mirror of https://github.com/hashicorp/consul
Populates the segment keyrings based on the LAN keyring.
parent
88a150cee1
commit
aa5ef4a098
|
@ -31,6 +31,7 @@ import (
|
||||||
"github.com/hashicorp/consul/types"
|
"github.com/hashicorp/consul/types"
|
||||||
"github.com/hashicorp/consul/watch"
|
"github.com/hashicorp/consul/watch"
|
||||||
"github.com/hashicorp/go-uuid"
|
"github.com/hashicorp/go-uuid"
|
||||||
|
"github.com/hashicorp/memberlist"
|
||||||
"github.com/hashicorp/raft"
|
"github.com/hashicorp/raft"
|
||||||
"github.com/hashicorp/serf/serf"
|
"github.com/hashicorp/serf/serf"
|
||||||
"github.com/shirou/gopsutil/host"
|
"github.com/shirou/gopsutil/host"
|
||||||
|
@ -772,7 +773,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
|
||||||
// Setup the loggers
|
// Setup the loggers
|
||||||
base.LogOutput = a.LogOutput
|
base.LogOutput = a.LogOutput
|
||||||
|
|
||||||
// This will set up the LAN keyring, as well as the WAN for servers.
|
// This will set up the LAN keyring, as well as the WAN and any segments
|
||||||
|
// for servers.
|
||||||
if err := a.setupKeyrings(base); err != nil {
|
if err := a.setupKeyrings(base); err != nil {
|
||||||
return nil, fmt.Errorf("Failed to configure keyring: %v", err)
|
return nil, fmt.Errorf("Failed to configure keyring: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -946,8 +948,8 @@ func (a *Agent) setupNodeID(config *Config) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// setupKeyrings is used to initialize and load keyrings during agent startup
|
// setupBaseKeyrings configures the LAN and WAN keyrings.
|
||||||
func (a *Agent) setupKeyrings(config *consul.Config) error {
|
func (a *Agent) setupBaseKeyrings(config *consul.Config) error {
|
||||||
// If the keyring file is disabled then just poke the provided key
|
// If the keyring file is disabled then just poke the provided key
|
||||||
// into the in-memory keyring.
|
// into the in-memory keyring.
|
||||||
if a.config.DisableKeyringFile {
|
if a.config.DisableKeyringFile {
|
||||||
|
@ -1006,6 +1008,34 @@ LOAD:
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setupKeyrings is used to initialize and load keyrings during agent startup.
|
||||||
|
func (a *Agent) setupKeyrings(config *consul.Config) error {
|
||||||
|
// First set up the LAN and WAN keyrings.
|
||||||
|
if err := a.setupBaseKeyrings(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// If there's no LAN keyring then there's nothing else to set up for
|
||||||
|
// any segments.
|
||||||
|
lanKeyring := config.SerfLANConfig.MemberlistConfig.Keyring
|
||||||
|
if lanKeyring == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Copy the initial state of the LAN keyring into each segment config.
|
||||||
|
// Segments don't have their own keyring file, they rely on the LAN
|
||||||
|
// holding the state so things can't get out of sync.
|
||||||
|
k, pk := lanKeyring.GetKeys(), lanKeyring.GetPrimaryKey()
|
||||||
|
for _, segment := range config.Segments {
|
||||||
|
keyring, err := memberlist.NewKeyring(k, pk)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
segment.SerfConfig.MemberlistConfig.Keyring = keyring
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// registerEndpoint registers a handler for the consul RPC server
|
// registerEndpoint registers a handler for the consul RPC server
|
||||||
// under a unique name while making it accessible under the provided
|
// under a unique name while making it accessible under the provided
|
||||||
// name. This allows overwriting handlers for the golang net/rpc
|
// name. This allows overwriting handlers for the golang net/rpc
|
||||||
|
|
Loading…
Reference in New Issue