How we can add node in vault cluster?

Vault
1

Hello Team,
I am new to Vault and exploring it. I want to setup a Vault cluster and want to use ETCD for storage.

I have configured one server and it running fine.

root@vault-server:/var/log# vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    5
Threshold       3
Version         1.12.0
Build Date      2022-10-10T18:14:33Z
Storage Type    etcd
Cluster Name    promobi-test
Cluster ID      fb99b6bd-bf37-5eac-4122-71c8342dfaf4
HA Enabled      false

root@vault-server:/var/log# vault operator members
Host Name       API Address                 Cluster Address              Active Node    Version    Upgrade Version    Redundancy Zone    Last Echo
---------       -----------                 ---------------              -----------    -------    ---------------    ---------------    ---------
vault-server    http://192.168.56.3:8200    https://192.168.56.3:8201    true           1.12.0     n/a                n/a                n/a

Now want to add another 2 nodes in the cluster. Below is the config for my 2nd vault server:

cluster_addr  = "http://192.168.1.4:8201"
api_addr      = "http://192.168.1.4:8200"
ui = true
cluster_name	= "test"
enable_response_header_hostname = "true"
enable_response_header_raft_node_id = "true"
disable_clustering	= "false"
#mlock = true
#disable_mlock = true

#storage "file" {
#  path = "/opt/vault/data"
#}

storage "etcd" {
  address = "http://192.168.56.3:2379"
#  ha_enabled	= "true"
  etcd_api = "v3"
}

#storage "consul" {
#  address = "192.168.56.3:8500"
#  path    = "vault"
#}

#HTTP listener
 listener "tcp" {
  address = "192.168.1.4:8200"
  tls_disable = 1
}

But when i am running vault status on both server i am getting same cluster id but vault operator members showing single node on both the server.

root@vault-server-2:/opt/vault# vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    5
Threshold       3
Version         1.12.1
Build Date      2022-10-27T12:32:05Z
Storage Type    etcd
Cluster Name    promobi-test
Cluster ID      fb99b6bd-bf37-5eac-4122-71c8342dfaf4
HA Enabled      false
root@vault-server-2:/opt/vault# vault operator members
Host Name         API Address                Cluster Address             Active Node    Version    Upgrade Version    Redundancy Zone    Last Echo
---------         -----------                ---------------             -----------    -------    ---------------    ---------------    ---------
vault-server-2    http://192.168.1.4:8200    https://192.168.1.4:8201    true           1.12.1     n/a                n/a                n/a

Can you please help me how we can add node in vault cluster using ETCD storage?

Thank You

2

is the line that shows the problem. The Vault servers are not operating in HA mode so they’re both acting independently. THIS MAY CORRUPT YOUR VAULT DATA, as two Vault servers should not be simultaneously trying to change the same storage.

Somewhat surprisingly, it appears the Vault etcd storage backend needs to have HA be explicitly turned on in configuration - Etcd - Storage Backends - Configuration | Vault | HashiCorp Developer

1 Like
3

@maxb , Thank You for your response and suggestion. After setting up HA for ETCD cluster vault cluster is also setup and now able to see all vault nodes in cluster.

However in the vault doc it was not cleared that Vault cluster required ETCD cluster also if we use ETCD as storage. Earlier I was using ETCD with single node.

Vault with ETCD storage

Thank you for your help.