I’m not really sure where I went wrong. I’m attempting to stand up a Vault environment with HA according to the recommended 2 Availability Zone model, with Consul. This is my first time using Hashicorp products. Most of the troubleshooting I’ve seen online seems to be from the approach of using these products in a containerized environment, but mine are currently running in AWS as traditional servers.
I have managed to install Consul and Vault on all the respective servers, and I’m at least getting somewhere, judging from my primary Vault server - I can at least get to the UI. But the backend is a mess and I don’t know where I went wrong.
The Vault service is running properly on my primary Vault server (which I’m using as a test before fixing the things I’ve figured out are wrong on the other servers). The consul agent service fails with the error in the subject. Syslog is just spitting out the following two messages over and over, and the Vault is (obviously) locked:
Nov 13 06:25:07 vault-alpha vault: 2020-11-13T06:25:07.230Z [WARN] service_registration.consul: check unable to talk with Consul backend: error="Unexpected response code: 500 (Unknown check "vault:172.31.119.46:8200:vault-sealed-check")" Nov 13 06:25:07 vault-alpha vault: 2020-11-13T06:25:07.779Z [WARN] service_registration.consul: reconcile unable to talk with Consul backend: error="service registration failed: Unexpected response code: 403 (Permission denied)"
Can someone help me figure out how to right this ship? I would be very grateful.