mirror of https://github.com/status-im/consul.git
connect/ca: more OSS split for multi-dc
This commit is contained in:
parent
0da4f2b2e8
commit
e4349c5710
|
@ -120,7 +120,10 @@ func (s *ConnectCA) ConfigurationSet(
|
|||
return err
|
||||
}
|
||||
|
||||
if root != nil && root.ID == newActiveRoot.ID {
|
||||
// If the root didn't change or if this is a secondary DC, just update the
|
||||
// config and return.
|
||||
if (s.srv.config.Datacenter != s.srv.config.PrimaryDatacenter) ||
|
||||
root != nil && root.ID == newActiveRoot.ID {
|
||||
args.Op = structs.CAOpSetConfig
|
||||
resp, err := s.srv.raftApply(structs.ConnectCARequestType, args)
|
||||
if err != nil {
|
||||
|
|
|
@ -227,6 +227,8 @@ func (s *Server) establishLeadership() error {
|
|||
return err
|
||||
}
|
||||
|
||||
s.startEnterpriseLeader()
|
||||
|
||||
s.startCARootPruning()
|
||||
|
||||
s.setConsistentReadReady()
|
||||
|
@ -245,6 +247,8 @@ func (s *Server) revokeLeadership() error {
|
|||
return err
|
||||
}
|
||||
|
||||
s.stopEnterpriseLeader()
|
||||
|
||||
s.stopCARootPruning()
|
||||
|
||||
s.setCAProvider(nil, nil)
|
||||
|
|
|
@ -23,3 +23,7 @@ func (s *Server) initializeCA() error {
|
|||
|
||||
return s.initializeRootCA(provider, conf)
|
||||
}
|
||||
|
||||
// Stub methods, only present in Consul Enterprise.
|
||||
func (s *Server) startEnterpriseLeader() {}
|
||||
func (s *Server) stopEnterpriseLeader() {}
|
||||
|
|
|
@ -274,6 +274,15 @@ func NewServerLogger(config *Config, logger *log.Logger, tokens *token.Store) (*
|
|||
config.UseTLS = true
|
||||
}
|
||||
|
||||
// Set the primary DC if it wasn't set.
|
||||
if config.PrimaryDatacenter == "" {
|
||||
if config.ACLDatacenter != "" {
|
||||
config.PrimaryDatacenter = config.ACLDatacenter
|
||||
} else {
|
||||
config.PrimaryDatacenter = config.Datacenter
|
||||
}
|
||||
}
|
||||
|
||||
// Create the TLS wrapper for outgoing connections.
|
||||
tlsConf := config.tlsConfig()
|
||||
tlsWrap, err := tlsConf.OutgoingTLSWrapper()
|
||||
|
|
|
@ -498,7 +498,7 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
|
|||
#### Configuration Key Reference
|
||||
|
||||
* <a name="acl_datacenter"></a><a href="#acl_datacenter">`acl_datacenter`</a> - **This field is
|
||||
deprecated in Consul 1.3.0. See the [`primary_datacenter`](#primary_datacenter) field instead.**
|
||||
deprecated in Consul 1.4.0. See the [`primary_datacenter`](#primary_datacenter) field instead.**
|
||||
|
||||
This designates the datacenter which is authoritative for ACL information. It must be provided to enable ACLs. All servers and datacenters must agree on the ACL datacenter. Setting it on the servers is all you need for cluster-level enforcement, but for the APIs to forward properly from the clients,
|
||||
it must be set on them too. In Consul 0.8 and later, this also enables agent-level enforcement
|
||||
|
|
Loading…
Reference in New Issue