I am testing migration of vault backend from consul to raft. When I run the migration, I get this error:
$ vault operator migrate -config=migrate.hcl
2020-07-21T18:45:41.821Z [WARN] appending trailing forward slash to path
2020-07-21T18:45:41.831Z [INFO] initial configuration: index=1 servers="[{Suffrage:Voter ID:dev-vault-ip-192-168-10.10.us-west-2.compute.internal Address:192.168.10.10:8201}]"
2020-07-21T18:45:41.832Z [INFO] entering leader state: leader=“Node at dev-vault-ip-192-168-10.10.us-west-2.compute.internal [Leader]”
Error migrating: error checking migration status: Unexpected response code: 403
I cant find much information online. Can anyone please here? Thanks!
You might share your migrate.hcl file…
storage_source “consul” {
address = “127.0.0.1:8500”
path = “vault”
}
storage_destination “raft” {
path = “/mnt/apps/raft/data”
node_id = “dev-vault-ip-192-168-10.10.us-west-2.compute.internal”
}
cluster_addr = “https://192.168.10.10:8201”
Hello,
When doing migration in Vault, for example in your case from Consul to Raft, both storage backends need to be available for Vault.
Can you verify that Vault has access to Consul? In most of the cases that I have seen when Consul is used as storage, it requires ACL token for vault/ path in Consul’s KV store and TLS options in order to work, so the first thing I would do in your case would be to verify the connection to Consul from Vault side. Can you share your working config for Vault (with Consul) before attempting the migration?
I would also verify the existence and the correct permission to /mnt/apps/raft/data folder, the user that Vault is running has needs to have full permissions on that path.
Martin