We have enabled the mongo plugin in our vault. We are getting an error like this. Can you please help?
Error writing data to database/config/mongodb: Error making API request.
URL: PUT https://vault.local/v1/database/config/mongodb
Code: 400. Errors:
Doesn’t sound like vault can reach the mongo server. Check host to host make sure vault can actually resolve and get to the mongo server, then resetup the connection.
Our mongo is a cluster setup with multiple primary and secondary servers. Is that the reason for it? Vault can reach this IP. But it not connecting properly
The connection will always be initiated from the vault leader node, however all nodes need to be able to each the mongo instance.
Our Vault is single node cluster. I think I didn’t explain it properly. Our mongo is a cluster setup. We are trying to connect to the mongo-router and is there any way I can create a vault user in mongo for the connection or I need to use root user for this.
Okay, so the URL you’re using for mongo will have to be the router, but yes you should absolutely create a vault user as you cannot get the password of that user back out after vault takes it over. The new mongo vault user needs to be able to create and delete other users (the dynamic users that you request) as well as set roles and change passwords of those users.
There isn’t much else for the connection, try using netcat or telnet or any other tool to verify the TCP connection between your vault server and the mongo cluster.