scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit 305d6d9b67 (#23405)

Browse Source 
Co-authored-by: Hamid Ghaf <83242695+hghaf099@users.noreply.github.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-09-28 18:15:04 -04:00
committed by GitHub
parent a86875e66d
commit 488778f20b
3 changed files with 144 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
website/content/api-docs/system/replication/index.mdx
View File

@@ -183,6 +183,8 @@ performance secondary and DR primary node, it will look something like:
"known_primary_cluster_addrs": ["https://127.0.0.1:8201"],
"last_remote_wal": 291,
"merkle_root": "43f40fc775b40cc76cd5d7e289b2e6eaf4ba138c",
"corrupted_merkle_tree": false,
"last_corruption_check_epoch": "1694456090",
"mode": "secondary",
"primaries": [
{
@@ -199,3 +201,72 @@ performance secondary and DR primary node, it will look something like:
}
}
```
## `/sys/replication/merkle-check`
The Merkle check endpoint prints information about the corruption
status of the Merkle tree. The corruption information provides insight
about whether any current replication issues can be resolved by
reindexing the tree. We recommend consulting the Merkle check endpoint
**before** reindexing to ensure the process will be useful as reindexing
can be time-consuming and lead to downtime.
You must provide an authentication token when calling `replication/merkle-check`.
| Method | Path |
| :------ | :------------------------------ |
| `POST` | `/sys/replication/merkle-check` |
### Sample request
```shell-session
$ curl \
http://127.0.0.1:8200/v1/sys/replication/merkle-check
```
### Sample response
The response provides information about the health of the Merkle composite tree.
The `merkle_corruption_report` stanza provides information about merkle tree
corruption. The `corrupted_root` field indicates whether the root of the tree
is corrupted. The `corrupted_tree_map` field identifies any corruption in the
roots of its subtrees, including replicated and local subtrees. In the event of
corruption within a page or subpage of the tree, `corrupted_tree_map` includes
the page number along with a list of corrupted subpage numbers. The status details
indicate the extent of corruption within the merkle tree.
```json
{
"request_id": "d4b2ad1a-6e5f-7f9e-edfe-558eb89a40e6",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"merkle_corruption_report": {
"corrupted_root": false,
"corrupted_tree_map": {
"1": {
"corrupted_index_tuples_map": {
"5": {
"corrupted": false,
"subpages": [
28
]
}
},
"corrupted_subtree_root": false,
"root_hash": "DyGc6rQTV9XgyNSff3zimhi3FJM=",
"tree_type": "replicated"
},
"2": {
"corrupted_index_tuples_map": null,
"corrupted_subtree_root": false,
"root_hash": "EXmRTdfYCZTm5i9wLef9RQqyLCw=",
"tree_type": "local"
}
},
"last_corruption_check_epoch": "2023-09-11T11:25:59.44956-07:00"
}
}
}
```

71
website/content/api-docs/system/replication/replication-dr.mdx
View File

@@ -38,6 +38,8 @@ primary, it will look something like:
"data": {
"cluster_id": "d4095d41-3aee-8791-c421-9bc7f88f7c3e",
"known_secondaries": ["3"],
"corrupted_merkle_tree": false,
"last_corruption_check_epoch": "1694456090",
"last_wal": 241,
"merkle_root": "56794a98e52598f35974024fba6691f047e772e9",
"mode": "primary",
@@ -767,3 +769,72 @@ $ curl \
"warnings": ["..."]
}
```
## `/sys/replication/dr/secondary/merkle-check`
The Merkle check endpoint prints information about the corruption status of the Merkle tree on a DR
secondary cluster. Check [merkle tree corruption](/vault/api-docs/system/replication#check-merkle-tree-corruption) for more details.
Requests to `/sys/replication/dr/secondary/merkle-check` must provide a DR
Operation Token as authorization. See the [DR Operation Token API
docs](#generate-disaster-recovery-operation-token) for more information.
| Method | Path |
| :------ | :------------------------------------------- |
| `POST` | `/sys/replication/dr/secondary/merkle-check` |
### Parameters
- `dr_operation_token` `(string: <required>)` - DR operation token used to authorize the request.
### Sample request
```shell-session
$ curl \
http://127.0.0.1:8200/v1/sys/replication/dr/secondary/merkle-check
```
### Sample response
The response provides information about the health of the Merkle composite tree.
It indicates whether the root of the tree is corrupted and also identifies any
corruption in the roots of its subtrees, including replicated and local subtrees.
In the event of corruption within a page or subpage of the tree, it includes the
page number along with a list of corrupted subpage numbers. The status details
indicate the extent of corruption within the Merkle tree.
```json
{
"request_id": "d4b2ad1a-6e5f-7f9e-edfe-558eb89a40e6",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": {
"merkle_corruption_report": {
"corrupted_root": false,
"corrupted_tree_map": {
"1": {
"corrupted_index_tuples_map": {
"5": {
"corrupted": false,
"subpages": [
28
]
}
},
"corrupted_subtree_root": false,
"root_hash": "DyGc6rQTV9XgyNSff3zimhi3FJM=",
"tree_type": "replicated"
},
"2": {
"corrupted_index_tuples_map": null,
"corrupted_subtree_root": false,
"root_hash": "EXmRTdfYCZTm5i9wLef9RQqyLCw=",
"tree_type": "local"
}
},
"last_corruption_check_epoch": "2023-09-11T11:25:59.44956-07:00"
}
}
}
```

2
website/content/api-docs/system/replication/replication-performance.mdx
View File

@@ -40,6 +40,8 @@ primary, it will look something like:
"known_secondaries": ["2"],
"last_wal": 87,
"merkle_root": "c31e40f6ff02f32c37b70e6a4d58732ac812abf0",
"corrupted_merkle_tree": false,
"last_corruption_check_epoch": "1694456090",
"mode": "primary",
"secondaries": [
{