As title, we are trying to use Vault in multiple data center setup, what does Consul back end storage provide in comparison with Raft replication setup?
Consul as a storage backend has been around for a long time; Raft is the newer variant, so as not to be dependent on an additional Consul cluster.
One of the advantages of Raft is that you need fewer resources and you may have one point-of-failure less.
Otherwise it is up to you what you would like to use, whereby Consul has been in production for a longer time.
Thanks. Does Raft have any implementation toward multiple data center setup like Consul?
Found an official comparison.
Don’t know if “zones” matches your datacenters:
ha! I also have this question, does “Zone” meaning different data centers?
Any downside using HTTPS on integrated storage?
Does it mean “consul join -wan” wouldn’t work?
I do not fully understand the question. If you took Consul out of the equation because you use raft, why should a Consul agent run and what should he join against?
Sorry if I made you confused, what I mean is: Consul have a special protocol (WAN Gossip) handle WAN membership, does Raft protocol have any special handler for WAN member? From the other document I read, looks like all communication is done via HTTPS only.
As you can see in the table below the image port 8201 is tcp for replication and raft gossip. Raft is using gossip, too.
“WAN Gossip” is just gossip over wan instead of lan. Nothing special.
are you sure? on Consul, WAN and LAN gossip have differences,
Consul makes use of two different gossip pools. We refer to each pool as the LAN or WAN pool respectively. Each datacenter Consul operates in has a LAN gossip pool containing all members of the datacenter, both clients and servers. The LAN pool is used for a few purposes. Membership information allows clients to automatically discover servers, reducing the amount of configuration needed. The distributed failure detection allows the work of failure detection to be shared by the entire cluster instead of concentrated on a few servers. Lastly, the gossip pool allows for reliable and fast event broadcasts.
The WAN pool is globally unique, as all servers should participate in the WAN pool regardless of datacenter. Membership information provided by the WAN pool allows servers to perform cross datacenter requests. The integrated failure detection allows Consul to gracefully handle an entire datacenter losing connectivity, or just a single server in a remote datacenter.
No, not sure. But therefore we have our HashiCorp experts.
anyone else could give some comment on this?