mount mysql backend error on windows local machine

[John Stafford]

Hi,

I have decided to setup a vault with a real backend using this url https://www.vaultproject.io/docs/secrets/mysql/ 

I have mysql installed at the usual 3306 port on my local windows machine and when I issue vault mount mysql , I get the follwoing:

Mount error: Post https://127.0.0.1:8200/v1/sys/mounts/mysql: dial tcp 127.0.0.1:8200: connectex: No connection could be made because the target machine actively refused it.

[Armon Dadgar]

Hey John,

The error here is indicating that the CLI could not contact the Vault instance

on 127.0.0.1:8200. Is there a running Vault instance available? The CLI talks

to a remote Vault instance using the API, so there must be a running Vault instance.

Vault is akin to a database, as opposed to a CLI tool.

Best Regards,

Armon Dadgar

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/a947d872-e9b8-4e25-9d78-048aec53a4ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[John Stafford]

Hi Armon. Thank you for your patience. I have been issuing the standard "vault server" that starts up the server and get output at the windows command line. Does this indicate that it is running? If not, how do I start it?

>vault server

At least one config path must be specified with -config

Usage: vault server [options]

  Start a Vault server.

  This command starts a Vault server that responds to API requests.

  Vault will start in a "sealed" state. The Vault must be unsealed

  with "vault unseal" or the API before this server can respond to requests.

  This must be done for every server.

  If the server is being started against a storage backend that has

  brand new (no existing Vault data in it), it must be initialized with

  "vault init" or the API first.

General Options:

  -config=<path>          Path to the configuration file or directory. This can

                          be specified multiple times. If it is a directory,

                          all files with a ".hcl" or ".json" suffix will be

                          loaded.

  -dev                    Enables Dev mode. In this mode, Vault is completely

                          in-memory and unsealed. Do not run the Dev server in

                          production!

  -dev-root-token-id=""   If set, the root token returned in Dev mode will have

                          the given ID. This *only* has an effect when running

                          in Dev mode. Can also be specified with the

                          VAULT_DEV_ROOT_TOKEN_ID environment variable.

  -dev-listen-address=""  If set, this overrides the normal Dev mode listen

                          address of "127.0.0.1:8200". Can also be specified

                          with the VAULT_DEV_LISTEN_ADDRESS environment

                          variable.

  -log-level=info         Log verbosity. Defaults to "info", will be output to

                          stderr. Supported values: "trace", "debug", "info",

                          "warn", "err"

>vault unseal

Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: dial tcp 127.0.0.1:8200: connectex: No connection could be made because the target machine actively refused it.

[John Stafford]

Armon, I also issued a netstat -a and there is nothing running at 127.0.0.1:8200 . I have included the output in the attached netstat.txt. I am not sure what prevents me from getting vault to run on my windows local. I have issued the "set VAULT_ADDR=http://127.0.0.1:8200" with no luck.

[Armon Dadgar]

Hey John,

You want to open two different terminals, in the first one run “vault server -dev” to run

a development mode server. This is long running, so you don’t want to kill it (it is running

in the foreground).

In the second window, run “set VAULT_ADDR=http://127.0.0.1:8200”, and then use the

Vault CLI, e.g. “vault status” should work. The Vault process long running, so you should

see it via netstat or a process monitor.

Hope that helps!

Best Regards,

Armon Dadgar

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/a7b25ef8-b0b5-4b3e-a791-46261b0aa920%40googlegroups.com.

[Jeff Mitchell]

Hi John,

To follow on to what Armon said, the output of the 'vault server'
comand told you what the issue is when running in non-dev mode:

> At least one config path must be specified with -config

You didn't specify a config file so the server could not be started,
and hence you couldn't connect to it.

Best,
Jeff

> https://groups.google.com/d/msgid/vault-tool/CAJaobSx9FqBrsBGYjQu27SZWd-M-98QA%3D2557Nc6%3DfiqvBTLAg%40mail.gmail.com.

[John Stafford]

Thank you Jeff and Armon. Starting to understand it all now.