I have 2 HA vault servers with 5 Consul storage servers. Recently I got strange issue with Vault, as it does responses when I try to login and it gives me timeout error.
I restarted vault service and unsealed it and got the following info:
Not enough info here, please include your config, startup, commands and errors you’re seeing/using. Also you may want to change the config to do debug logging and include that as well.
actually this issue came after I upgraded vault to v1.8.5, two months after the upgrading.
sometimes the system works normally, then suddenly get stuck because of this issue and keeps like this for a while then comes back to work fine.
when the system enters the stuck state it shows some information in stream logs like the following:
Feb 06 11:07:03 vault-1 vault[4610]: 2022-02-06T11:07:03.381+0300 [INFO] expiration: revoked lease: lease_id=auth/approle/login/h94ed8bbb811fe1526d07556f7cd53f4f0086053ae90b9305dcd17c984a4e0f7c
Feb 06 12:44:02 vault-1 vault[4610]: 2022-02-06T12:44:02.182+0300 [INFO] expiration: revoked lease: lease_id=auth/ldap/login/ahmed/h401a12097cac066c76e29a81f351207c0375ddbd39db1aa018c6ff12841340b0
Feb 06 12:45:06 vault-1 vault[4610]: 2022-02-06T12:45:06.579+0300 [INFO] expiration: revoked lease: lease_id=auth/ldap/login/ali/h8ac214a770d79ee9fcd985c2b275e88d9442095f43537d3077d0fd0e0e9d53d9
Feb 06 12:54:48 vault-1 vault[4610]: 2022-02-06T12:54:48.266+0300 [INFO] expiration: revoked lease: lease_id=auth/ldap/login/ali/hec20c94acbeb5da59b7b6862b7363f5ab8ce3657021308eb41d5c9d470fb8724
the config file is:
backend “consul” {
address = “127.0.0.1:8500”
The api_addr needs to be your host’s IP:8200, not your VIP on all of your nodes – that’s how the nodes talk to each other. You’re missing ui = true if you’re using the ui. I’d suggest adding a log_level = debug at the bottom.
It’s possible that your consul servers are over loaded or losing raft. I would turn on the debug logging there as well to see if you can catch the issue while it’s happening.