Force Leader Change
803 views
Skip to first unread message
george....@mx.com
Feb 17, 2016, 12:41:56 PM2/17/16
to Vault
I need to do maintenance on a Vault node member, but don't want to shut the service down and make it seal on that node. Is there a way to force leader change without stopping the service?
mlap...@newrelic.com
Feb 17, 2016, 1:40:37 PM2/17/16
to Vault
Hey George,
Are you running Vault in HA mode? If yes, then to force a leader change, you would seal the current leader and Vault would automatically elect a new one.
I did this last week to upgrade to 0.5. I have 3 vault nodes connected to Consul. I brought down the 2 standby nodes, upgraded them and brought them back up (back to standby). I then brought down my leader node and one of the other two standby nodes became active. I then upgraded the previous leader node and brought it up in standby. Total time was ~ 5 minutes and there was zero down time.
HTH,
Matt
george....@mx.com
Feb 17, 2016, 1:49:02 PM2/17/16
to Vault
Yeah, to clarify -- without sealing the Vault on that node. Didn't want to have to round everyone up to unseal one node for maintenance that doesn't require restarting the service.
Jeff Mitchell
Feb 18, 2016, 12:28:45 PM2/18/16
to vault...@googlegroups.com
Hi George,
You could interrupt network connectivity between Vault and your
physical backend for some period of time (probably 15-30 seconds
depending on which backend -- long enough for the lock to be lost).
But if that Vault is the leader, this is probably not a great
experience for your users :-)
Other than that there isn't currently a way to force a leader to step
down without sealing, although there could be. Feel free to file an
issue for this if you like.
Thanks,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/499912dc-228c-4ac3-b7a8-ae2624a9ce0e%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
You could interrupt network connectivity between Vault and your
physical backend for some period of time (probably 15-30 seconds
depending on which backend -- long enough for the lock to be lost).
But if that Vault is the leader, this is probably not a great
experience for your users :-)
Other than that there isn't currently a way to force a leader to step
down without sealing, although there could be. Feel free to file an
issue for this if you like.
Thanks,
Jeff
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/499912dc-228c-4ac3-b7a8-ae2624a9ce0e%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
Michael Fischer
Feb 18, 2016, 1:22:41 PM2/18/16
to vault...@googlegroups.com
If you do file an issue, can you post the URL here so I can +1 it?
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAORe8GH80GOok899rY_KQkmjsbWXJ-rrwVp7ebDRj%3DJaXXdkJg%40mail.gmail.com.
george....@mx.com
Feb 18, 2016, 1:24:09 PM2/18/16
to Vault
Reply all
Reply to author
Forward
0 new messages