From 135337097181383baba76833c8b695ded8321173 Mon Sep 17 00:00:00 2001 From: "Luis (LT) Carbonell" Date: Tue, 13 Jun 2023 09:01:25 -0400 Subject: [PATCH 1/4] Add dr-token flag for raft autopilot --- api/sys_raft.go | 14 +++++++++ command/operator_raft_autopilot_get_config.go | 23 +++++++++++--- command/operator_raft_autopilot_set_config.go | 21 +++++++++++++ command/operator_raft_autopilot_state.go | 30 +++++++++++++------ 4 files changed, 75 insertions(+), 13 deletions(-) diff --git a/api/sys_raft.go b/api/sys_raft.go index 29bfed0f5613b..3c9fdf0599d94 100644 --- a/api/sys_raft.go +++ b/api/sys_raft.go @@ -276,6 +276,11 @@ func (c *Sys) RaftAutopilotState() (*AutopilotState, error) { return c.RaftAutopilotStateWithContext(context.Background()) } +// RaftAutopilotStateWithToken wraps RaftAutopilotStateWithContext using the given token. +func (c *Sys) RaftAutopilotStateWithDRToken(drToken string) (*AutopilotState, error) { + return c.RaftAutopilotStateWithContext(context.WithValue(context.Background(), "dr-token", drToken)) +} + // RaftAutopilotStateWithContext returns the state of the raft cluster as seen by autopilot. func (c *Sys) RaftAutopilotStateWithContext(ctx context.Context) (*AutopilotState, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) @@ -316,11 +321,20 @@ func (c *Sys) RaftAutopilotConfiguration() (*AutopilotConfig, error) { return c.RaftAutopilotConfigurationWithContext(context.Background()) } +// RaftAutopilotConfigurationWithDRToken wraps RaftAutopilotConfigurationWithContext using the given token. +func (c *Sys) RaftAutopilotConfigurationWithDRToken(drToken string) (*AutopilotConfig, error) { + return c.RaftAutopilotConfigurationWithContext(context.WithValue(context.Background(), "dr-token", drToken)) +} + // RaftAutopilotConfigurationWithContext fetches the autopilot config. func (c *Sys) RaftAutopilotConfigurationWithContext(ctx context.Context) (*AutopilotConfig, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() + if ctx.Value("dr-token") != nil { + c.c.SetToken(ctx.Value("dr-token").(string)) + } + r := c.c.NewRequest(http.MethodGet, "/v1/sys/storage/raft/autopilot/configuration") resp, err := c.c.rawRequestWithContext(ctx, r) diff --git a/command/operator_raft_autopilot_get_config.go b/command/operator_raft_autopilot_get_config.go index 11d7da87d8950..736469bbc601e 100644 --- a/command/operator_raft_autopilot_get_config.go +++ b/command/operator_raft_autopilot_get_config.go @@ -7,6 +7,7 @@ import ( "fmt" "strings" + "github.com/hashicorp/vault/api" "github.com/mitchellh/cli" "github.com/posener/complete" ) @@ -18,6 +19,7 @@ var ( type OperatorRaftAutopilotGetConfigCommand struct { *BaseCommand + flagDRToken string } func (c *OperatorRaftAutopilotGetConfigCommand) Synopsis() string { @@ -37,6 +39,17 @@ Usage: vault operator raft autopilot get-config func (c *OperatorRaftAutopilotGetConfigCommand) Flags() *FlagSets { set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) + f := set.NewFlagSet("Command Options") + + f.StringVar(&StringVar{ + Name: "dr-token", + Target: &c.flagDRToken, + Default: "", + EnvVar: "", + Completion: complete.PredictAnything, + Usage: "DR operation token used to authorize this request (if a DR secondary node).", + }) + return set } @@ -70,10 +83,12 @@ func (c *OperatorRaftAutopilotGetConfigCommand) Run(args []string) int { return 2 } - config, err := client.Sys().RaftAutopilotConfiguration() - if err != nil { - c.UI.Error(err.Error()) - return 2 + var config *api.AutopilotConfig + switch { + case c.flagDRToken != "": + config, err = client.Sys().RaftAutopilotConfigurationWithDRToken(c.flagDRToken) + default: + config, err = client.Sys().RaftAutopilotConfiguration() } if config == nil { diff --git a/command/operator_raft_autopilot_set_config.go b/command/operator_raft_autopilot_set_config.go index 0d9a5f3362951..3d7c65befebda 100644 --- a/command/operator_raft_autopilot_set_config.go +++ b/command/operator_raft_autopilot_set_config.go @@ -26,6 +26,7 @@ type OperatorRaftAutopilotSetConfigCommand struct { flagMinQuorum uint flagServerStabilizationTime time.Duration flagDisableUpgradeMigration BoolPtr + flagDRToken string } func (c *OperatorRaftAutopilotSetConfigCommand) Synopsis() string { @@ -50,36 +51,52 @@ func (c *OperatorRaftAutopilotSetConfigCommand) Flags() *FlagSets { f.BoolPtrVar(&BoolPtrVar{ Name: "cleanup-dead-servers", Target: &c.flagCleanupDeadServers, + Usage: "Controls whether to remove dead servers from the Raft peer list periodically or when a new server joins.", }) f.DurationVar(&DurationVar{ Name: "last-contact-threshold", Target: &c.flagLastContactThreshold, + Usage: "Limit on the amount of time a server can go without leader contact before being considered unhealthy.", }) f.DurationVar(&DurationVar{ Name: "dead-server-last-contact-threshold", Target: &c.flagDeadServerLastContactThreshold, + Usage: "Limit on the amount of time a server can go without leader contact before being considered failed. This takes effect only when cleanup_dead_servers is set.", }) f.Uint64Var(&Uint64Var{ Name: "max-trailing-logs", Target: &c.flagMaxTrailingLogs, + Usage: "Amount of entries in the Raft Log that a server can be behind before being considered unhealthy.", }) f.UintVar(&UintVar{ Name: "min-quorum", Target: &c.flagMinQuorum, + Usage: "Minimum number of servers allowed in a cluster before autopilot can prune dead servers. This should at least be 3.", }) f.DurationVar(&DurationVar{ Name: "server-stabilization-time", Target: &c.flagServerStabilizationTime, + Usage: "Minimum amount of time a server must be in a stable, healthy state before it can be added to the cluster.", }) f.BoolPtrVar(&BoolPtrVar{ Name: "disable-upgrade-migration", Target: &c.flagDisableUpgradeMigration, + Usage: "Whether or not to perform automated version upgrades.", + }) + + f.StringVar(&StringVar{ + Name: "dr-token", + Target: &c.flagDRToken, + Default: "", + EnvVar: "", + Completion: complete.PredictAnything, + Usage: "DR operation token used to authorize this request (if a DR secondary node).", }) return set @@ -138,6 +155,10 @@ func (c *OperatorRaftAutopilotSetConfigCommand) Run(args []string) int { data["disable_upgrade_migration"] = c.flagDisableUpgradeMigration.Get() } + if c.flagDRToken != "" { + client.SetToken(c.flagDRToken) + } + secret, err := client.Logical().Write("sys/storage/raft/autopilot/configuration", data) if err != nil { c.UI.Error(err.Error()) diff --git a/command/operator_raft_autopilot_state.go b/command/operator_raft_autopilot_state.go index 99f188aae78f0..c42c71dcf06a6 100644 --- a/command/operator_raft_autopilot_state.go +++ b/command/operator_raft_autopilot_state.go @@ -8,6 +8,7 @@ import ( "fmt" "strings" + "github.com/hashicorp/vault/api" "github.com/mitchellh/cli" "github.com/posener/complete" ) @@ -19,6 +20,7 @@ var ( type OperatorRaftAutopilotStateCommand struct { *BaseCommand + flagDRToken string } func (c *OperatorRaftAutopilotStateCommand) Synopsis() string { @@ -38,6 +40,17 @@ Usage: vault operator raft autopilot state func (c *OperatorRaftAutopilotStateCommand) Flags() *FlagSets { set := c.flagSet(FlagSetHTTP | FlagSetOutputFormat) + f := set.NewFlagSet("Command Options") + + f.StringVar(&StringVar{ + Name: "dr-token", + Target: &c.flagDRToken, + Default: "", + EnvVar: "", + Completion: complete.PredictAnything, + Usage: "DR operation token used to authorize this request (if a DR secondary node).", + }) + // The output of the state endpoint contains nested values and is not fit for // the default "table" display format. Override the default display format to // "pretty", both in the flag and in the UI. @@ -69,21 +82,20 @@ func (c *OperatorRaftAutopilotStateCommand) Run(args []string) int { return 1 } - args = f.Args() - switch len(args) { - case 0: - default: - c.UI.Error(fmt.Sprintf("Incorrect