Enable request forwarding so standby nodes can be healthy in the ELB,…

… thus eliminating downtime when leader election occurs. (#46)
Nike-Inc · May 31, 2017 · a780ce1 · a780ce1
1 parent 9effc2e
commit a780ce1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/smaas-cf/smaas/vault-cluster.py b/smaas-cf/smaas/vault-cluster.py
@@ -203,7 +203,7 @@
     HealthCheck=HealthCheck(
             HealthyThreshold=2,
             Interval=5,
-            Target="HTTPS:8200/v1/sys/health",
+            Target="HTTPS:8200/v1/sys/health?standbyok",
             Timeout=2,
             UnhealthyThreshold=2
     ),

diff --git a/smaas-cf/smaas/vpc-and-base.py b/smaas-cf/smaas/vpc-and-base.py
@@ -407,6 +407,17 @@
     ToPort=8200
 ))
 
+# Allow Vault server instances to talk to other Vault server instances on 8201
+# Vault does internal communication by default on the port above the normal listening port, in this case 8201
+template.add_resource(SecurityGroupIngress(
+    "VaultServerIngress8201",
+    GroupId=Ref(vault_server_sg),
+    SourceSecurityGroupId=Ref(vault_client_sg),
+    FromPort=8201,
+    IpProtocol="tcp",
+    ToPort=8201
+))
+
 # Allow Vault server instances to talk to other Vault server instances on 8200
 template.add_resource(SecurityGroupIngress(
     "VaultServerIngress8200",