vault init issue port 8200

[Guillaume Loyot]

Hi all,

I'm facing an issue trying to initialize vault.

Here is what I get:

[root@localhost ~]# vault init

Error initializing Vault: Put https://127.0.0.1:8200/v1/sys/init: dial tcp 127.0.0.1:8200: getsockopt: connection refused

I've tryed both under my login and root's ones.

netstat -tapn | grep 8200 returns nothing, so I can use this port.

Furthermore, neither firewalld nor iptables are running (please see below)

[root@localhost ~]# service iptables status

Redirecting to /bin/systemctl status  iptables.service

● iptables.service

   Loaded: not-found (Reason: No such file or directory)

   Active: inactive (dead)

[root@localhost ~]# service firewalld status

Redirecting to /bin/systemctl status  firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

Can you please provide some assistance?

thanks in advance,

kind regards.

[Jeff Mitchell]

Hi Guillaume,

Based on this statement:

"netstat -tapn | grep 8200 returns nothing, so I can use this port."

It seems to me that you are trying to run 'vault init' but not
actually starting Vault first. 'vault init' is run against an active
server instance of Vault (started with 'vault server -config=....').

Let me know if you have more questions!
--Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/62e58e34-1038-4a4b-979c-0e16d2421ffb%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Kay A]

Hi Jeff,
I have the same issue. My vault server is running and  is in blocking state now.

When i run vault init, it gives me the following error :

$ ./vault init
Error initializing Vault: Put https://127.0.0.1:8200/v1/sys/init: http: server gave HTTP response to HTTPS client
$ ./vault status
Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP response to HTTPS client

Also, how do i clean up vault and its backends so that i can re-initialize it , if need be.

THanks

[Jeff Mitchell]

Hi Kay,

You have a different issue: you need to adjust your VAULT_ADDR or use
the -address flag to connect to http://127.0.0.1:8200 rather than
https://127.0.0.1:8200.

Best,
Jeff

> https://groups.google.com/d/msgid/vault-tool/0870b4d5-9c49-4de8-a117-18491f45b069%40googlegroups.com.

[Kay A]

Thanks Jeff.

I dont remember my unseal keys and would like to re-initialize vault. When i try to run vault init, it gives the following error :

$ ./vault init
Error initializing Vault: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/sys/init
Code: 400. Errors:

* Vault is already initialized

How do i clean up so i can re-run vault init ?

Thanks a lot!

[Vishal Nayak]

Hi Kay,

If this is a production Vault instance and/or if the storage backend
contains important information which you don't want to lose, I suggest
you find the output of the earlier vault init, to be able to unseal
again.

Or if you were trying to explore Vault in non-sensitive storage
backend, you could swipe clean the underlying storage backend (the
part which Vault was using) and run vault again to perform a fresh
init.

Regards,
Vishal

> https://groups.google.com/d/msgid/vault-tool/1b45a8ab-a4ee-49e1-994d-f85dc8400797%40googlegroups.com.

> For more options, visit https://groups.google.com/d/optout.



--

vn

[Kay A]

Hi ,
Yes i am trying out Vault for my product.

which files do you clean for the underlying storage ? i was using consul as per the example.

Thanks

[Vishal Nayak]

Hi Kay,

The folder which contains Vault data in Consul KV should be deleted.
Use Consul KV API to do it.

This folder name is the value of "path" field in `backend "consul"`
block of Vault's config file.

Hope this helps!

Regards,
Vishal

> https://groups.google.com/d/msgid/vault-tool/add0adbe-001c-48fa-95e7-3c670b59774e%40googlegroups.com.

[Adam Greene]

it is in the consul k/v store under `/vault`

[Kay A]

Thank you

[Induja Vijayaraghavan]

Hello,

I have myvault.hcl as follows:

backend "postgresql" {

  connection_url = "postgres://postgres:mypassword@localhost:5432/mydatabasename?sslmode=disable"

}

listener "tcp" {

  address = "0.0.0.0:8200"

  tls_disable = 1

}

When i do a vault init , I get Error initializing Vault: Put http://127.0.0.1:8200/v1/sys/init: dial tcp 127.0.0.1:8200: getsockopt: connection refused

When i do a vault server -config myvault.hcl, i get this 

==> Vault server configuration:

                 Backend: postgresql

              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "", tls: "disabled")

               Log Level: info

                   Mlock: supported: true, enabled: true

                 Version: Vault v0.6.2

==> Vault server started! Log data will stream in below:

Where is the problem and how do i get a successful vault init response. Please help. 

[Tomato_]

Maybe you need to do ` vault server -config myvault.hcl` first and then do `vault init` in another terminal

Vault need to be started before inited.

在 2016年11月3日星期四 UTC+8上午4:35:30，Redsmile写道：

[Gijs Sijpesteijn]

I think you forgot to export this: export VAULT_ADDR='http://127.0.0.1:8200'

[Sanjay Tiwari]

Can you check the vault status, is it running?