Add SRV record functionality for client side host/port discovery of Vault #3035
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nrhall-deshaw
changed the title
jefferai
approved these changes
Aug 2, 2017
|
Thanks! |
|
Thanks very much! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is to add SRV functionality to the client API to support port discovery for the HTTP service.
e.g. with a SRV record like:
_http._tcp.vault.mydomain.com. IN SRV 10 1 8200 vaulthost1.primarydc.mydomain.com.
...and the patch, the client can just connect to 'vault.mydomain.com' without needing to specify the port, avoiding the need to hard-code hosts/ports in client-side configs and allowing administrative flexibility with respect to moving services around in a business continuity or less major incident - for example, the record could be changed to:
_http._tcp.vault.mydomain.com. IN SRV 10 1 8200 vaulthost1.secondarydc.mydomain.com.
New clients/requests will now hit the new location for the service.
The patch does not attempt to handle retries, reconnect, etc - although it could be further developed.