Vault 0.8.0 and Consul 0.9.2 Issues
236 views
Skip to first unread message
David Li
Aug 16, 2017, 7:48:41 PM8/16/17
to Vault
Hi,
I just upgraded Vault to 0.8.0 (from 0.6) and consul to 0.9.2. Nothing else changed. Both run on a single VM. Now I have two problems:
1. Vault can't start.
[root@host ~]# systemctl status vault
● vault.service - Vault Service
Loaded: loaded (/etc/systemd/system/vault.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2017-08-16 23:44:07 GMT; 6s ago
Process: 79455 ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl (code=exited, status=1/FAILURE)
Main PID: 79455 (code=exited, status=1/FAILURE)
Aug 16 23:44:07 sl73ovnapd087.visa.com systemd[1]: Started Vault Service.
Aug 16 23:44:07 sl73ovnapd087.visa.com systemd[1]: Starting Vault Service...
Aug 16 23:44:07 sl73ovnapd087.visa.com systemd[1]: vault.service: main process exited, code=exited, status=1/FAILURE
Aug 16 23:44:07 sl73ovnapd087.visa.com systemd[1]: Unit vault.service entered failed state.
Aug 16 23:44:07 sl73ovnapd087.visa.com systemd[1]: vault.service failed
2. Consul can't join
[root@sl73ovnapd087 ~]# consul join <ip address>
Error joining address '<ip address>': Put http://127.0.0.1:8500/v1/agent/join/<ip address>: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
Failed to join any nodes.
<ip address> is the IP of the VM that has the consul installed.
Googling doesn't give me much clue.
Anyone has seen this before?
Thanks.
David
Jeff Mitchell
Aug 16, 2017, 7:56:19 PM8/16/17
to Vault
Hi David,
Without server logs there's not much I can tell you, however, if Consul isn't starting properly it's not surprising that Vault is unhappy. I'd look into the Consul issues first, then look at Vault.
Make sure you look at the 0.7/0.8 upgrade guides for Vault too! https://www.vaultproject.io/guides/upgrading/index.html
Best,
Jeff
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/25e9c7ec-b0dd-46a6-a385-12c3a8d80ad4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Li
Aug 22, 2017, 12:22:48 PM8/22/17
to Vault
Hi Jeff,
Sorry I was working on something else and now I am back to track down this problem.
My vault and consul are all started by systemd cmds, e.g. systemctl start consul.
I checked the /var/log/messages on my Centos 7 server but couldn't find any vault or consul related logs.
I checked my vault and consul configs and there aren't any log configs.
Do you know by default where vault and consu start their logs?
David
Jeff
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
Jeff Mitchell
Aug 22, 2017, 5:35:55 PM8/22/17
to Vault
Hi David,
Both Vault and Consul put their logs to stdout/stderr.
Best,
Jeff
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/26f4f599-f815-4abf-8691-9b5c3cb7b717%40googlegroups.com.
James Phillips
Aug 22, 2017, 8:39:58 PM8/22/17
to vault...@googlegroups.com
> Error joining address '<ip address>': Put http://127.0.0.1:8500/v1/agent/join/<ip address>: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
That looks a bit like you need to set up your environment to use TLS
for the "consul join" command. Newer versions of Consul use the HTTP
API for "consul join" instead of the old RPC endpoint. You can set
https://www.consul.io/docs/commands/index.html#environment-variables
to get this command to use TLS properly and that may help.
-- James
>> https://groups.google.com/d/msgid/vault-tool/26f4f599-f815-4abf-8691-9b5c3cb7b717%40googlegroups.com.
>>
>> For more options, visit https://groups.google.com/d/optout.
>
>
>>
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/CAORe8GHcys_6_Fa5OUrXtPa%2BaVuPpan%3DgiP_qz156-ZtrBzQZA%40mail.gmail.com.
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
David Li
Aug 22, 2017, 9:30:55 PM8/22/17
to Vault
Hi Jeff,
If I only have a single instance of consul running, would the "join" cmd show errors? This is consul 0.9.2.
David
Reply all
Reply to author
Forward
0 new messages