-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault health check issues #1486
Comments
@bmonkman Thanks for the report. It sounds like what's happening is Consul is correctly reporting Vault in a critical state when the TTL check expires, but when you restart Vault and it is in a sealed state, you're still seeing Consul report the process as unavailable (even though it's up, but still in a sealed state). Is that correct? Can you answer a few additional questions regarding this?
With that information we should be able to get this figured out. Cheers. |
Not exactly. When I bring vault back up, it reports it as available and unsealed, as in the health check response I posted above. (Notice the string |
@bmonkman I can't fully context switch into this problem this second, but I did take a quick look and found something that's likely relevant. Would you be comfortable applying a quick patch and seeing if that fixes things? If so I'll toss it up as a gist, otherwise I'll have a chance to fully test and dig into this next week. ? LMK. |
Yeah no problem, Gist me!
|
https://pastebin.com/raw/i90ERJ67
If that works I'll merge the fix, otherwise like I said, I'll dig into it early next week when I can actually context switch into this for more than 5min. |
Okay, I found the issue. It is also affecting the active/standby tagging. |
#1486 : Fixed sealed and leader checks for consul backend
Thank you for the fix! |
Heya, I'm trying Vault 0.6 beta 2 and I'm having issues with the "sealed" consul health check.
The check is registered, if I stop vault it goes into critical due to "TTL expired", but it doesn't properly report the sealed state or go into warning state while sealed.
The Vault config is very straightforward, Consul is working fine, and I've granted the Consul ACL token sufficient access to write to the KV store and the vault service. (Even tried changing to a management token.)
I also tried stopping everything, gracefully leaving the consul agent, manually removing the service and checks using both the
agent
andcatalog
apis, but no dice.Here is the Vault config:
Any ideas?
Thanks!
The text was updated successfully, but these errors were encountered: