Hello,
I am trying to setup a 2 node cluster with raft and it fails.
I assume that there might be an issue with my certificates, as they are self signed or an issue with the configurations. Any help is more than welcome.
My configs are as follows:
Leader:
ui = true
mlock = true
disable_mlock = true
log_level = “Debug”
storage “raft” {
path = “/opt/raft/”
node_id = “raft_node_1”
}
#Cluster address and port
cluster_addr = “https://:8201”
#API address
api_addr = “https://:8200”
#HTTP listener
listener “tcp” {
address = “127.0.0.1:8200”
tls_disable = true
}
HTTPS listener
listener “tcp” {
tls_disable = false
address = “:8200”
tls_cert_file = “/etc/vault.d/certs/.crt”
tls_key_file = “/etc/vault.d/certs/.key”
}
Follower:
ui = true
mlock = true
disable_mlock = true
log_level = “Debug”
storage “raft” {
path = “/opt/raft/”
node_id = “raft_node_2”
retry_join {
leader_api_addr = “https://:8200”
tls_disable_client_certs = true
leader_ca_cert_file = “/etc/vault.d/master_certs/rootCA.crt”
leader_client_cert_file = “/etc/vault.d/master_certs/.crt”
leader_client_key_file = “/etc/vault.d/master_certs/.key”
}
}
#Cluster address and port
cluster_addr = “https:/>:8201”
#API address
api_addr = “https://:8200”
HTTPS listener
listener “tcp” {
tls_disable = false
address = “:8200”
cluster_address = “0.0.0.0:8201”
tls_cert_file = “/etc/vault.d/certs/.crt”
tls_key_file = “/etc/vault.d/certs/.key”
tls_disable_client_certs = true
}
Snipped from master log after unsealing it:
[WARN] storage.raft: heartbeat timeout reached, starting election: last-leader=
[INFO] storage.raft: entering candidate state: node=“Node at :8201 [Candidate]” term=1685
[DEBUG] storage.raft: votes: needed=2
[DEBUG] storage.raft: vote granted: from=raft_node_1 term=1685 tally=1
[INFO] storage.raft: duplicate requestVote for same term: term=1685
[WARN] storage.raft: duplicate requestVote from: candidate=:8201
[DEBUG] storage.raft: vote granted: from=raft_node_2 term=1685 tally=2
[INFO] storage.raft: election won: tally=2
[INFO] storage.raft: entering leader state: leader=“Node at hostnameofleader:8201 [Leader]”
[INFO] storage.raft: added peer, starting replication: peer=raft_node_2
[INFO] storage.raft: entering follower state: follower=“Node at :8201 [Follower]” leader=
[ERROR] core: error during forwarded RPC request: error=“rpc error: code = Unavailable desc = connection error: desc = “transport: Error while dialing remote error: tls: internal error””
[ERROR] core: forward request error: error=“error during forwarding RPC request”
[ERROR] core: error during forwarded RPC request: error=“rpc error: code = Unavailable desc = connection error: desc = “transport: Error while dialing remote error: tls: internal error””
Log from follower node:
[INFO] core: security barrier not initialized
[INFO] core: attempting to join possible raft leader node: leader_addr=https://vaultOTP.evrotrust.com:8200
[WARN] core: join attempt failed: error=“error during raft bootstrap init call: Put “https://8200/v1/sys/storage/raft/bootstrap/challenge”: dial tcp IPofLeader:8200: connect: connection refused”
[ERROR] core: failed to retry join raft cluster: retry=2s
Thanks!