Safe Vault rollback procedure from a newer version to an older version (0.6.1)
329 views
Skip to first unread message
Will Pinney
Mar 15, 2017, 4:16:21 PM3/15/17
to Vault
All,
What is the recommended rollback procedure if an vault upgrade failed?
I am using vault with a consul backend. I am thinking of the following procedure:
- backup vault using consul backup tool
- properly shutdown standby, copy old vault image to the standby, restart standby vault servers, unseal standby vault
Does this will restore the vault?
Are the new secrets provisioned into the vault using newer version vault get lost due to backward compatibility issues?
Thanks.
-Will
Vishal Nayak
Mar 16, 2017, 9:40:10 AM3/16/17
to vault...@googlegroups.com
Hi Will,
If you had the backup of Consul storage from before the upgrade, you
can downgrade Vault gracefully to a version on which the backup was
taken.
But if you wish to downgrade the newer Vault with a storage that
consists of newer leases and secrets, it's hard to make any promises.
It may or may not work depending on the versions of Vault under
consideration.
We don't provide forward compatibility guarantees when a storage of
newer Vault is using to bring up an older version of Vault.
Regards,
Vishal
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/ef220e18-4f82-4732-846c-e52c9a8eea9a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
vn
If you had the backup of Consul storage from before the upgrade, you
can downgrade Vault gracefully to a version on which the backup was
taken.
But if you wish to downgrade the newer Vault with a storage that
consists of newer leases and secrets, it's hard to make any promises.
It may or may not work depending on the versions of Vault under
consideration.
We don't provide forward compatibility guarantees when a storage of
newer Vault is using to bring up an older version of Vault.
Regards,
Vishal
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/ef220e18-4f82-4732-846c-e52c9a8eea9a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
vn
Will Pinney
Mar 16, 2017, 10:46:50 AM3/16/17
to Vault
Thanks, Vishal. This is very helpful.
Reply all
Reply to author
Forward
0 new messages