Command to force a leader election #494
Comments
|
I have a consul-backed vault cluster where all three vaults are in standby, reporting a leader IP that left the cluster some time ago. :-( |
|
This was fixed in 0.5.2 (via #1146) with the |
|
Ah, nice one. Will upgrade. Thanks! |
|
@sheldonh To be clear, I have no idea if your problem is fixed. My comment and closing are because the original request was fixed. But, upgrading can't hurt. If you still have an issue, open a new ticket. |
|
i'm using vault HA version: 0.6.4 and still have same problem, vault standby nodes reporting a leader IP that left the cluster some time ago, |
|
I had this same issue. Turns out the audit log was not writable by the newly spun up vault server. Changing ownership of the audit log back to the proper user allowed the servers to elect a new leader. Hope this helps. |
|
I just spent hours and hours debugging Vault and found that @VVMichaelSawyer 's hint here solved my issue. I've been cobbling together a vault instance from a backup and had configured an audit-log-directory prior to the backup's creation, that did not exist on the restore instance. Even with Vault debugging enabled, the stdout/stderr log contained zero information about leader election issues nor the related missing directory problem. Vault 1.1.3 |
|
I keep coming back to this thread when trying to fix election issues so figured I'd add this link: if you have lost quorum and need to force another vault pod to become leader, hashicorp has docs on how to do that: https://developer.hashicorp.com/vault/tutorials/raft/raft-lost-quorum |
Found myself in a situation where I needed to change the leader of a vault cluster. I did this by sealing the existing leader. It would be preferable to have a way to do force an election without sealing the leader since unsealing may require multiple people to enter key shares.
Ideally the existing leader would not be eligible.
The text was updated successfully, but these errors were encountered: