New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HA vault cluster failing to communicate with MySQL db endpoint from another cluster #8458
Comments
|
Can you confirm that the tables each Vault cluster is using are different, and they are not using the same lock table? Can you repeat this error if you explicitly set the lock table to something unique per Vault cluster? |
yes, performed on a different table, also different db in the same db endpoint. Can repeat the error. Even for a new db endpoint, worked fine with the first cluster using as a storage. When used the same db endpoint for a different cluster, the error happens. |
@catsby ,yes , explicitly mentioned lock table. I can still replicate the error. |
@catsby ,
Able to leader record under lock table. But, this is |
Looks like you are running into the following problem. Check steps 6 (there is a glitch)
Steps to reproduce:
Everything seems fine. So my guess is since you are using the following configuration, which is supposed to auto unseal vault without calling
|
I started testing using a different cluster now. The error happens during the unseal operation itself after
db lock table:
Fyi., Not able to deploy vault in the working cluster as well now. |
Describe the bug
I'm currently using hashicorp vault chart which has image 1.3.2 to install in kubernetes cluster(v1.13.10) using helm (v3.0.3) for HA installation. I created a new amazon rds aurora db and when installed with vault chart, it worked fine.
But when I use a different kubernetes cluster on the same amazon rds aurora db endpoint with a different table name,
vault operator init
- successful`vault login - failed with the following error. This bug is consistent.
Also, I created a new db and new table using the same db endpoint, I see the same issue.
I tried to debug, by logging into the mysql database.
The _lock table has no records.
To Reproduce
Steps to reproduce the behavior:
Download hashicorp vault chart
Package the chart.
Create values.yaml and configure as per the below content.
helm install vault <package_name> --values values.yaml
For the 1st cluster with the db endpoint.
vault login <roottoken>
(works fine)For the 2nd cluster with the db endpoint with different table name.
vault login <roottoken>
After this now, I repeat vault deployment in the first/second cluster, I can see the error always.
Expected behavior
Should be able to perform vault operations using existing db endpoint with a different table name.
Environment:
vault status
): Vault v1.3.2vault version
): Vault v1.3.2CC: @michaeljs1990 , I saw your commits on the mqsql go files. Could you please help me here. Is my ha configuration right? any recommendations?
The text was updated successfully, but these errors were encountered: