChunkStorage) RestoreChunks(chunks raftchunking.ChunkMap) error
func (*FSMChunkStorage) StoreChunk ¶
func (f *FSMChunkStorage) StoreChunk(chunk *raftchunking.ChunkInfo) (bool, error)
type FollowerState ¶ added in v1.7.0
type FollowerState struct { AppliedIndex uint64 LastHeartbeat time.Time LastTerm uint64 IsDead *atomic.Bool DesiredSuffrage string }
FollowerState represents the information about peer that the leader tracks.
type FollowerStates ¶ added in v1.7.0
type FollowerStates struct {
// contains filtered or unexported fields
}
FollowerStates holds information about all the followers in the raft cluster tracked by the leader.
func NewFollowerStates ¶ added in v1.7.0
func NewFollowerStates() *FollowerStates
NewFollowerStates creates a new FollowerStates object
func (*FollowerStates) Clear ¶ added in v1.7.0
func (s *FollowerStates) Clear()
Clear wipes all the information regarding peers in the follower states.
func (*FollowerStates) Delete ¶ added in v1.7.0
func (s *FollowerStates) Delete(nodeID string)
Delete the entry of a peer represented by the nodeID from follower states.
func (*FollowerStates) MinIndex ¶ added in v1.7.0
func (s *FollowerStates) MinIndex() uint64
MinIndex returns the minimum raft index applied in the raft cluster.
type IndexValue ¶
type IndexValue struct { Term uint64 `protobuf:"varint,1,opt,name=term,proto3" json:"term,omitempty"` Index uint64 `protobuf:"varint,2,opt,name=index,proto3" json:"index,omitempty"` // contains filtered or unexported fields }
func (*IndexValue) Descriptor
deprecated
func (*IndexValue) Descriptor() ([]byte, []int)
Deprecated: Use IndexValue.ProtoReflect.Descriptor instead.
func (*IndexValue) GetIndex ¶
func (x *IndexValue) GetIndex() uint64
func (*IndexValue) GetTerm ¶
func (x *IndexValue) GetTerm() uint64
func (*IndexValue) ProtoMessage ¶
func (*IndexValue) ProtoMessage()
func (*IndexValue) ProtoReflect ¶ added in v1.5.0
func (x *IndexValue) ProtoReflect() protoreflect.Message
func (*IndexValue) Reset ¶
func (x *IndexValue) Reset()
func (*IndexValue) String ¶
func (x *IndexValue) String() string
type LeaderJoinInfo ¶ added in v1.4.0
type LeaderJoinInfo struct { // AutoJoin defines any cloud auto-join metadata. If supplied, Vault will // attempt to automatically discover peers in addition to what can be provided // via 'leader_api_addr'. AutoJoin string `json:"auto_join"` // AutoJoinScheme defines the optional URI protocol scheme for addresses // discovered via auto-join. AutoJoinScheme string `json:"auto_join_scheme"` // AutoJoinPort defines the optional port used for addressed discovered via // auto-join. AutoJoinPort uint `json:"auto_join_port"` // LeaderAPIAddr is the address of the leader node to connect to LeaderAPIAddr string `json:"leader_api_addr"` // LeaderCACert is the CA cert of the leader node LeaderCACert string `json:"leader_ca_cert"` // LeaderClientCert is the client certificate for the follower node to // establish client authentication during TLS LeaderClientCert string `json:"leader_client_cert"` // LeaderClientKey is the client key for the follower node to establish // client authentication during TLS. LeaderClientKey string `json:"leader_client_key"` // LeaderCACertFile is the path on disk to the the CA cert file of the // leader node. This should only be provided via Vault's configuration file. LeaderCACertFile string `json:"leader_ca_cert_file"` // LeaderClientCertFile is the path on disk to the client certificate file // for the follower node to establish client authentication during TLS. This // should only be provided via Vault's configuration file. LeaderClientCertFile string `json:"leader_client_cert_file"` // LeaderClientKeyFile is the path on disk to the client key file for the // follower node to establish client authentication during TLS. This should // only be provided via Vault's configuration file. LeaderClientKeyFile string `json:"leader_client_key_file"` // LeaderTLSServerName is the optional ServerName to expect in the leader's // certificate, instead of the host/IP we're actually connecting to. LeaderTLSServerName string `json:"leader_tls_servername"` // Retry indicates if the join process should automatically be retried Retry bool `json:"-"` // TLSConfig for the API client to use when communicating with the leader node TLSConfig *tls.Config `json:"-"` }
LeaderJoinInfo contains information required by a node to join itself as a follower to an existing raft cluster
type LocalNodeConfigValue ¶ added in v1.7.0
type LocalNodeConfigValue struct { DesiredSuffrage string `protobuf:"bytes,1,opt,name=desired_suffrage,json=desiredSuffrage,proto3" json:"desired_suffrage,omitempty"` // contains filtered or unexported fields }
func (*LocalNodeConfigValue) Descriptor
deprecated
added in
v1.7.0
func (*LocalNodeConfigValue) Descriptor() ([]byte, []int)
Deprecated: Use LocalNodeConfigValue.ProtoReflect.Descriptor instead.
