Clustered Vault servers with postgres backend


I am having an issue setting up two vault servers (with postgres backends) in high availability mode. I am able to start the server and run the operator init command on both of them.

I have set up my vault config file pretty much exactly the same as the config files outlined in the tutorial found here:
of course just switching out the consul backend for a postgres one.

The issue seems to be that the two servers are not able to find each other and are created with their own individual cluster ids. After that happens I just push forward for the sake of following the demo (and my own lack of knowledge about the expected outcome) and when I get to the part where you unseal the second server using the first server’s unseal tokens, I get an invalid token error.

Any insight about how configuring a vault server cluster with postgres backends differs from that of the consul backend in the demo would be appreciated. I also have updated my /etc/hosts file so that the two instances I am testing clustering with can resolve each other too. The security groups are also blown wide open, seeing as this is a testing env, so any and all traffic should be allowed through.

what’s ur postgres version ? HA requires -> Requires PostgreSQL 9.5 or later.

I’m on version 9.6, I did run into that problem earlier where vault refused to startup if ha was set to enabled/on and your version is below 9.5

Hi smhairston,

Did you create the vault_ha_locks locks table? Is there anything interesting in the log?

Hey Nick, I resolved my issue. During the unsealing I was running an init on both my vault servers when I should have run init once and unseal both servers with the keys from that one init.