Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification for local mounts in the context of DR #16218

Merged
merged 3 commits into from
Jul 12, 2022
Merged

Clarification for local mounts in the context of DR #16218

merged 3 commits into from
Jul 12, 2022

Conversation

lucymhdavies
Copy link
Contributor

@lucymhdavies lucymhdavies commented Jul 1, 2022
edited
Loading

The docs were unclear on this point, so @russparsloe and I looked into it.

Local mounts are indeed replicated to DR secondaries.

This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery

Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating

The following were all configured on a DR primary, then replicated over to a DR secondary. That DR secondary was then promoted to a primary.

$ vault audit list -detailed
Path     Type    Description    Replication    Options
----     ----    -----------    -----------    -------
file/    file    n/a            local          file_path=stdout

$ vault secrets list -detailed
Path                  Plugin       Accessor              Default TTL    Max TTL    Force No Cache    Replication    Seal Wrap    External Entropy Access    Options           Description                                                UUID
----                  ------       --------              -----------    -------    --------------    -----------    ---------    -----------------------    -------           -----------                                                ----
kv2_on_dr_primary/    kv           kv_9847c57c           system         system     false             local          false        false                      map[version:2]    n/a                                                        732afa5e-993a-4e38-aac1-91e37bd59489

$ vault auth list -detailed
Path                       Plugin      Accessor                  Default TTL    Max TTL    Token Type         Replication    Seal Wrap    External Entropy Access    Options    Description                UUID
----                       ------      --------                  -----------    -------    ----------         -----------    ---------    -----------------------    -------    -----------                ----
userpass_on_dr_primary/    userpass    auth_userpass_3a9fe18b    system         system     default-service    local          false        false                      map[]      n/a                        dd328f8f-0b87-c730-d45d-193614835acb

@lucymhdavies
Clarification for local mounts in the context of DR
94e41a6 
The docs were unclear on this point, so @russparsloe and I looked into it.

Local mounts are indeed replicated to DR secondaries.

This is the opposite of what it says on https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication#disaster-recovery 
> Local backend mounts are not replicated and their use will require existing DR mechanisms if DR is necessary in your implementation.
So that page will also need updating
@taoism4504 taoism4504 merged commit ab1c833 into main Jul 12, 2022
Merged
@mladlow
Copy link
Contributor

mladlow commented Aug 1, 2022

@lucymhdavies thank you for the PR! If you make more docs changes in the future, they don't need changelog entries. You can use the "pr/no-changelog" label to make the build check pass.

@lucymhdavies
Copy link
Contributor Author

Aha! Good to know, thanks. I'll keep that in mind for my next doc update :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taoism4504 taoism4504 taoism4504 approved these changes

Assignees
No one assigned
Labels
pr/no-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lucymhdavies @mladlow @taoism4504