Vault failed to start

Rinshad · August 23, 2019, 4:34am

Hello,

I am getting below error when initing vault.

$ sudo vault operator init

Error initializing: Put https://127.0.0.1:8200/v1/sys/init: dial tcp 127.0.0.1:8200: connect: connection refused

My configuration file details.
$ cat /usr/local/etc/vault/vault_s1.hcl
listener “tcp” {
address = “0.0.0.0:8200”
cluster_address = “0.0.0.0:8201”
tls_disable = “true”
}

    storage "consul" {
      address = "127.0.0.1:8500"
      path    = "vault/"
    }

    api_addr = "http://10.1.1.4:8200"
    cluster_addr = "https://10.1.1.4:8201"

I have one Vault node and one consul node

$ cat /usr/local/etc/consul/client_agent.json
{
“server”: false,
“datacenter”: “dc1”,
“node_name”: “consul_c1”,
“data_dir”: “/consul/client-data”,
“bind_addr”: “10.1.1.4”,
“client_addr”: “127.0.0.1”,
“retry_join”: [“10.1.1.5”],
“log_level”: “DEBUG”,
“enable_syslog”: true,
“acl_enforce_version_8”: false
}

Disabled firewall and confirmed vault and consul service is running.
can someone help me with this?

Regards

mgaffney · August 24, 2019, 2:35pm

Hi Rinshad,

It looks like the command is using the default vault address but you have tls disabled so the address should be http://127.0.0.1:8200. Try setting the environment variable export VAULT_ADDR=http://127.0.0.1:8200 or using the command line option vault operator init -address=http://127.0.0.1:8200.

Rinshad · August 26, 2019, 9:37am

Executed the same but no luck.
export VAULT_ADDR=http://127.0.0.1:8200
~$ sudo vault status

Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: dial tcp 127.0.0.1:8200: connect: connection refused

mgaffney · August 26, 2019, 1:08pm

On my machine, if I run
export VAULT_ADDR=http://127.0.0.1:8200
~$ sudo env
The VAULT_ADDR variable is not set. So, can you try running the vault command without using sudo?

DevOpsRob · August 27, 2019, 2:49pm

Hi Rinshad

Sounds crazy but is the vault service running? If i set the vault address correctly with the tls options disabled, normally the only reason i get a connection refused is if the vault service had trouble starting up.

In my experience, if the vault address variable isn’t set and you disable tls, the error message you normally get is something olong the lines of “recieved a http response from a https server”.

unfor19 · March 9, 2020, 2:25pm

This did the trick

vault operator init -address=http://127.0.0.1:8200

Thanks

rcdmoreno · August 27, 2020, 4:11pm

vault status
Error checking seal status: Get “https://127.0.0.1:8200/v1/sys/seal-status”: dial tcp 127.0.0.1:8200: connect: connection refused

I can’t check status server vault server configuartion as node in Consul.

everyone can help me!!

hellowahab · November 16, 2020, 8:46am

The probable reason for getting connection refused is that the Vault Server is not up and running.
Try grapping the specific process using
netstat -ant |grep 8200
if the vault is running on the above port.
One more thing is that vault for dev initially get started without background mode or demon mode so you need to have two terminals open one for keep the server running and second to execute the commands

Topic		Replies	Views
Vault Fails to init Vault vault , consul-vault	5	1813	January 22, 2021
Vault with TLS Enabled won't start - connection refused by the listener Vault	4	3144	June 30, 2020
Unable to init VAULT (Raft) Vault vault	2	484	January 20, 2023
Error while running vault operator init Vault	4	3788	December 8, 2020
Unable to initialise Vault with Consul HA backend on AKS Vault k8s , vault , azure	0	363	January 25, 2021

Vault failed to start

Related topics