Closed madmod closed 6 years ago
In an attempt to get this merged, I began testing these changes and got pretty far down the rabbit hole of GCP Load Balancing. Unfortunately, I wasn't able to get this to work. Here are the specific issues I ran into:
The current HEAD
of this branch attempts to use a google_compute_backend_service
with a Network Load Balancer, but as google_compute_https_health_check
docs make clear, this type of health check is not supported for the Network Load Balancer.
I then attempted to switch to a TCP Proxy Load Balancer and I was able to deploy this successfully, but when I attempted to curl
Vault via the Load Balancer from my local MacBook, I would receive the following error:
curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to vault.service.consul:443
I believe the issue is that the TCP Proxy Load Balancer is attempting to terminate my TCP connection and then re-establish a new one with the backend, which breaks the TLS protocol. I then attempted to use a non-terminating TCP Load Balancer, and well, that brings me back to the Network Load Balancer.
It's possible there's a configuration here that will in fact allow us to specify a HTTPS Health Check without all the hacky workarounds, but I'm not aware of it today. Therefore, I'm going to close this PR but would invite anyone to revive this if there's another path forward.
This PR fixes issue #9 by implementing a Google Load Balancer HTTPS health check. Because this requires removal of the concept of a web proxy from the modules It contains several breaking changes, listed below. I think these breaking changes are justified by the significant increase in complexity required to continue supporting the old pattern, and the improved security posture from removing the dependency. Because the public interfaces to the modules are backwards incompatible I recommend that any release of this PR be a major release. (Eg. v1.0.0)
/v1/sys/health?standbyok=true
as recommended by the README. This behavior is not consistent with the previous behavior of the nginx implementation in that the health check will fail if Vault is not initialized or if it is not unsealed. I need some input here on what the correct default behavior is.Anyone using these modules in production should be locked to the earlier versions as is explained in the README so these changes are reasonably safe IMO.
This PR also fixes several typos and other minor issues, including using HTTPS for module sources instead of SSH. This allows use of the modules in an environment which does not have GitHub SSH credentials in place.
I am currently unable to test this myself (Though I have validated all of it.) so it would be great if someone could take on that task. In particular it is necessary to test what impact this PR has on the examples when a previous version of the stack is already deployed. (Does it destroy any resources unnecessarily?)