HA Vault node uninitialised after the machine reboots

rranjanmw · October 4, 2022, 8:29am

I set up a 3-node HA Vault cluster with an integrated storage backend. I did that by deploying the nodes as a Docker container. I initialised all of them manually at first via the UI. For testing out the failover, I rebooted one machine manually. Another machine successfully got elected as the active node. However, the machine I rebooted showed that it is uninitialised.

Ideally, I think it should be initialised but sealed.

# vault status
Key                Value
---                -----
Seal Type          shamir
Initialized        false
Sealed             true
Total Shares       0
Threshold          0
Unseal Progress    0/0
Unseal Nonce       n/a
Version            1.11.3
Build Date         2022-08-26T10:27:10Z
Storage Type       raft
HA Enabled         true

Is there something I am missing here?

maxb · October 4, 2022, 9:14pm

This seems like a red flag to me - initialising is something you do once per cluster.

If you really initialised all of them, you actually had 3 single-node Vault clusters, not one three-node cluster.

But you say you saw a failover between them, so perhaps that’s not what you mean.

I wonder if you actually completed joining this node to the new cluster?

When you join a new Raft node to a shamir-seal cluster, the join is not complete until you unseal the new node after joining. Until you do that, it is not really joined, it’s just waiting for credentials to complete joining.

Topic		Replies	Views
Cannot unseal node Vault	6	1613	January 15, 2021
Vault HA Cluster raft with keepalived Vault	3	1072	December 3, 2022
Vault cluster initialization with integrated raft storage failing Vault raft	2	1057	October 3, 2021
Unable to unseal all nodes in new Raft cluster in Kubernetes Vault k8s , vault	6	1796	September 30, 2021
Vault unseal issue: "raft is already initialized" Vault k8s , raft , vault	5	560	January 29, 2024

HA Vault node uninitialised after the machine reboots

Related topics