func (*LocalNodeConfigValue) GetDesiredSuffrage ¶ added in v1.7.0
func (x *LocalNodeConfigValue) GetDesiredSuffrage() string
func (*LocalNodeConfigValue) ProtoMessage ¶ added in v1.7.0
func (*LocalNodeConfigValue) ProtoMessage()
func (*LocalNodeConfigValue) ProtoReflect ¶ added in v1.7.0
func (x *LocalNodeConfigValue) ProtoReflect() protoreflect.Message
func (*LocalNodeConfigValue) Reset ¶ added in v1.7.0
func (x *LocalNodeConfigValue) Reset()
func (*LocalNodeConfigValue) String ¶ added in v1.7.0
func (x *LocalNodeConfigValue) String() string
type LogData ¶
type LogData struct { Operations []*LogOperation `protobuf:"bytes,1,rep,name=operations,proto3" json:"operations,omitempty"` // contains filtered or unexported fields }
func (*LogData) Descriptor
deprecated
func (*LogData) GetOperations ¶
func (x *LogData) GetOperations() []*LogOperation
func (*LogData) ProtoMessage ¶
func (*LogData) ProtoMessage()
func (*LogData) ProtoReflect ¶ added in v1.5.0
func (x *LogData) ProtoReflect() protoreflect.Message
type LogOperation ¶
type LogOperation struct { // OpType is the Operation type OpType uint32 `protobuf:"varint,1,opt,name=op_type,json=opType,proto3" json:"op_type,omitempty"` // Flags is an opaque value, currently unused. Reserved. Flags uint64 `protobuf:"varint,2,opt,name=flags,proto3" json:"flags,omitempty"` // Key that is being affected Key string `protobuf:"bytes,3,opt,name=key,proto3" json:"key,omitempty"` // Value is optional, corresponds to the key Value []byte `protobuf:"bytes,4,opt,name=value,proto3" json:"value,omitempty"` // contains filtered or unexported fields }
func (*LogOperation) Descriptor
deprecated
func (*LogOperation) Descriptor() ([]byte, []int)
Deprecated: Use LogOperation.ProtoReflect.Descriptor instead.
func (*LogOperation) GetFlags ¶
func (x *LogOperation) GetFlags() uint64
func (*LogOperation) GetKey ¶
func (x *LogOperation) GetKey() string
func (*LogOperation) GetOpType ¶
func (x *LogOperation) GetOpType() uint32
func (*LogOperation) GetValue ¶
func (x *LogOperation) GetValue() []byte
func (*LogOperation) ProtoMessage ¶
func (*LogOperation) ProtoMessage()
func (*LogOperation) ProtoReflect ¶ added in v1.5.0
func (x *LogOperation) ProtoReflect() protoreflect.Message
func (*LogOperation) Reset ¶
func (x *LogOperation) Reset()
func (*LogOperation) String ¶
func (x *LogOperation) String() string
type Peer ¶
type Peer struct { ID string `json:"id"` Address string `json:"address"` Suffrage int `json:"suffrage"` }
Peer defines the ID and Address for a given member of the raft cluster.
type RaftBackend ¶
type RaftBackend struct {
// contains filtered or unexported fields
}
RaftBackend implements the backend interfaces and uses the raft protocol to persist writes to the FSM.
func (*RaftBackend) AddNonVotingPeer ¶ added in v1.3.0
func (b *RaftBackend) AddNonVotingPeer(ctx context.Context, peerID, clusterAddr string) error
AddNonVotingPeer adds a new server to the raft cluster
func (*RaftBackend) AddPeer ¶
func (b *RaftBackend) AddPeer(ctx context.Context, peerID, clusterAddr string) error
AddPeer adds a new server to the raft cluster
func (*RaftBackend) AppliedIndex ¶
func (b *RaftBackend) AppliedIndex() uint64
AppliedIndex returns the latest index applied to the FSM
func (*RaftBackend) AutopilotConfig ¶ added in v1.7.0
func (b *RaftBackend) AutopilotConfig() *AutopilotConfig
AutopilotConfig returns the autopilot configuration in the backend.
func (*RaftBackend) AutopilotDisabled ¶ added in v1.7.0
func (b *RaftBackend) AutopilotDisabled() bool
func (*RaftBackend) Bootstrap ¶
func (b *RaftBackend) Bootstrap(peers []Peer) error
Bootstrap prepares the given peers to be part of the raft cluster
func (*RaftBackend) Close ¶ added in v1.5.0
func (b *RaftBackend) Close() error
Close is used to gracefully close all file resources. N.B. This method should only be called if you are sure the RaftBackend will never be used again.
func (*RaftBackend) CommittedIndex ¶ added in v1.4.2
func (b *RaftBackend) CommittedIndex() uint64
CommittedIndex returns the latest index committed to stable storage
func (*RaftBackend) Delete ¶
func (b *RaftBackend) Delete(ctx context.Context, path string) error
Delete inserts an entry in the log to delete the given path
func (*RaftBackend) DesiredSuffrage ¶ added in v1.7.0
func (b *RaftBackend) DesiredSuffrage() string
func (*RaftBackend) DisableAutopilot ¶ added in v1.7.0
func (b *RaftBackend) DisableAutopilot()
func (*RaftBackend) GetAutopilotServerState ¶ added in v1.7.0
func (b *RaftBackend) GetAutopilotServerState(ctx context.Context) (*AutopilotState, error)
GetAutopilotServerState retrieves raft cluster state from autopilot to return over the API.
func (*RaftBackend) GetConfiguration ¶
func (b *RaftBackend) GetConfiguration(ctx context.Context) (*RaftConfigurationResponse, error)
func (*RaftBackend) HAEnabled ¶
func (b *RaftBackend) HAEnabled() bool
HAEnabled is the implementation of the HABackend interface
func (*RaftBackend) HasState ¶ added in v1.5.0
func (b *RaftBackend) HasState() (bool, error)
func (*RaftBackend) Initialized ¶
func (b *RaftBackend) Initialized() bool
Initialized tells if raft is running or not
func (*RaftBackend) JoinConfig ¶ added in v1.4.0
func (b *RaftBackend) JoinConfig() ([]*LeaderJoinInfo, error)
JoinConfig returns a list of information about possible leader nodes that this node can join as a follower
func (*RaftBackend) LockWith ¶
func (b *RaftBackend) LockWith(key, value string) (physical.Lock, error)
HAEnabled is the implementation of the HABackend interface
func (*RaftBackend) NodeID ¶
func (b *RaftBackend) NodeID() string
NodeID returns the identifier of the node
func (*RaftBackend) Peers ¶
func (b *RaftBackend) Peers(ctx context.Context) ([]Peer, error)
Peers returns all the servers present in the raft cluster
func (*RaftBackend) Put ¶
Put inserts an entry in the log for the put operation. It will return an error if the resulting entry encoding exceeds the configured max_entry_size or if the call to applyLog fails.
func (*RaftBackend) RemovePeer ¶
func (b *RaftBackend) RemovePeer(ctx context.Context, peerID string) error
RemovePeer removes the given peer ID from the raft cluster. If the node is ourselves we will give up leadership.
func (*RaftBackend) RestoreSnapshot ¶
func (b *RaftBackend) RestoreSnapshot(ctx context.Context, metadata raft.SnapshotMeta, snap io.Reader) error
RestoreSnapshot applies the provided snapshot metadata and snapshot data to raft.
func (*RaftBackend) SetAutopilotConfig ¶ added in v1.7.0
func (b *RaftBackend) SetAutopilotConfig(config *AutopilotConfig)
SetAutopilotConfig updates the autopilot configuration in the backend.
func (*RaftBackend) SetDesiredSuffrage ¶ added in v1.7.0
func (b *RaftBackend) SetDesiredSuffrage(nonVoter bool) error
SetDesiredSuffrage sets a field in the fsm indicating the suffrage intent for this node.
func (*RaftBackend) SetFSMApplyCallback ¶ added in v1.7.0
func (r *RaftBackend) SetFSMApplyCallback(f func())
func (*RaftBackend) SetFSMDelay ¶ added in v1.5.4
func (r *RaftBackend) SetFSMDelay(delay time.Duration)
SetFSMDelay adds a delay to the FSM apply. This is used in tests to simulate a slow apply.
func (*RaftBackend) SetFollowerStates ¶ added in v1.7.0
func (b *RaftBackend) SetFollowerStates(states *FollowerStates)
SetFollowerStates sets the followerStates field in the backend to track peers in the raft cluster.
func (*RaftBackend) SetRestoreCallback ¶
func (b *RaftBackend) SetRestoreCallback(restoreCb restoreCallback)
SetRestoreCallback sets the callback to be used when a restoreCallbackOp is processed through the FSM.
func (*RaftBackend) SetServerAddressProvider ¶
func (b *RaftBackend) SetServerAddressProvider(provider raft.ServerAddressProvider)
SetServerAddressProvider sets a the address provider for determining the raft node addresses. This is currently only used in tests.
func (*RaftBackend) SetTLSKeyring ¶
func (b *RaftBackend) SetTLSKeyring(keyring *TLSKeyring) error
SetTLSKeyring is used to install a new keyring. If the active key has changed it will also close any network connections or streams forcing a reconnect with the new key.
func (*RaftBackend) SetupAutopilot ¶ added in v1.7.0
func (b *RaftBackend) SetupAutopilot(ctx context.Context, storageConfig *AutopilotConfig, followerStates *FollowerStates, disable bool)
SetupAutopilot gathers information required to configure autopilot and starts it. If autopilot is disabled, this function does nothing.
func (*RaftBackend) SetupCluster ¶
func (b *RaftBackend) SetupCluster(ctx context.Context, opts SetupOpts) error
SetupCluster starts the raft cluster and enables the networking needed for the raft nodes to communicate.
func (*RaftBackend) Snapshot ¶
Snapshot takes a raft snapshot, packages it into a archive file and writes it to the provided writer. Seal access is used to encrypt the SHASUM file so we can validate the snapshot was taken using the same master keys or not.
func (*RaftBackend) SnapshotHTTP ¶ added in v1.6.0
func (b *RaftBackend) SnapshotHTTP(out *logical.HTTPResponseWriter, access *seal.Access) error
SnapshotHTTP is a wrapper for Snapshot that sends the snapshot as an HTTP response.
func (*RaftBackend) StartRecoveryCluster ¶ added in v1.3.0
func (b *RaftBackend) StartRecoveryCluster(ctx context.Context, peer Peer) error
func (*RaftBackend) StopAutopilot ¶ added in v1.7.0
func (b *RaftBackend) StopAutopilot()
StopAutopilot stops a running autopilot instance. This should only be called on the active node.
func (*RaftBackend) TeardownCluster ¶
func (b *RaftBackend) TeardownCluster(clusterListener cluster.ClusterHook) error
TeardownCluster shuts down the raft cluster
func (*RaftBackend) Term ¶ added in v1.7.0
func (b *RaftBackend) Term() uint64
Term returns the raft term of this node.
func (*RaftBackend) Transaction ¶
Transaction applies all the given operations into a single log and applies it.
func (*RaftBackend) WriteSnapshotToTemp ¶
func (b *RaftBackend) WriteSnapshotToTemp(in io.ReadCloser, access *seal.Access) (*os.File, func(), raft.SnapshotMeta, error)
WriteSnapshotToTemp reads a snapshot archive off the provided reader, extracts the data and writes the snapshot to a temporary file. The seal access is used to decrypt the SHASUM file in the archive to ensure this snapshot has the same master key as the running instance. If the provided access is nil then it will skip that validation.
type RaftConfigurationResponse ¶
type RaftConfigurationResponse struct { // Servers has the list of servers in the Raft configuration. Servers []*RaftServer `json:"servers"` // Index has the Raft index of this configuration. Index uint64 `json:"index"` }
RaftConfigurationResponse is returned when querying for the current Raft configuration.
type RaftLock ¶
type RaftLock struct {
// contains filtered or unexported fields
}
RaftLock implements the physical Lock interface and enables HA for this backend. The Lock uses the raftNotifyCh for receiving leadership edge triggers. Vault's active duty matches raft's leadership.
