From d22204914d95d80e74effd94150586ed1ba8e535 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Wed, 20 Jul 2016 15:38:53 -0400 Subject: [PATCH 1/5] Add service discovery to init command --- api/sys_init.go | 2 +- command/init.go | 146 ++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 131 insertions(+), 17 deletions(-) diff --git a/api/sys_init.go b/api/sys_init.go index 47e9718247..37c2bcc8ca 100644 --- a/api/sys_init.go +++ b/api/sys_init.go @@ -45,7 +45,7 @@ type InitStatusResponse struct { } type InitResponse struct { - Keys []string + Keys []string `json:"keys"` RecoveryKeys []string `json:"recovery_keys"` RootToken string `json:"root_token"` } diff --git a/command/init.go b/command/init.go index a839973de7..e2e6bc960d 100644 --- a/command/init.go +++ b/command/init.go @@ -2,8 +2,11 @@ package command import ( "fmt" + "os" + "runtime" "strings" + consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/meta" @@ -18,6 +21,7 @@ func (c *InitCommand) Run(args []string) int { var threshold, shares, storedShares, recoveryThreshold, recoveryShares int var pgpKeys, recoveryPgpKeys pgpkeys.PubKeyFilesFlag var check bool + var auto string flags := c.Meta.FlagSet("init", meta.FlagSetDefault) flags.Usage = func() { c.Ui.Error(c.Help()) } flags.IntVar(&shares, "key-shares", 5, "") @@ -28,10 +32,128 @@ func (c *InitCommand) Run(args []string) int { flags.IntVar(&recoveryThreshold, "recovery-threshold", 3, "") flags.Var(&recoveryPgpKeys, "recovery-pgp-keys", "") flags.BoolVar(&check, "check", false, "") + flags.StringVar(&auto, "auto", "", "") if err := flags.Parse(args); err != nil { return 1 } + initRequest := &api.InitRequest{ + SecretShares: shares, + SecretThreshold: threshold, + StoredShares: storedShares, + PGPKeys: pgpKeys, + RecoveryShares: recoveryShares, + RecoveryThreshold: recoveryThreshold, + RecoveryPGPKeys: recoveryPgpKeys, + } + + // If running in 'auto' mode, run service discovery based on environment + // variables of Consul. + if auto != "" { + // Create configuration for Consul + consulConfig := consulapi.DefaultConfig() + + // Create a client to communicate with Consul + consulClient, err := consulapi.NewClient(consulConfig) + if err != nil { + c.Ui.Error(fmt.Sprintf("failed to create Consul client:%v", err)) + return 1 + } + + var uninitializedVaults []string + var initializedVault string + + // Query the nodes belonging to the cluster + if services, _, err := consulClient.Catalog().Service(auto, "", &consulapi.QueryOptions{AllowStale: true}); err == nil { + Loop: + for _, service := range services { + vaultAddress := fmt.Sprintf("%s://%s:%d", consulConfig.Scheme, service.ServiceAddress, service.ServicePort) + + // Set VAULT_ADDR to the discovered node + os.Setenv(api.EnvVaultAddress, vaultAddress) + + // Create a client to communicate with the discovered node + client, err := c.Client() + if err != nil { + c.Ui.Error(fmt.Sprintf( + "Error initializing client: %s", err)) + return 1 + } + + // Check the initialization status of the discovered node + inited, err := client.Sys().InitStatus() + switch { + case err != nil: + c.Ui.Error(fmt.Sprintf("Error checking initialization status of discovered node: %s err:%s", vaultAddress, err)) + return 1 + case inited: + // One of the nodes in the cluster is initialized. Break out. + initializedVault = vaultAddress + break Loop + default: + // Vault is uninitialized. + uninitializedVaults = append(uninitializedVaults, vaultAddress) + } + } + } + + export := "export" + quote := "'" + if runtime.GOOS == "windows" { + export = "set" + quote = "" + } + + if initializedVault != "" { + c.Ui.Output(fmt.Sprintf("Discovered an initialized Vault node at '%s'\n", initializedVault)) + c.Ui.Output("Set the following environment variable to operate on the discovered Vault:\n") + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, initializedVault, quote)) + return 0 + } + + switch len(uninitializedVaults) { + case 0: + c.Ui.Error(fmt.Sprintf("Failed to discover Vault nodes under the service name '%s'", auto)) + return 1 + case 1: + // There was only one node found in the Vault cluster and it + // was uninitialized. + + // Set the VAULT_ADDR to the discovered node. This will ensure + // that the client created will operate on the discovered node. + os.Setenv(api.EnvVaultAddress, uninitializedVaults[0]) + + // Let the client know that initialization is perfomed on the + // discovered node. + c.Ui.Output(fmt.Sprintf("Discovered