@@ -13,9 +13,6 @@ description: |-
1313
1414# Raft Storage Backend
1515
16- ~ > ** NOTE:** Vault's Integrated Storage is currently a ** _ Beta_ **
17- feature and not recommended for deployment in production.
18-
1916The Raft storage backend is used to persist Vault's data. Unlike other storage
2017backends, Raft storage does not operate from a single source of data. Instead
2118all the nodes in a Vault cluster will have a replicated copy of Vault's data.
@@ -39,9 +36,11 @@ cluster_addr = "http://127.0.0.1:8201"
3936` cluster_addr ` to indicate the address and port to be used for communication
4037between the nodes in the Raft cluster.
4138
39+ ~ > ** Note:** When using the Raft storage backend, a separate ` ha_storage `
40+ backend cannot be declared.
41+
4242~ > ** Note:** Raft cannot be used as the configured ` ha_storage ` backend at this
43- time. To use Raft for HA coordination users must also use Raft for storage and
44- set ` ha_enabled = true ` .
43+ time. To use Raft for HA coordination users must also use Raft for storage.
4544
4645## ` raft ` Parameters
4746
@@ -52,4 +51,83 @@ set `ha_enabled = true`.
5251- ` node_id ` ` (string: "") ` - The identifier for the node in the Raft cluster.
5352 This value can be overridden by setting the ` VAULT_RAFT_NODE_ID ` environment variable.
5453
54+ - ` performance_multiplier ` ` (integer: 0) ` - An integer multiplier used by
55+ servers to scale key Raft timing parameters. Tuning this affects the time it
56+ takes Vault to detect leader failures and to perform leader elections, at the
57+ expense of requiring more network and CPU resources for better performance.
58+ Omitting this value or setting it to 0 uses default timing described below.
59+ Lower values are used to tighten timing and increase sensitivity while higher
60+ values relax timings and reduce sensitivity.
61+
62+ By default, Vault will use a lower-performance timing that's suitable for
63+ minimal Vault servers, currently equivalent to setting this to a value of 5
64+ (this default may be changed in future versions of Vault, depending if the
65+ target minimum server profile changes). Setting this to a value of 1 will
66+ configure Raft to its highest-performance mode and is recommended for
67+ production Vault servers. The maximum allowed value is 10.
68+
69+ - ` trailing_logs ` ` (integer: 10000) ` - This controls how many log entries are
70+ left in the log store on disk after a snapshot is made. This should only be
71+ adjusted when followers cannot catch up to the leader due to a very large
72+ snapshot size and high write throughput causing log truncation before a
73+ snapshot can be fully installed. If you need to use this to recover a cluster,
74+ consider reducing write throughput or the amount of data stored on Vault. The
75+ default value is 10000 which is suitable for all normal workloads.
76+
77+ - ` snapshot_threshold ` ` (integer: 8192) ` - This controls the minimum number of raft
78+ commit entries between snapshots that are saved to disk. This is a low-level
79+ parameter that should rarely need to be changed. Very busy clusters
80+ experiencing excessive disk IO may increase this value to reduce disk IO and
81+ minimize the chances of all servers taking snapshots at the same time.
82+ Increasing this trades off disk IO for disk space since the log will grow much
83+ larger and the space in the raft.db file can't be reclaimed till the next
84+ snapshot. Servers may take longer to recover from crashes or failover if this
85+ is increased significantly as more logs will need to be replayed.
86+
87+ - ` retry_join ` ` (list: []) ` - There can be one or more ` retry_join ` stanzas.
88+ When the raft cluster is getting bootstrapped, if the connection details of all
89+ the nodes are known beforehand, then specifying this config stanzas enables the
90+ nodes to automatically join a raft cluster. All the nodes would mention all
91+ other nodes that they could join using this config. When one of the nodes is
92+ initialized, it becomes the leader and all the other nodes will join the
93+ leader node to form the cluster. When using Shamir seal, the joined nodes will
94+ still need to be unsealed manually. See the section below that describes the
95+ parameters accepted by the ` retry_join ` stanza.
96+
97+ ### ` retry_join ` stanza
98+
99+ - ` leader_api_addr ` ` (string: "") ` - Address of a possible leader node
100+
101+ - ` leader_ca_cert ` ` (string: "") ` - CA cert of the possible leader node
102+
103+ - ` leader_client_cert ` ` (string: "") ` - Client certificate for the follower node to establish client authentication with the possible leader node
104+
105+ - ` leader_client_key ` ` (string: "") ` - Client key for the follower node to establish client authentication with the possible leader node
106+
107+ Example Configuration:
108+ ```
109+ storage "raft" {
110+ path = "/Users/foo/raft/"
111+ node_id = "node1"
112+ retry_join {
113+ leader_api_addr = "http://127.0.0.2:8200"
114+ leader_ca_cert = "/path/to/ca1"
115+ leader_client_cert = "/path/to/client/cert1"
116+ leader_client_key = "/path/to/client/key1"
117+ }
118+ retry_join {
119+ leader_api_addr = "http://127.0.0.3:8200"
120+ leader_ca_cert = "/path/to/ca2"
121+ leader_client_cert = "/path/to/client/cert2"
122+ leader_client_key = "/path/to/client/key2"
123+ }
124+ retry_join {
125+ leader_api_addr = "http://127.0.0.4:8200"
126+ leader_ca_cert = "/path/to/ca3"
127+ leader_client_cert = "/path/to/client/cert3"
128+ leader_client_key = "/path/to/client/key3"
129+ }
130+ }
131+ ```
132+
55133[ raft ] : https://raft.github.io/ ' The Raft Consensus Algorithm '
0 commit comments