I am running Vault on three nodes behind LB with HA enabled and backend storage is oracle storage bucket. If I have to configure leadership election manually (lets say every one week) where can I do it? Any help is highly appreciated?
Thanks
Naveen
You could set up a cronjob to invoke the /sys/step-down - HTTP API | Vault by HashiCorp API weekly.
Ok, but right now I see periodically leader is getting changed, trying to see where it’s setup as part of config or is it integrated as part of HA config ?
There is no such setup like that.
Out of the box, leadership will be constant forever until sys/step-down is used or one of the nodes believes it has lost contact with the current leader.
To understand the cause of unexpected leadership changes, you need to review the Vault server logs.
Thanks. Below is what I see in logs
Sep 15 06:51:27 [2127312]: 2022-09-15T06:51:27.382Z [DEBUG] storage.oci: WatchLock: Lock record cache is nil, stale or does not belong to self.
Sep 15 06:51:27 [2127312]: 2022-09-15T06:51:27.382Z [DEBUG] storage.oci: Closing the stop channel to give up leadership.
Sep 15 06:51:27 [2127312]: 2022-09-15T06:51:27.382Z [WARN] core: leadership lost, stopping active operation
I’m not familiar with that storage backend, so I’m not sure what’s going on there.
1 Like