Vault at '%s'\n", uninitializedVaults[0])) + + // Attempt initializing it + ret := c.runInit(check, initRequest) + + // Regardless of success or failure, instruct client to update VAULT_ADDR + c.Ui.Output("Set the following environment variable to operate on the discovered Vault:\n") + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, uninitializedVaults[0], quote)) + + return ret + default: + // If more than one Vault node were discovered, print out all of them, + // requiring the client to update VAULT_ADDR and to run init again. + c.Ui.Output(fmt.Sprintf("Discovered more than one uninitialized Vaults under the service name '%s'\n", auto)) + c.Ui.Output("To initialize all Vaults, set any *one* of the following and run 'vault init':") + + // Print valid commands to make setting the variables easier + for _, vaultNode := range uninitializedVaults { + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, vaultNode, quote)) + + } + return 0 + } + } + + return c.runInit(check, initRequest) +} + +func (c *InitCommand) runInit(check bool, initRequest *api.InitRequest) int { client, err := c.Client() if err != nil { c.Ui.Error(fmt.Sprintf( @@ -43,15 +165,7 @@ func (c *InitCommand) Run(args []string) int { return c.checkStatus(client) } - resp, err := client.Sys().Init(&api.InitRequest{ - SecretShares: shares, - SecretThreshold: threshold, - StoredShares: storedShares, - PGPKeys: pgpKeys, - RecoveryShares: recoveryShares, - RecoveryThreshold: recoveryThreshold, - RecoveryPGPKeys: recoveryPgpKeys, - }) + resp, err := client.Sys().Init(initRequest) if err != nil { c.Ui.Error(fmt.Sprintf( "Error initializing Vault: %s", err)) @@ -67,7 +181,7 @@ func (c *InitCommand) Run(args []string) int { c.Ui.Output(fmt.Sprintf("Initial Root Token: %s", resp.RootToken)) - if storedShares < 1 { + if initRequest.StoredShares < 1 { c.Ui.Output(fmt.Sprintf( "\n"+ "Vault initialized with %d keys and a key threshold of %d. Please\n"+ @@ -76,10 +190,10 @@ func (c *InitCommand) Run(args []string) int { "to unseal it again.\n\n"+ "Vault does not store the master key. Without at least %d keys,\n"+ "your Vault will remain permanently sealed.", - shares, - threshold, - threshold, - threshold, + initRequest.SecretShares, + initRequest.SecretThreshold, + initRequest.SecretThreshold, + initRequest.SecretThreshold, )) } else { c.Ui.Output( @@ -92,8 +206,8 @@ func (c *InitCommand) Run(args []string) int { "\n"+ "Recovery key initialized with %d keys and a key threshold of %d. Please\n"+ "securely distribute the above keys.", - recoveryShares, - recoveryThreshold, + initRequest.RecoveryShares, + initRequest.RecoveryThreshold, )) } From f1ad3595a5e023c4c0db582f2f5fefdf7783f6df Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Thu, 21 Jul 2016 16:51:38 -0400 Subject: [PATCH 2/5] Added a separate flag consul-service to receive Consul service name --- command/init.go | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/command/init.go b/command/init.go index e2e6bc960d..5aad30970d 100644 --- a/command/init.go +++ b/command/init.go @@ -20,8 +20,8 @@ type InitCommand struct { func (c *InitCommand) Run(args []string) int { var threshold, shares, storedShares, recoveryThreshold, recoveryShares int var pgpKeys, recoveryPgpKeys pgpkeys.PubKeyFilesFlag - var check bool - var auto string + var auto, check bool + var consulService string flags := c.Meta.FlagSet("init", meta.FlagSetDefault) flags.Usage = func() { c.Ui.Error(c.Help()) } flags.IntVar(&shares, "key-shares", 5, "") @@ -32,7 +32,8 @@ func (c *InitCommand) Run(args []string) int { flags.IntVar(&recoveryThreshold, "recovery-threshold", 3, "") flags.Var(&recoveryPgpKeys, "recovery-pgp-keys", "") flags.BoolVar(&check, "check", false, "") - flags.StringVar(&auto, "auto", "", "") + flags.BoolVar(&auto, "auto", false, "") + flags.StringVar(&consulService, "consul-service", "", "") if err := flags.Parse(args); err != nil { return 1 } @@ -49,7 +50,13 @@ func (c *InitCommand) Run(args []string) int { // If running in 'auto' mode, run service discovery based on environment // variables of Consul. - if auto != "" { + if auto { + + if strings.TrimSpace(consulService) == "" { + c.Ui.Error("'consul-service' must be supplied when 'auto' is set") + return 1 + } + // Create configuration for Consul consulConfig := consulapi.DefaultConfig() @@ -64,7 +71,7 @@ func (c *InitCommand) Run(args []string) int { var initializedVault string // Query the nodes belonging