Cant unseal new vault

ingtarius · October 12, 2020, 9:20am

Try to deploy vault in docker
My config:
ui = true
storage “raft” {
path = “/vault/data”
node_id = “node1”
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = true
}

api_addr = "http://0.0.0.0:8200"

cluster_addr = "https://0.0.0.0:8201"

log_level = "Debug"

Docker start, i can access WebUI, get tokens. Start to unseal, pass 2/3 tokens and cant pass 3/3, page just refresh. In logs:
docker run --net=host -v “/opt/docker/vault/:/vault/” --cap-add=IPC_LOCK vault:1.5.4 server

==> Vault server configuration:
         Api Address: http://0.0.0.0:8200
                 Cgo: disabled
     Cluster Address: https://0.0.0.0:8201
          Go Version: go1.14.7
          Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
           Log Level: debug
               Mlock: supported: true, enabled: true
       Recovery Mode: false
             Storage: raft (HA available)
             Version: Vault v1.5.4
         Version Sha: 1a730771ec70149293efe91e1d283b10d255c6d1
==> Vault server started! Log data will stream in be2020-10-12T09:14:02.929Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
2020-10-12T09:14:02.934Z [DEBUG] storage.cache: creating LRU cache: size=0
2020-10-12T09:14:02.990Z [DEBUG] cluster listener addresses synthesized: cluster_addresses=[0.0.0.0:8201]
low:

2020-10-12T09:14:23.708Z [DEBUG] core: unseal key supplied
2020-10-12T09:14:23.708Z [DEBUG] core: cannot unseal, not enough keys: keys=1 threshold=3 nonce=f5811a8f-f2c2-62ec-12fe-332fa0add3cf
2020-10-12T09:14:32.104Z [DEBUG] core: unseal key supplied
2020-10-12T09:14:32.104Z [DEBUG] core: cannot unseal, not enough keys: keys=2 threshold=3 nonce=f5811a8f-f2c2-62ec-12fe-332fa0add3cf
2020-10-12T09:14:38.667Z [DEBUG] core: unseal key supplied
2020-10-12T09:14:38.667Z [DEBUG] core: starting cluster listeners
2020-10-12T09:14:38.667Z [INFO] core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8201
2020-10-12T09:14:38.667Z [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201

ingtarius · October 12, 2020, 9:49am

Unsealing via CLI get 500 error
Error unsealing: Error making API request.

URL: PUT http://node1:8200/v1/sys/unseal
Code: 500. Errors:

cannot use unspecified IP with raft storage: 0.0.0.0:8201

mikegreen · October 12, 2020, 3:12pm

Is this an HA cluster with multiple nodes?
If not, just set to 127.0.0.1:8201

ingtarius · October 12, 2020, 6:10pm

Now it is 1 node, first setup
It will be 5 node cluster.
What address should i use for 5 nodes? Like my_cluster.example.com? And multiply A records?

mikegreen · October 13, 2020, 2:54pm

You should use its IP. Not recommended to use domain names usually.
Prob need to read up on https://www.vaultproject.io/docs/concepts/ha.html#per-node-cluster-listener-addresses and the integrated storage Learn Guides.

Topic		Replies	Views
How do I connect to Vault in Docker running with -dev-tls? Vault	2	573	June 14, 2023
Unable to unseal all nodes in new Raft cluster in Kubernetes Vault k8s , vault	6	1816	September 30, 2021
Vault dns connection generic error during vault unseal Vault	3	1109	November 2, 2021
Trying to access Vault UI errors out { "code": 501, "message": "OAuth is not enabled" } Vault k8s , vault	4	418	May 30, 2023
Cannot create vault cluster with manual unseal Vault vault	4	1618	February 19, 2024

Cant unseal new vault

Related topics