Trying to access Vault UI errors out { "code": 501, "message": "OAuth is not enabled" }

BusinessEngineer · May 25, 2023, 4:25pm

We have two env clusters with separate Vault accounts, and we recently upgraded LinkerD mesh in both environments.
Vault connects to the cluster without issue, but when I try to access the vault UI for one env, it fails. I have not altered any vault settings, but I continue to receive this error.

Has anyone else run into this problem?

BusinessEngineer · May 28, 2023, 6:28am

No errors in the logs
core: stored unseal keys supported, attempting fetch
core: raft retry join initiated
core.cluster-listener.tcp: starting listener: listener_address=[::]:8201
core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
storage.raft: creating Raft: config=“&raft.Config{ProtocolVersion:3, HeartbeatTimeout:15000000000, ElectionTimeout:15000000000, CommitTimeout:50000000, MaxAppendEntries:64, BatchApplyCh:true, ShutdownOnRemove:true, TrailingLogs:0x2800, SnapshotInterval:120000000000, SnapshotThreshold:0x2000, LeaderLeaseTimeout:2500000000, LocalID:"vault-0", NotifyCh:(chan<- bool)(0xc000fd3490), LogOutput:io.Writer(nil), LogLevel:"DEBUG", Logger:(*hclog.interceptLogger)(0xc000870c30), NoSnapshotRestoreOnStart:true, skipStartup:false}”
storage.raft: initial configuration: index=35 servers=“[{Suffrage:Voter ID:vault-0 Address:vault-0.vault-internal:8201} {Suffrage:Voter ID:vault-1 Address:vault-1.vault-internal:8201} {Suffrage:Voter ID:vault-2 Address:vault-2.vault-internal:8201}]”
storage.raft: entering follower state: follower=“Node at vault-0.vault-internal:8201 [Follower]” leader-address= leader-id=
core: entering standby mode
core: vault is unsealed
core: unsealed with stored key

$ vault status
Key Value

Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 5
Threshold 3
Version 1.11.0
Build Date 2022-06-17T15:48:44Z
Storage Type raft
Cluster Name vault-cluster-353fc036
Cluster ID xxxxxxxxxxxxxxxxxxx
HA Enabled true
HA Cluster https://vault-0.vault-internal:8201
HA Mode standby
Active Node Address https://xx.xxx.xx.x:8200
Raft Committed Index 2703169
Raft Applied Index 2703169

maxb · May 28, 2023, 6:59am

{ “code”: 501, “message”: “OAuth is not enabled” }

Does not look like an error from Vault at all to me.

I think you have some other proxy/loadbalancer software or appliance in front of Vault that is blocking the connection before it ever reaches Vault.

BusinessEngineer · May 30, 2023, 3:01pm

That is one thing I thought would be an issue at first, but I kept all of the vault pods out of Linkerd mesh, and it is not injected onto vault pods.

maxb · May 30, 2023, 3:13pm

Nevertheless, that’s not a JSON structure that Vault itself would return - and still less from the /ui endpoint.

Topic		Replies	Views
VAULT opens and data appears but constantly getting error when navigating UI Vault k8s	2	896	January 13, 2023
URL: PUT https://vault-0.vault-internal:8200/v1/sys/storage/raft/bootstrap/challenge Code: 503. Errors: Vault k8s	1	574	October 19, 2023
[Failed to Retrieve Secrets Following Vault Server Failover in Kubernetes High-Availability Cluster][Permission Denied] Vault k8s , raft , vault	1	160	February 1, 2024
Trying to setup Vault HA mode with Raft Vault k8s , vault	4	1317	December 16, 2022
Not able to unseal vault after container (pod) restart Vault	4	5661	October 28, 2020

Trying to access Vault UI errors out { "code": 501, "message": "OAuth is not enabled" }

Related topics