to the cluster - if services, _, err := consulClient.Catalog().Service(auto, "", &consulapi.QueryOptions{AllowStale: true}); err == nil { + if services, _, err := consulClient.Catalog().Service(consulService, "", &consulapi.QueryOptions{AllowStale: true}); err == nil { Loop: for _, service := range services { vaultAddress := fmt.Sprintf("%s://%s:%d", consulConfig.Scheme, service.ServiceAddress, service.ServicePort) @@ -105,15 +112,15 @@ func (c *InitCommand) Run(args []string) int { } if initializedVault != "" { - c.Ui.Output(fmt.Sprintf("Discovered an initialized Vault node at '%s'\n", initializedVault)) - c.Ui.Output("Set the following environment variable to operate on the discovered Vault:\n") + c.Ui.Output(fmt.Sprintf("Discovered an initialized Vault node at '%s'", initializedVault)) + c.Ui.Output("\nSet the following environment variable to operate on the discovered Vault:\n") c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, initializedVault, quote)) return 0 } switch len(uninitializedVaults) { case 0: - c.Ui.Error(fmt.Sprintf("Failed to discover Vault nodes under the service name '%s'", auto)) + c.Ui.Error(fmt.Sprintf("Failed to discover Vault nodes under Consul service name '%s'", consulService)) return 1 case 1: // There was only one node found in the Vault cluster and it @@ -131,19 +138,19 @@ func (c *InitCommand) Run(args []string) int { ret := c.runInit(check, initRequest) // Regardless of success or failure, instruct client to update VAULT_ADDR - c.Ui.Output("Set the following environment variable to operate on the discovered Vault:\n") + c.Ui.Output("\nSet the following environment variable to operate on the discovered Vault:\n") c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, uninitializedVaults[0], quote)) return ret default: // If more than one Vault node were discovered, print out all of them, // requiring the client to update VAULT_ADDR and to run init again. - c.Ui.Output(fmt.Sprintf("Discovered more than one uninitialized Vaults under the service name '%s'\n", auto)) - c.Ui.Output("To initialize all Vaults, set any *one* of the following and run 'vault init':") + c.Ui.Output(fmt.Sprintf("Discovered more than one uninitialized Vaults under Consul service name '%s'\n", consulService)) + c.Ui.Output("To initialize these Vaults, set any *one* of the following environment variables and run 'vault init':") // Print valid commands to make setting the variables easier for _, vaultNode := range uninitializedVaults { - c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, vaultNode, quote)) + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%s%s%s", export, quote, vaultNode, quote)) } return 0 From 08b6740139fec6a7cc66ff281fa2d09fc9068593 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Thu, 21 Jul 2016 17:12:54 -0400 Subject: [PATCH 3/5] Added documentation for init service discovery --- command/init.go | 76 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 50 insertions(+), 26 deletions(-) diff --git a/command/init.go b/command/init.go index 5aad30970d..3daf5db5f6 100644 --- a/command/init.go +++ b/command/init.go @@ -257,39 +257,63 @@ General Options: ` + meta.GeneralOptionsUsage() + ` Init Options: - -check Don't actually initialize, just check if Vault is - already initialized. A return code of 0 means Vault - is initialized; a return code of 2 means Vault is not - initialized; a return code of 1 means an error was - encountered. + -check Don't actually initialize, just check if Vault is + already initialized. A return code of 0 means Vault + is initialized; a return code of 2 means Vault is not + initialized; a return code of 1 means an error was + encountered. - -key-shares=5 The number of key shares to split the master key - into. + -key-shares=5 The number of key shares to split the master key + into. - -key-threshold=3 The number of key shares required to reconstruct - the master key. + -key-threshold=3 The number of key shares required to reconstruct + the master key. - -stored-shares=0 The number of unseal keys to store. This is not - normally available. + -stored-shares=0 The number of unseal keys to store. This is not + normally available. - -pgp-keys If provided, must be a comma-separated list of - files on disk containing binary- or base64-format - public PGP keys, or Keybase usernames specified as - "keybase:". The number of given entries - must match 'key-shares'. The output unseal keys will - be encrypted