type RaftServer ¶
type RaftServer struct { // NodeID is the name of the server NodeID string `json:"node_id"` // Address is the IP:port of the server, used for Raft communications Address string `json:"address"` // Leader is true if this server is the current cluster leader Leader bool `json:"leader"` // Protocol version is the raft protocol version used by the server ProtocolVersion string `json:"protocol_version"` // Voter is true if this server has a vote in the cluster. This might // be false if the server is staging and still coming online. Voter bool `json:"voter"` }
RaftServer has information about a server in the Raft configuration
type ReadCloser ¶ added in v1.5.0
func NewDelimitedReader ¶ added in v1.5.0
func NewDelimitedReader(r io.Reader, maxSize int) ReadCloser
type ReadableDuration ¶ added in v1.7.0
ReadableDuration is a duration type that is serialized to JSON in human readable format.
func NewReadableDuration ¶ added in v1.7.0
func NewReadableDuration(dur time.Duration) *ReadableDuration
func (*ReadableDuration) Duration ¶ added in v1.7.0
func (d *ReadableDuration) Duration() time.Duration
func (*ReadableDuration) MarshalJSON ¶ added in v1.7.0
func (d *ReadableDuration) MarshalJSON() ([]byte, error)
func (*ReadableDuration) String ¶ added in v1.7.0
func (d *ReadableDuration) String() string
func (*ReadableDuration) UnmarshalJSON ¶ added in v1.7.0
func (d *ReadableDuration) UnmarshalJSON(raw []byte) (err error)
type Server ¶
type Server struct { Suffrage int32 `protobuf:"varint,1,opt,name=suffrage,proto3" json:"suffrage,omitempty"` Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` Address string `protobuf:"bytes,3,opt,name=address,proto3" json:"address,omitempty"` // contains filtered or unexported fields }
func (*Server) Descriptor
deprecated
func (*Server) GetAddress ¶
func (*Server) GetSuffrage ¶
func (*Server) ProtoMessage ¶
func (*Server) ProtoMessage()
func (*Server) ProtoReflect ¶ added in v1.5.0
func (x *Server) ProtoReflect() protoreflect.Message
type SetupOpts ¶
type SetupOpts struct { // TLSKeyring is the keyring to use for the cluster traffic. TLSKeyring *TLSKeyring // ClusterListener is the cluster hook used to register the raft handler and // client with core's cluster listeners. ClusterListener cluster.ClusterHook // StartAsLeader is used to specify this node should start as leader and // bypass the leader election. This should be used with caution. StartAsLeader bool // RecoveryModeConfig is the configuration for the raft cluster in recovery // mode. RecoveryModeConfig *raft.Configuration }
SetupOpts are used to pass options to the raft setup function.
type TLSKey ¶
type TLSKey struct { // ID is a unique identifier for this Key ID string `json:"id"` // KeyType defines the algorighm used to generate the private keys KeyType string `json:"key_type"` // AppliedIndex is the earliest known raft index that safely contains this // key. AppliedIndex uint64 `json:"applied_index"` // CertBytes is the marshaled certificate. CertBytes []byte `json:"cluster_cert"` // KeyParams is the marshaled private key. KeyParams *certutil.ClusterKeyParams `json:"cluster_key_params"` // CreatedTime is the time this key was generated. This value is useful in // determining when the next rotation should be. CreatedTime time.Time `json:"created_time"` // contains filtered or unexported fields }
TLSKey is a single TLS keypair in the Keyring
type TLSKeyring ¶
type TLSKeyring struct { // Keys is the set of available key pairs Keys []*TLSKey `json:"keys"` // AppliedIndex is the earliest known raft index that safely contains the // latest key in the keyring. AppliedIndex uint64 `json:"applied_index"` // Term is an incrementing identifier value used to quickly determine if two // states of the keyring are different. Term uint64 `json:"term"` // ActiveKeyID is the key ID to track the active key in the keyring. Only // the active key is used for dialing. ActiveKeyID string `json:"active_key_id"` }
TLSKeyring is the set of keys that raft uses for network communication. Only one key is used to dial at a time but both keys will be used to accept connections.
func (*TLSKeyring) GetActive ¶
func (k *TLSKeyring) GetActive() *TLSKey
GetActive returns the active key.
type WriteCloser ¶ added in v1.5.0
func NewDelimitedWriter ¶ added in v1.5.0
func NewDelimitedWriter(w io.Writer) WriteCloser