Merge pull request #288 from dippynark/fix-vault-tunnel-creation

Improve vault tunnel creation

Author: simonswine

pkg/tarmak/ssh/tunnel.go

@@ -47,7 +47,7 @@ func (t *Tunnel) Start() error {
 	var err error
 
 	// ensure there is connectivity to the bastion
-	args := append(t.sshCommand, "-N", "bastion", "/bin/true")
+	args := append(t.sshCommand, "bastion", "/bin/true")
 	cmd := exec.Command(args[0], args[1:len(args)]...)
 
 	t.log.Debugf("check SSH connection to bastion cmd=%s", cmd.Args)

pkg/tarmak/vault/vault.go

@@ -24,6 +24,7 @@ const (
 	VaultStateUnsealed
 	VaultStateUnintialised
 	VaultStateErr
+	vaultTunnelCreationTimeoutSeconds = 100
 )
 
 const (
@@ -107,22 +108,27 @@ func (v *Vault) TunnelFromFQDNs(vaultInternalFQDNs []string, vaultCA string) (in
 				return
 			}
 
-			if health.Standby == false && health.Sealed == false {
+			if health.Standby == false && health.Sealed == false && health.Initialized == true {
 				activeNode <- pos
-
 			}
 
 		}(pos)
 	}
 
-	activePos := <-activeNode
+	var activePos int
+	select {
+	case activePos = <-activeNode:
+		v.log.Debug("active channel position recieved")
+	case <-time.After(vaultTunnelCreationTimeoutSeconds * time.Second):
+		return nil, fmt.Errorf("failed to retrieve active channel position")
+	}
 
 	go func(activePos int) {
 
 		// wait for all tunnel attempts
 		wg.Wait()
 
-		// stop tunnels
+		// stop non-active tunnels
 		for pos, _ := range tunnels {
 			if pos == activePos {
 				continue