and hex-encoded, in order, with the - given public keys. If you want to use them with the - 'vault unseal' command, you will need to hex decode - and decrypt; this will be the plaintext unseal key. + -pgp-keys If provided, must be a comma-separated list of + files on disk containing binary- or base64-format + public PGP keys, or Keybase usernames specified as + "keybase:". The number of given entries + must match 'key-shares'. The output unseal keys will + be encrypted and hex-encoded, in order, with the + given public keys. If you want to use them with the + 'vault unseal' command, you will need to hex decode + and decrypt; this will be the plaintext unseal key. - -recovery-shares=5 The number of key shares to split the recovery key - into. This is not normally available. + -recovery-shares=5 The number of key shares to split the recovery key + into. This is not normally available. - -recovery-threshold=3 The number of key shares required to reconstruct - the recovery key. This is not normally available. + -recovery-threshold=3 The number of key shares required to reconstruct + the recovery key. This is not normally available. - -recovery-pgp-keys If provided, behaves like "pgp-keys" but for the - recovery key shares. This is not normally available. + -recovery-pgp-keys If provided, behaves like "pgp-keys" but for the + recovery key shares. This is not normally available. + + -auto If set, performs service discovery using the underlying + Consul storage backend. When one or more Vault servers + are running on Consul storage backend (none else), + setting this flag will create a Consul client and + discovrs the nodes using the service name under which + Vault nodes are registered with Consul. Service name + should be supplied using 'consul-service' flag. This + option works well when each Vault cluster is registered + under a unique service name. Ensure that environment + variables required to communicate with Consul, like + (CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_HTTP_SSL, + et al) are properly set. If, only one Vault node is + discovered, then an initialization attempt will be made. + If more than one Vault nodes are discovered, they will + be listed on the output, requiring another execution of + this command with updated VAULT_ADDR environment variable. + + -consul-service Service name under which the all nodes of Vault are + registered with Consul. When Vault is using Consul + as its storage backend, by default, it will auto register + itself with Consul under the default name of "vault". + This name can be modified in Vault's configuration file, + using the "service" option under Consul backend. ` return strings.TrimSpace(helpText) } From cd719d9123602bc48422ba19c3394bdbf2128ff5 Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Thu, 21 Jul 2016 19:04:43 -0400 Subject: [PATCH 4/5] Address review feedback from @sean --- command/init.go | 58 ++++++++++++++++++++++++++++------------------ physical/consul.go | 6 ++--- 2 files changed, 38 insertions(+), 26 deletions(-) diff --git a/command/init.go b/command/init.go index 3daf5db5f6..bcff710b24 100644 --- a/command/init.go +++ b/command/init.go @@ -2,6 +2,7 @@ package command import ( "fmt" + "net/url" "os" "runtime" "strings" @@ -10,6 +11,7 @@ import ( "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/meta" + "github.com/hashicorp/vault/physical" ) // InitCommand is a Command that initializes a new Vault server. @@ -21,7 +23,7 @@ func (c *InitCommand) Run(args []string) int { var threshold, shares, storedShares, recoveryThreshold, recoveryShares int var pgpKeys, recoveryPgpKeys pgpkeys.PubKeyFilesFlag var auto, check bool - var consulService string + var consulServiceName string flags := c.Meta.FlagSet("init", meta.FlagSetDefault) flags.Usage = func() { c.Ui.Error(c.Help()) } flags.IntVar(&shares, "key-shares", 5, "") @@ -33,7 +35,7 @@ func (c *InitCommand) Run(args []string) int { flags.Var(&recoveryPgpKeys, "recovery-pgp-keys", "") flags.BoolVar(&check, "check", false, "") flags.BoolVar(&auto, "auto", false, "") - flags.StringVar(&consulService, "consul-service", "", "") + flags.StringVar(&consulServiceName, "consul-service", physical.DefaultServiceName, "") if err := flags.Parse(args); err != nil { return 1 } @@ -52,11 +54,6 @@ func (c *InitCommand) Run(args []string) int { // variables of Consul. if auto { - if strings.TrimSpace(consulService) == "" { - c.Ui.Error("'consul-service' must