arguments (expected 0, got %d)", len(args))) - return 1 - } - client, err := c.Client() if err != nil { c.UI.Error(err.Error()) return 2 } - state, err := client.Sys().RaftAutopilotState() + var state *api.AutopilotState + switch { + case c.flagDRToken != "": + state, err = client.Sys().RaftAutopilotStateWithDRToken(c.flagDRToken) + default: + state, err = client.Sys().RaftAutopilotState() + } + if err != nil { c.UI.Error(fmt.Sprintf("Error checking autopilot state: %s", err)) return 2 From daf23cfb0553bf9b574e33c09360685dfd7959f3 Mon Sep 17 00:00:00 2001 From: "Luis (LT) Carbonell" Date: Tue, 13 Jun 2023 09:03:13 -0400 Subject: [PATCH 2/4] Add changelog --- changelog/21165.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/21165.txt diff --git a/changelog/21165.txt b/changelog/21165.txt new file mode 100644 index 0000000000000..dd6b6d05de0d9 --- /dev/null +++ b/changelog/21165.txt @@ -0,0 +1,3 @@ +```release-note:bug +raft/autopilot: Add dr-token flag for raft autopilot cli commands +``` From cf8ecfc288cab295a08b73413542c2026724470b Mon Sep 17 00:00:00 2001 From: "Luis (LT) Carbonell" Date: Wed, 21 Jun 2023 12:48:19 -0400 Subject: [PATCH 3/4] Cleanup bad patch apply --- api/sys_raft.go | 3 +++ command/operator_raft_autopilot_state.go | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/api/sys_raft.go b/api/sys_raft.go index 3c9fdf0599d94..4b9487c61d559 100644 --- a/api/sys_raft.go +++ b/api/sys_raft.go @@ -286,6 +286,9 @@ func (c *Sys) RaftAutopilotStateWithContext(ctx context.Context) (*AutopilotStat ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() + if ctx.Value("dr-token") != nil { + c.c.SetToken(ctx.Value("dr-token").(string)) + } r := c.c.NewRequest(http.MethodGet, "/v1/sys/storage/raft/autopilot/state") resp, err := c.c.rawRequestWithContext(ctx, r) diff --git a/command/operator_raft_autopilot_state.go b/command/operator_raft_autopilot_state.go index c42c71dcf06a6..8e7b670866186 100644 --- a/command/operator_raft_autopilot_state.go +++ b/command/operator_raft_autopilot_state.go @@ -82,6 +82,14 @@ func (c *OperatorRaftAutopilotStateCommand) Run(args []string) int { return 1 } + args = f.Args() + switch len(args) { + case 0: + default: + c.UI.Error(fmt.Sprintf("Incorrect arguments (expected 0, got %d)", len(args))) + return 1 + } + client, err := c.Client() if err != nil { c.UI.Error(err.Error()) From f78792d63bd09efbbc94705d7c96193f7e86a645 Mon Sep 17 00:00:00 2001 From: "Luis (LT) Carbonell" Date: Fri, 21 Jul 2023 09:31:24 -0400 Subject: [PATCH 4/4] Set dr token explicitly --- command/operator_raft_autopilot_set_config.go | 3 +-- vault/logical_system_raft.go | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/command/operator_raft_autopilot_set_config.go b/command/operator_raft_autopilot_set_config.go index 3d7c65befebda..384667028b430 100644 --- a/command/operator_raft_autopilot_set_config.go +++ b/command/operator_raft_autopilot_set_config.go @@ -154,9 +154,8 @@ func (c *OperatorRaftAutopilotSetConfigCommand) Run(args []string) int { if c.flagDisableUpgradeMigration.IsSet() { data["disable_upgrade_migration"] = c.flagDisableUpgradeMigration.Get() } - if c.flagDRToken != "" { - client.SetToken(c.flagDRToken) + data["dr_operation_token"] = c.flagDRToken } secret, err := client.Logical().Write("sys/storage/raft/autopilot/configuration", data) diff --git a/vault/logical_system_raft.go b/vault/logical_system_raft.go index ca475eddcc77c..fb236e0912479 100644 --- a/vault/logical_system_raft.go +++ b/vault/logical_system_raft.go @@ -196,6 +196,10 @@ func (b *SystemBackend) raftStoragePaths() []*framework.Path { Type: framework.TypeBool, Description: "Whether or not to perform automated version upgrades.", }, + "dr_operation_token": { + Type: framework.TypeString, + Description: "DR operation token used to authorize this request (if a DR secondary node).", + }, }, Operations: map[logical.Operation]framework.OperationHandler{