Relevant branch: https://github.com/hashicorp/memberlist/compare/f-encrypt
The security model used by Serf is designed to provide confidentiality, integrity and authentication. Below is the threat model considered for the design of the model. The security model is built on around a symmetric key, or shared secret system. All members of the Serf cluster must be provided the shared secret ahead of time. This places the burden of key distribution on the user.
| package main | |
| import ( | |
| "github.com/miekg/dns" | |
| "log" | |
| "net" | |
| "time" | |
| ) | |
| const ( |
| func readPath(name string) { | |
| p := GetPolicy(name) | |
| DoSomething(p) | |
| } | |
| func writePath(name string) { | |
| p := GetPolicy(name) | |
| LockManager.Lock(name, func() { | |
| DoSomethign(p) |
| Sent 5/1/2014 | |
| Hey Igor, | |
| Glad you did a write up! I’m one of the authors of Consul. You mention we get some | |
| things wrong about SmartStack, but we would love to get that corrected. The website | |
| is generated from this file: | |
| https://github.com/hashicorp/consul/blob/master/website/source/intro/vs/smartstack.html.markdown |
| package main | |
| import "code.google.com/p/go.crypto/scrypt" | |
| import "fmt" | |
| import "time" | |
| func main() { | |
| n_vals := []int{4 * 1024, 8 * 1024, 16 * 1024, 32 * 1024} | |
| r_vals := []int{6, 7, 8, 9, 10} | |
| p_vals := []int{1, 2, 3, 4} |
Simplest way to do this with Consul is to run a single "global" datacenter.
This means the timing for the LAN gossip need to be tuned to be WAN appropriate.
In consul/config.go (https://github.com/hashicorp/consul/blob/master/consul/config.go#L267)
Do something like:
// Make the 'LAN' more forgiving for latency spikes
conf.SerfLANConfig.MemberlistConfig = memberlist.DefaultWANConfig()
Then we need to tune the Raft layer to be extremely forgiving.
| #!/bin/bash | |
| # Store the live members | |
| consul members | grep alive | awk '{ print $1 }' > /tmp/alive.txt | |
| # Clean-up the collectd metrics | |
| cd /data/graphite/whisper/collectd | |
| ls | awk '{print substr($1, 0, index($1, "_node_")) }' > /tmp/monitored.txt | |
| for NODE in `cat /tmp/monitored.txt`; do if grep -q $NODE /tmp/alive.txt; then echo $NODE alive; else echo $NODE dead; sudo rm -Rf ${NODE}_node_*; fi; done |
| armon:~/projects/consul-demo-tf/tf (master) $ TF_LOG=1 terraform plan | |
| 2014/10/15 19:51:31 Detected home directory from env var: /Users/armon | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: aws = /Users/armon/projects/go/bin/terraform-provider-aws | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: cloudflare = /Users/armon/projects/go/bin/terraform-provider-cloudflare | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: consul = /Users/armon/projects/go/bin/terraform-provider-consul | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: digitalocean = /Users/armon/projects/go/bin/terraform-provider-digitalocean | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: dnsimple = /Users/armon/projects/go/bin/terraform-provider-dnsimple | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: google = /Users/armon/projects/go/bin/terraform-provider-google | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: heroku = /Users/armon/projects/go/bin/terraform-provider-heroku | |
| 2014/10/15 19:51:31 [DEBUG] Discoverd plugin: mailgun = /Users/armon/projects/go/bin/terraform- |
As Kyle brought up, Consul at the moment has a single known case of a potential inconsistency (Could be unknown cases lurking). Currently Consul works by electing a leader, who "leases" the position for LeaderLeaseTimeout interval. At each interval, it checks that a quorum of nodes still believes it to be the leader. At the same time, if a follower does not hear from the leader within randomInterva(HeartbeatTimeout, 2 * HeartbeatTimeout), it will start a new election.