be supplied when 'auto' is set") - return 1 - } - // Create configuration for Consul consulConfig := consulapi.DefaultConfig() @@ -71,19 +68,21 @@ func (c *InitCommand) Run(args []string) int { var initializedVault string // Query the nodes belonging to the cluster - if services, _, err := consulClient.Catalog().Service(consulService, "", &consulapi.QueryOptions{AllowStale: true}); err == nil { + if services, _, err := consulClient.Catalog().Service(consulServiceName, "", &consulapi.QueryOptions{AllowStale: true}); err == nil { Loop: for _, service := range services { - vaultAddress := fmt.Sprintf("%s://%s:%d", consulConfig.Scheme, service.ServiceAddress, service.ServicePort) + vaultAddress := &url.URL{ + Scheme: consulConfig.Scheme, + Host: fmt.Sprintf("%s:%d", service.ServiceAddress, service.ServicePort), + } // Set VAULT_ADDR to the discovered node - os.Setenv(api.EnvVaultAddress, vaultAddress) + os.Setenv(api.EnvVaultAddress, vaultAddress.String()) // Create a client to communicate with the discovered node client, err := c.Client() if err != nil { - c.Ui.Error(fmt.Sprintf( - "Error initializing client: %s", err)) + c.Ui.Error(fmt.Sprintf("Error initializing client: %v", err)) return 1 } @@ -91,15 +90,15 @@ func (c *InitCommand) Run(args []string) int { inited, err := client.Sys().InitStatus() switch { case err != nil: - c.Ui.Error(fmt.Sprintf("Error checking initialization status of discovered node: %s err:%s", vaultAddress, err)) + c.Ui.Error(fmt.Sprintf("Error checking initialization status of discovered node: %+q. Err: %v", vaultAddress.String(), err)) return 1 case inited: // One of the nodes in the cluster is initialized. Break out. - initializedVault = vaultAddress + initializedVault = vaultAddress.String() break Loop default: // Vault is uninitialized. - uninitializedVaults = append(uninitializedVaults, vaultAddress) + uninitializedVaults = append(uninitializedVaults, vaultAddress.String()) } } } @@ -112,45 +111,58 @@ func (c *InitCommand) Run(args []string) int { } if initializedVault != "" { - c.Ui.Output(fmt.Sprintf("Discovered an initialized Vault node at '%s'", initializedVault)) + vaultURL, err := url.Parse(initializedVault) + if err != nil { + c.Ui.Error(fmt.Sprintf("Failed to parse Vault address: %+q. Err: %v", initializedVault, err)) + } + c.Ui.Output(fmt.Sprintf("Discovered an initialized Vault node at %+q, using Consul service name %+q", vaultURL.String(), consulServiceName)) c.Ui.Output("\nSet the following environment variable to operate on the discovered Vault:\n") - c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, initializedVault, quote)) + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%s%s%s", export, quote, vaultURL.String(), quote)) return 0 } switch len(uninitializedVaults) { case 0: - c.Ui.Error(fmt.Sprintf("Failed to discover Vault nodes under Consul service name '%s'", consulService)) + c.Ui.Error(fmt.Sprintf("Failed to discover Vault nodes using Consul service name %+q", consulServiceName)) return 1 case 1: // There was only one node found in the Vault cluster and it // was uninitialized. + vaultURL, err := url.Parse(uninitializedVaults[0]) + if err != nil { + c.Ui.Error(fmt.Sprintf("Failed to parse Vault address: %+q. Err: %v", uninitializedVaults[0], err)) + } + // Set the VAULT_ADDR to the discovered node. This will ensure // that the client created will operate on the discovered node. - os.Setenv(api.EnvVaultAddress, uninitializedVaults[0]) + os.Setenv(api.EnvVaultAddress, vaultURL.String()) // Let the client know that initialization is perfomed on the // discovered node. - c.Ui.Output(fmt.Sprintf("Discovered Vault at '%s'\n", uninitializedVaults[0])) + c.Ui.Output(fmt.Sprintf("Discovered Vault at %+q using Consul service name %+q\n", vaultURL.String(), consulServiceName)) // Attempt initializing it ret := c.runInit(check, initRequest) // Regardless of success or failure, instruct client to update VAULT_ADDR c.Ui.Output("\nSet the following environment variable to operate on the discovered Vault:\n") - c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%shttp://%s%s", export, quote, uninitializedVaults[0], quote)) + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%s%s%s", export, quote, vaultURL.String(), quote)) return ret default: // If more than one Vault node were discovered, print out all of them, // requiring the client to update VAULT_ADDR and to run init again. - c.Ui.Output(fmt.Sprintf("Discovered