diff --git a/command/server.go b/command/server.go index 5e154dd6785c..7d4dd19ea3fb 100644 --- a/command/server.go +++ b/command/server.go @@ -1152,7 +1152,7 @@ func (c *ServerCommand) Run(args []string) int { // TODO: Remove when Raft can server as the ha_storage backend. // See https://github.com/hashicorp/vault/issues/8206 if config.HAStorage.Type == "raft" { - c.UI.Error("Raft cannot be used as seperate HA storage at this time") + c.UI.Error("Raft cannot be used as separate HA storage at this time") return 1 } factory, exists := c.PhysicalBackends[config.HAStorage.Type] @@ -1180,6 +1180,9 @@ func (c *ServerCommand) Run(args []string) int { } coreConfig.RedirectAddr = config.HAStorage.RedirectAddr + + // TODO: Check for raft and disableClustering case when Raft on HA + // Storage support is added. disableClustering = config.HAStorage.DisableClustering if !disableClustering { coreConfig.ClusterAddr = config.HAStorage.ClusterAddr @@ -1188,6 +1191,12 @@ func (c *ServerCommand) Run(args []string) int { if coreConfig.HAPhysical, ok = backend.(physical.HABackend); ok { coreConfig.RedirectAddr = config.Storage.RedirectAddr disableClustering = config.Storage.DisableClustering + + if config.Storage.Type == "raft" && disableClustering { + c.UI.Error("Disable clustering cannot be set to true when Raft is the storage type") + return 1 + } + if !disableClustering { coreConfig.ClusterAddr = config.Storage.ClusterAddr } diff --git a/physical/raft/raft.go b/physical/raft/raft.go index 6e35b3f96293..0a14b184422d 100644 --- a/physical/raft/raft.go +++ b/physical/raft/raft.go @@ -491,15 +491,29 @@ func (b *RaftBackend) SetupCluster(ctx context.Context, opts SetupOpts) error { return err } + listenerIsNil := func(cl cluster.ClusterHook) bool { + switch { + case opts.ClusterListener == nil: + return true + default: + // Concrete type checks + switch cl.(type) { + case *cluster.Listener: + return cl.(*cluster.Listener) == nil + } + } + return false + } + switch { - case opts.TLSKeyring == nil && opts.ClusterListener == nil: + case opts.TLSKeyring == nil && listenerIsNil(opts.ClusterListener): // If we don't have a provided network we use an in-memory one. // This allows us to bootstrap a node without bringing up a cluster // network. This will be true during bootstrap, tests and dev modes. _, b.raftTransport = raft.NewInmemTransportWithTimeout(raft.ServerAddress(b.localID), time.Second) case opts.TLSKeyring == nil: return errors.New("no keyring provided") - case opts.ClusterListener == nil: + case listenerIsNil(opts.ClusterListener): return errors.New("no cluster listener provided") default: // Set the local address and localID in the streaming layer and the raft config. diff --git a/vault/cluster.go b/vault/cluster.go index e9bc2bb10eda..c674dda80b07 100644 --- a/vault/cluster.go +++ b/vault/cluster.go @@ -344,8 +344,7 @@ func (c *Core) stopClusterListener() { c.logger.Info("stopping cluster listeners") clusterListener.Stop() - var nilCL *cluster.Listener - c.clusterListener.Store(nilCL) + c.clusterListener.Store((*cluster.Listener)(nil)) c.logger.Info("cluster listeners successfully shut down") } diff --git a/website/pages/docs/configuration/index.mdx b/website/pages/docs/configuration/index.mdx index bd04b37e9a3d..58efb8fa6b01 100644 --- a/website/pages/docs/configuration/index.mdx +++ b/website/pages/docs/configuration/index.mdx @@ -157,7 +157,8 @@ The following parameters are used on backends that support [high availability][h - `disable_clustering` `(bool: false)` – Specifies whether clustering features such as request forwarding are enabled. Setting this to true on one Vault node - will disable these features _only when that node is the active node_. + will disable these features _only when that node is the active node_. This + parameter cannot be set to `true` if `raft` is the storage type. ### Vault Enterprise Parameters