I’m trying to set up Vault HA cluster with Raft storage, and automate its deployment with scripts, later using Ansible. TLS certificates are a necessity for me. I have issues with auto-unsealing Vault instances using Transit key.
I was using this tutorial to run it manually: Vault HA Cluster with Integrated Storage
And I got commands from the original script used in that tutorial. (script available on GitHub)
When I tried running HA cluster by manually entering commands, i managed to make it work as it should, but when I added the certificates, I cannot make second and third instance from cluster unseal with Transit auto-unseal.
I’m getting this error:
2020-07-23T11:22:21.210+0200 [INFO] core: stored unseal keys supported, attempting fetch
2020-07-23T11:22:21.210+0200 [WARN] failed to unseal core: error=“stored unseal keys are supported, but none were found”
Transit instance and first cluster instance are running on the same machine, Transit is using port 8100, Cluster instance is using port 8200. These two are running fine, even the first Cluster instance auto unseals without problem.
Other instances are running on different machines. I have googled for days, but i still cannot make it work…
Any help, please?