Hi,
While initializing master keys in vault, it is giving “failed to initilize barrier: failed to persist keyring : mkdir /etc/vault.d/vault-data/core : read-only file system”.
Is there a way to fix this issue, and how to use "Encrypt root token with PGP.
As the error is saying the filesystem that is being used for /etc/vault.d/vault-data/core is in read-only mode. This is either on purpose (as per the details in /etc/fstab) or an indication of possible file system issues (possible corruption errors will switch a filesystem to read-only to prevent further damage).
Either way you need to resolve that - either make that mount read/write or choose a different (non read-only) mount to store the Vault data.
Thanks Stuart for the reply. I have moved to different location and provided chmod -R 777 to that folder, now I am getting “core: barrier reports initialized but no seal configuration found”. Below is vault.hcl I have where I see seal is missing. Can you please share me the right seal configuration if you have. Appreciate your help in advance.
If this is a new cluster with no data, then you have something in /usr/testvault/vault-data … remove the content, restart the server and initialize it.
Thanks Aram. But if I delete vault-data folder, after initialization it is failing again : “failed to initialize barrier: failed to persist keyring: mkdir /usr/testvault/vault-data/core: read-only file system”. When I create folders and file, it will repeat the same issue.
This is new cluster no data inside it.
I am seeing the same issue with a brand new install of Ubuntu20.04
This is our config file and we fail with read-only filesystem errors (i have tested with standard permissions, and chown’d the filesystem to 1777 as well root:root / vault:vault – no luck)
This is not in google cloud or aws, this is in our own datacenter, and is not a container. This is a virtulal machine and /usr/local/share is writable by all the other apps.