Vault Cluster with RDS MySQL Backend
544 views
Skip to first unread message
William Bengtson
Jul 15, 2016, 2:23:55 PM7/15/16
to Vault
If you are wanting to run MySQL as the backend, even though it's not HA, can we deploy 2+ vault instances? Example, RDS MySQL backend across all AZs in the region. Vault server in each AZ (3 AZs = 3 vault servers). Unseal vault 1, unseal vault 2, force vault2 into standby, unseal vault 3, force vault3 into standby. Would Vault be able to handoff active to a standby instance should the active vault go down?
William Bengtson
Jul 18, 2016, 10:27:37 AM7/18/16
to Vault
Ran tests and found you cannot force a MySQL backed vault
into standby
On Fri, Jul 15, 2016 at
11:23, William Bengtson <william....@gmail.com>
wrote:
If you are wanting to run MySQL as the backend, even though it's not HA, can we deploy 2+ vault instances? Example, RDS MySQL backend across all AZs in the region. Vault server in each AZ (3 AZs = 3 vault servers). Unseal vault 1, unseal vault 2, force vault2 into standby, unseal vault 3, force vault3 into standby. Would Vault be able to handoff active to a standby instance should the active vault go down?
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b98afdb4-06e5-4d70-b389-90b65e4ff5a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jeff Mitchell
Jul 18, 2016, 11:09:22 AM7/18/16
to vault...@googlegroups.com
Hi there,
There is no concept of "active" or "standby" when not using an HA
backend, so this is not possible.
Best,
Jeff
> https://groups.google.com/d/msgid/vault-tool/5969c3f7-442e-476c-91b5-dcca6cecbd57%40gmail.com.
There is no concept of "active" or "standby" when not using an HA
backend, so this is not possible.
Best,
Jeff
Matt Button
Jul 18, 2016, 1:25:48 PM7/18/16
to vault...@googlegroups.com
To expand on Jeff's point, you can use MySQL to store your data, and use one of the other ha capable backends to elect an active vault node: https://www.vaultproject.io/docs/config/index.html#ha_backend
We use RDS MySQL to store data, and consul to elect the active vault.
Matt
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/5969c3f7-442e-476c-91b5-dcca6cecbd57%40gmail.com.
Balkrishna Pandey
Mar 7, 2018, 11:57:10 AM3/7/18
to Vault
Based on this discussion I am trying to setup consul as ha storage. I am seeing different issue. I created a bug ticket in github. Looks like my consul config is not looking good. Matt Button possible to share your configuration.
Reply all
Reply to author
Forward
0 new messages