Populates the segment keyrings based on the LAN keyring.

pull/3456/head
James Phillips 2017-09-07 12:17:20 -07:00
parent 88a150cee1
commit aa5ef4a098
No known key found for this signature in database
GPG Key ID: 77183E682AC5FC11
1 changed files with 33 additions and 3 deletions

View File

@ -31,6 +31,7 @@ import (
"github.com/hashicorp/consul/types" "github.com/hashicorp/consul/types"
"github.com/hashicorp/consul/watch" "github.com/hashicorp/consul/watch"
"github.com/hashicorp/go-uuid" "github.com/hashicorp/go-uuid"
"github.com/hashicorp/memberlist"
"github.com/hashicorp/raft" "github.com/hashicorp/raft"
"github.com/hashicorp/serf/serf" "github.com/hashicorp/serf/serf"
"github.com/shirou/gopsutil/host" "github.com/shirou/gopsutil/host"
@ -772,7 +773,8 @@ func (a *Agent) consulConfig() (*consul.Config, error) {
// Setup the loggers // Setup the loggers
base.LogOutput = a.LogOutput base.LogOutput = a.LogOutput
// This will set up the LAN keyring, as well as the WAN for servers. // This will set up the LAN keyring, as well as the WAN and any segments
// for servers.
if err := a.setupKeyrings(base); err != nil { if err := a.setupKeyrings(base); err != nil {
return nil, fmt.Errorf("Failed to configure keyring: %v", err) return nil, fmt.Errorf("Failed to configure keyring: %v", err)
} }
@ -946,8 +948,8 @@ func (a *Agent) setupNodeID(config *Config) error {
return nil return nil
} }
// setupKeyrings is used to initialize and load keyrings during agent startup // setupBaseKeyrings configures the LAN and WAN keyrings.
func (a *Agent) setupKeyrings(config *consul.Config) error { func (a *Agent) setupBaseKeyrings(config *consul.Config) error {
// If the keyring file is disabled then just poke the provided key // If the keyring file is disabled then just poke the provided key
// into the in-memory keyring. // into the in-memory keyring.
if a.config.DisableKeyringFile { if a.config.DisableKeyringFile {
@ -1006,6 +1008,34 @@ LOAD:
return nil return nil
} }
// setupKeyrings is used to initialize and load keyrings during agent startup.
func (a *Agent) setupKeyrings(config *consul.Config) error {
// First set up the LAN and WAN keyrings.
if err := a.setupBaseKeyrings(config); err != nil {
return err
}
// If there's no LAN keyring then there's nothing else to set up for
// any segments.
lanKeyring := config.SerfLANConfig.MemberlistConfig.Keyring
if lanKeyring == nil {
return nil
}
// Copy the initial state of the LAN keyring into each segment config.
// Segments don't have their own keyring file, they rely on the LAN
// holding the state so things can't get out of sync.
k, pk := lanKeyring.GetKeys(), lanKeyring.GetPrimaryKey()
for _, segment := range config.Segments {
keyring, err := memberlist.NewKeyring(k, pk)
if err != nil {
return err
}
segment.SerfConfig.MemberlistConfig.Keyring = keyring
}
return nil
}
// registerEndpoint registers a handler for the consul RPC server // registerEndpoint registers a handler for the consul RPC server
// under a unique name while making it accessible under the provided // under a unique name while making it accessible under the provided
// name. This allows overwriting handlers for the golang net/rpc // name. This allows overwriting handlers for the golang net/rpc