I’m trying to migrate our Hashicorp Vault standalone with storage type file running in our RKE2 cluster to a Hashicorp Vault HA with storage type raft. But still getting some issues. We’re using the Helm chart version 0.22.0. So these are the steps I followed:
- Create a temporary Vault Raft running in RKE2 with 1 replica (don’t initialize vault)
-
Execinto the old Vault container with the storage typefile - Go to the
/vault/folder and create araftfolder in it - Run the command
vault operator migrate --config migrate.hcl
The migrate.hcl file looks like this:
storage_source "file" {
path = "/vault/data/"
}
storage_destination "raft" {
path = "/vault/raft/"
node_id = "vault-raft-0"
}
cluster_addr="https://127.0.0.1:8201"
- The migration is complete and it created a
vault.dbfile into/vault/raft/and araft.dbfile into/vault/raft/raft/including an empty folder calledsnapshots. - Then I copied this whole
/vault/raft/folder to my local pc and copied it again to the temporary Vault Raft container. It has the same data storage mount path, so:/vault/raft/ - After copying the files I re-deployed the temporary Vault Raft since the pvc won’t be deleted and checked if it has still the copied
.dbfiles in it. - In the end I tried to unseal it, but after running the third command Iit returns the following message:
Error unsealing: context deadline exceeded
Am I doing something completely wrong?