diff --git a/changelog/15493.txt b/changelog/15493.txt new file mode 100644 index 0000000000..dfa11f444a --- /dev/null +++ b/changelog/15493.txt @@ -0,0 +1,3 @@ +```release-note:bug +storage/raft: Forward autopilot state requests on perf standbys to active node. +``` \ No newline at end of file diff --git a/go.mod b/go.mod index 0b07a6abba..97d97a38a6 100644 --- a/go.mod +++ b/go.mod @@ -54,6 +54,7 @@ require ( github.com/google/go-cmp v0.5.6 github.com/google/go-github v17.0.0+incompatible github.com/google/go-metrics-stackdriver v0.2.0 + github.com/google/tink/go v1.4.0 github.com/hashicorp/cap v0.1.1 github.com/hashicorp/consul-template v0.29.0 github.com/hashicorp/consul/api v1.12.0 @@ -274,7 +275,6 @@ require ( github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/tink/go v1.4.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/googleapis/gax-go/v2 v2.0.5 // indirect github.com/googleapis/gnostic v0.5.5 // indirect diff --git a/go.sum b/go.sum index f18b059d83..65520c2bc3 100644 --- a/go.sum +++ b/go.sum @@ -885,7 +885,6 @@ github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmk github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.2/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.4/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 h1:MBgwAFPUbfuI0+tmDU/aeM1MARvdbqWmiieXIalKqDE= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsjaA9x3GyjdI568bXKxa60= diff --git a/physical/raft/raft_autopilot.go b/physical/raft/raft_autopilot.go index 28c8f3fa51..0cff7aa020 100644 --- a/physical/raft/raft_autopilot.go +++ b/physical/raft/raft_autopilot.go @@ -499,6 +499,7 @@ func (b *RaftBackend) StopAutopilot() { return } b.autopilot.Stop() + b.autopilot = nil b.followerHeartbeatTicker.Stop() } diff --git a/vault/ha.go b/vault/ha.go index 12f9d6d745..96cb464447 100644 --- a/vault/ha.go +++ b/vault/ha.go @@ -185,6 +185,15 @@ func (c *Core) Leader() (isLeader bool, leaderAddr, clusterAddr string, err erro oldAdv = true } + // At the top of this function we return early when we're the active node. + // If we're not the active node, and there's a stale advertisement pointing + // to ourself, there's no point in paying any attention to it. And by + // disregarding it, we can avoid a panic in raft tests using the Inmem network + // layer when we try to connect back to ourself. + if adv.ClusterAddr == c.ClusterAddr() && adv.RedirectAddr == c.redirectAddr { + return false, "", "", nil + } + if !oldAdv { c.logger.Debug("parsing information for new active node", "active_cluster_addr", adv.ClusterAddr, "active_redirect_addr", adv.RedirectAddr) diff --git a/vault/logical_system_raft.go b/vault/logical_system_raft.go index 667d9d6480..08d1a0d596 100644 --- a/vault/logical_system_raft.go +++ b/vault/logical_system_raft.go @@ -152,8 +152,9 @@ func (b *SystemBackend) raftStoragePaths() []*framework.Path { Pattern: "storage/raft/autopilot/state", Operations: map[logical.Operation]framework.OperationHandler{ logical.ReadOperation: &framework.PathOperation{ - Callback: b.verifyDROperationTokenOnSecondary(b.handleStorageRaftAutopilotState(), false), - Summary: "Returns the state of the raft cluster under integrated storage as seen by autopilot.", + Callback: b.verifyDROperationTokenOnSecondary(b.handleStorageRaftAutopilotState(), false), + Summary: "Returns the state of the raft cluster under integrated storage as seen by autopilot.", + ForwardPerformanceStandby: true, }, },