Introduction
Raft is the consensus algorithm that Consul uses. Raft was designed to be a simpler alternative to Paxos by having a more understandable algorithm with less states.
The Raft directory will located at the path set using the variable data_dir that you set in your Consul configuration. As an example `data_dir = "/opt/consul/data.d"` will result in a Raft directory at the following path /opt/consul/data.d/raft
Raft Breakdown
├── peers.info
├── raft.db
└── snapshots
├── 2-147479-1671020089224
│ ├── meta.json
│ └── state.bin
└── 2-163864-1671153791755
├── meta.json
└── state.bin
Peers Files
There are 2 peers files that you might see in the Raft directory and the extension can be either json or info. The extension for the file is an indicator used to identify the files contents.
- peers.json
- peers.info
Info
The "peers.info" file contains information about creating a peers json file which can be used for recovery in the event of a cluster outage.
JSON
As of Consul 0.7.0, the peers.json file is only used for recovery
after an outage. The format of this file depends on what the server has
configured for its Raft protocol version. Please see the agent configuration for more
details about the Raft protocol versioning.
Raft DB File
The raft.db file is the most important file in the directory and contains all pertinent information about the cluster. Upon inspecting the file you might notice that there are instances of plaintext information inside it, this is due to the threat model for Consul.
-
Access (read or write) to the Consul data directory - All Consul servers, including non-leaders, persist the full set of Consul state to this directory. The data includes all KV, service registrations, ACL tokens, Connect CA configuration, and more. Any read or write to this directory allows an attacker to access and tamper with that data.