upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-08 00:02:32 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Merge pull request #268 from sheldonh/howto_mlock

Browse source 
Document unprivileged mlock on Linux
This commit is contained in:
Armon Dadgar 2015-05-28 10:03:10 -07:00
commit c40371bfd2
2 changed files with 29 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
website/source/docs/config/index.html.md
View file

@ -39,7 +39,7 @@ to specify where the configuration is.
* `disable_mlock` (optional) - A boolean. If true, this will disable the
server from executing the `mlock` syscall to prevent memory from being
swapped to disk. This is not recommended.
swapped to disk. This is not recommended in production (see below).
* `statsite_addr` (optional) - An address to a [Statsite](https://github.com/armon/statsite)
instances for metrics. This is highly recommended for production usage.
@ -47,6 +47,16 @@ to specify where the configuration is.
* `statsd_addr` (optional) - This is the same as `statsite_addr` but
for StatsD.
In production, you should only consider setting the `disable_mlock` option
on Linux systems that only use encrypted swap or do not use swap at all.
Vault does not currently support memory locking on Mac OS X and Windows
and so the feature is automatically disabled on those platforms. To give
the Vault executable access to the `mlock` syscall on Linux systems:
```shell
sudo setcap cap_ipc_lock=+ep $(readlink -f $(which vault))
```
## Backend Reference
For the `backend` section, the supported backends are shown below.

18
website/source/intro/getting-started/deploy.html.md
View file

@ -79,6 +79,24 @@ You'll notice that you can't execute any commands. We don't have any
auth information! When you first setup a Vault server, you have to start
by _initializing_ it.
On Linux, Vault may fail to start with the following error:
```shell
$ vault server -config=example.hcl
Error initializing core: Failed to lock memory: cannot allocate memory
This usually means that the mlock syscall is not available.
Vault uses mlock to prevent memory from being swapped to
disk. This requires root privileges as well as a machine
that supports mlock. Please enable mlock on your system or
disable Vault from using it. To disable Vault from using it,
set the `disable_mlock` configuration option in your configuration
file.
```
For guidance on dealing with this issue, see the discussion of
`disable_mlock` in [Server Configuration](/docs/config/index.html).
## Initializing the Vault
Initialization is the process of first configuring the Vault. This