consul/website/source/docs/commands/lock.html.markdown
Evan Gilman 73d4f5700b
Document consul lock shell execution
Consul lock executes children under a shell, which was previously
undocumented. Document it, and warn against cases where this can cause
children to leak when the lock is lost.

I have made this a dedicated section so it can easily be removed
later when we move to exec

https://github.com/hashicorp/consul/issues/1692
2016-06-03 17:01:05 -07:00

3.9 KiB

layout page_title sidebar_current description
docs Commands: Lock docs-commands-lock The lock command provides a mechanism for leader election, mutual exclusion, or worker pools. For example, this can be used to ensure a maximum number of services running at once across a cluster.

Consul Lock

Command: consul lock

The lock command provides a mechanism for simple distributed locking. A lock (or semaphore) is created at a given prefix in the Key/Value store, and only when held, is a child process invoked. If the lock is lost or communication is disrupted, the child process is terminated.

The number of lock holders is configurable with the -n flag. By default, a single holder is allowed, and a lock is used for mutual exclusion. This uses the leader election algorithm.

If the lock holder count is more than one, then a semaphore is used instead. A semaphore allows more than a single holder, but this is less efficient than a simple lock. This follows the semaphore algorithm.

All locks using the same prefix must agree on the value of -n. If conflicting values of -n are provided, an error will be returned.

An example use case is for highly-available N+1 deployments. In these cases, if N instances of a service are required, N+1 are deployed and use consul lock with -n=N to ensure only N instances are running. For singleton services, a hot standby waits until the current leader fails to take over.

Usage

Usage: consul lock [options] prefix child...

The only required options are the key prefix and the command to execute. The prefix must be writable. The child is invoked only when the lock is held, and the CONSUL_LOCK_HELD environment variable will be set to true.

If the lock is lost, communication is disrupted, or the parent process interrupted, the child process will receive a SIGTERM. After a grace period of 5 seconds, a SIGKILL will be used to force termination. For Consul agents on Windows, the child process is always terminated with a SIGKILL, since Windows has no POSIX compatible notion for SIGTERM.

The list of available flags are:

  • -http-addr - Address to the HTTP server of the agent you want to contact to send this command. If this isn't specified, the command will contact "127.0.0.1:8500" which is the default HTTP address of a Consul agent.

  • -n - Optional, limit of lock holders. Defaults to 1. The underlying implementation switches from a lock to a semaphore when increased past one. All locks on the same prefix must use the same value.

  • -name - Optional name to associate with the underlying session. If not provided, one is generated based on the child command.

  • -token - ACL token to use. Defaults to that of agent.

  • -pass-stdin - Pass stdin to child process.

  • -try - Attempt to acquire the lock up to the given timeout. The timeout is a positive decimal number, with unit suffix, such as "500ms". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".

  • -monitor-retry - Retry up to this number of times if Consul returns a 500 error while monitoring the lock. This allows riding out brief periods of unavailability without causing leader elections, but increases the amount of time required to detect a lost lock in some cases. Defaults to 3, with a 1s wait between retries. Set to 0 to disable.

  • -verbose - Enables verbose output.

SHELL

Consul lock launches its children in a shell. By default, Consul will use the shell defined in the environment variable SHELL. If SHELL is not defined, it will default to /bin/sh. It should be noted that not all shells terminate child processes when they receive SIGTERM. Under Ubuntu, /bin/sh is linked to dash, which does not terminate its children. In order to ensure that child processes are killed when the lock is lost, be sure to set the SHELL environment variable appropriately.