more than one uninitialized Vaults under Consul service name '%s'\n", consulService)) + c.Ui.Output(fmt.Sprintf("Discovered more than one uninitialized Vaults using Consul service name %+q\n", consulServiceName)) c.Ui.Output("To initialize these Vaults, set any *one* of the following environment variables and run 'vault init':") // Print valid commands to make setting the variables easier for _, vaultNode := range uninitializedVaults { - c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%s%s%s", export, quote, vaultNode, quote)) + vaultURL, err := url.Parse(vaultNode) + if err != nil { + c.Ui.Error(fmt.Sprintf("Failed to parse Vault address: %+q. Err: %v", vaultNode, err)) + } + c.Ui.Output(fmt.Sprintf("\t%s VAULT_ADDR=%s%s%s", export, quote, vaultURL.String(), quote)) } return 0 diff --git a/physical/consul.go b/physical/consul.go index ff0a623f0f..9b7eb129a1 100644 --- a/physical/consul.go +++ b/physical/consul.go @@ -38,9 +38,9 @@ const ( // defaultCheckTimeout changes the timeout of TTL checks defaultCheckTimeout = 5 * time.Second - // defaultServiceName is the default Consul service name used when + // DefaultServiceName is the default Consul service name used when // advertising a Vault instance. - defaultServiceName = "vault" + DefaultServiceName = "vault" // reconcileTimeout is how often Vault should query Consul to detect // and fix any state drift. @@ -104,7 +104,7 @@ func newConsulBackend(conf map[string]string, logger *log.Logger) (Backend, erro // Get the service name to advertise in Consul service, ok := conf["service"] if !ok { - service = defaultServiceName + service = DefaultServiceName } logger.Printf("[DEBUG]: consul: config service set to %s", service) From 201ea85fea833e2c1f94bf89b98a168484368aad Mon Sep 17 00:00:00 2001 From: vishalnayak Date: Thu, 21 Jul 2016 20:46:31 -0400 Subject: [PATCH 5/5] Address review feedback by @jefferai --- command/init.go | 38 ++++++++++++++++++-------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/command/init.go b/command/init.go index bcff710b24..20ffd34839 100644 --- a/command/init.go +++ b/command/init.go @@ -305,27 +305,25 @@ Init Options: -auto If set, performs service discovery using the underlying Consul storage backend. When one or more Vault servers - are running on Consul storage backend (none else), - setting this flag will create a Consul client and - discovrs the nodes using the service name under which - Vault nodes are registered with Consul. Service name - should be supplied using 'consul-service' flag. This - option works well when each Vault cluster is registered - under a unique service name. Ensure that environment - variables required to communicate with Consul, like - (CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, CONSUL_HTTP_SSL, - et al) are properly set. If, only one Vault node is - discovered, then an initialization attempt will be made. - If more than one Vault nodes are discovered, they will - be listed on the output, requiring another execution of - this command with updated VAULT_ADDR environment variable. + are using Consul for data storage, setting this flag + will create a Consul client and discover nodes using + the service name under which Vault nodes are registered + with Consul. The service name can be changed using + 'consul-service' flag. This option works well when each + Vault cluster is registered under a unique service name. + Ensure that environment variables required to communicate + with Consul, like (CONSUL_HTTP_ADDR, CONSUL_HTTP_TOKEN, + CONSUL_HTTP_SSL, et al) are properly set. If only one + Vault node is discovered, then an initialization attempt + will be made. If more than one Vault node is discovered, + they will be output. - -consul-service Service name under which the all nodes of Vault are - registered with Consul. When Vault is using Consul - as its storage backend, by default, it will auto register - itself with Consul under the default name of "vault". - This name can be modified in Vault's configuration file, - using the "service" option under Consul backend. + -consul-service Service name under which all the nodes of a Vault cluster + are registered with Consul. When Vault uses Consul as its + storage backend, by default, it will register as a service + with Consul by the name "vault". This name can be modified + in Vault's configuration file, using the "service" option + for the Consul backend. ` return strings.TrimSpace(helpText) }