Getting "i/o timeout" when trying to access vault server from docker container
4,407 views
Skip to first unread message
Hemant Gupta
Jan 8, 2016, 4:03:26 PM1/8/16
to Vault
I am using docker container to access vault server.
I have set the following variables within docker container:
export VAULT_ADDR='http://xx.xxx.xx.xx:8200'
export VAULT_TOKEN=<token>
However, when I run 'vault status' from within docker container, I get the following message:
Error checking seal status: Get http://xx.xxx.xx.xx/v1/sys/seal-status: dial tcp xx.xxx.xx.xx:8200: i/o timeout
My vault server is running fine with consul as backend.
I get the following status when I run 'vault status' on the server itself.
Sealed: true
Key Shares: 5
Key Threshold: 3
Unseal Progress: 0
High-Availability Enabled: true
Mode: sealed
Please suggest how can I successfully run 'vault status' from within docker container.
Jeff Mitchell
Jan 8, 2016, 4:31:39 PM1/8/16
to vault...@googlegroups.com
Hi Hemant,
This sounds like it's most likely a networking/firewall issue rather
than an issue with Vault itself. I think a good first step would be to
try using openssl s_client, netcat, telnet, etc. to attempt a straight
TCP connection to the Vault server endpoint. If you can establish a
successful TCP connection using one of these tools but the Vault CLI
doesn't work, that gives us a good amount of information that we can
use to help figure out what the issue may be.
Can you also please list which version of Vault you're using and what
Docker container?
Thanks,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/b132d4c1-cb29-4b08-a5c4-9606f0c9380c%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
This sounds like it's most likely a networking/firewall issue rather
than an issue with Vault itself. I think a good first step would be to
try using openssl s_client, netcat, telnet, etc. to attempt a straight
TCP connection to the Vault server endpoint. If you can establish a
successful TCP connection using one of these tools but the Vault CLI
doesn't work, that gives us a good amount of information that we can
use to help figure out what the issue may be.
Can you also please list which version of Vault you're using and what
Docker container?
Thanks,
Jeff
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/b132d4c1-cb29-4b08-a5c4-9606f0c9380c%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
Hemant Gupta
Jan 8, 2016, 5:09:29 PM1/8/16
to Vault
Hi Jeff,
Thanks for your input.
The 8200 was blocked earlier. I can now run 'vault status' successfully after opening the 8200 port.
thanks again for your help
Reply all
Reply to author
Forward
0 new messages