Lucretius
commented
3 years ago Hi @Kyrklund
My team swapped to using a Consul backend shortly after I had finished writing this so we don't actually run this in production. I think if we wanted to use isSelf as you pointed out we would need to call local Vault instance (and skip any TLS verification) of the individual nodes for the leader check, as invoking the Vault API address just calls into the HA cluster itself - which always returns isSelf of true.
I can't remember any reason why I did not opt for this approach, and assuming the existing behavior still works I don't have any problem changing it if it can help make the project usable for your team. Not sure when I would get to it, but if you have any interest in making a PR and testing out your changes, I would be happy to review and merge it in.
Kyrklund
Hello and thanks for creating this project.
We tried using the agent in our setup, but could not get it to create snapshots even though the agent was on the leader node. After some digging I found out how you determine if the agent is running on the leader node by checking against 8.8.8.8 with the function getInstanceIP() The issue we faced is that we don't use IPs to reference our nodes, but instead use DNS registered names (for TLS to work)
My question is: Is there is a reason you get node IP and compare it to LeaderClusterAddress rather than just checking the IsSelf value. This of course assumes you query the nodes local api_addr.
Thanks again // Jonathan