hvac.exceptions.VaultDown: no active Vault instance found
326 views
Skip to first unread message
conor....@infectiousmedia.com
Nov 1, 2016, 7:12:52 AM11/1/16
to Vault
I keep getting this error even though the vault logs appear to be normal. Any suggestions?
```2016/11/01 11:07:53 [WARN] core: stopping active operation
2016/11/01 11:07:53 [INFO] core: pre-seal teardown starting
2016/11/01 11:07:53 [INFO] rollback: stopping rollback manager
2016/11/01 11:07:53 [INFO] core: pre-seal teardown complete
2016/11/01 11:07:53 [INFO] core: vault is sealed
2016/11/01 11:07:53 [INFO] core: vault is unsealed
2016/11/01 11:07:53 [INFO] core: entering standby mode
2016/11/01 11:07:53 [INFO] core: acquired lock, enabling active operation
2016/11/01 11:07:53 [INFO] core: post-unseal setup starting
2016/11/01 11:07:53 [INFO] core: mounted backend of type generic at secret/
2016/11/01 11:07:53 [INFO] core: mounted backend of type cubbyhole at cubbyhole/
2016/11/01 11:07:53 [INFO] core: mounted backend of type system at sys/
2016/11/01 11:07:53 [INFO] rollback: starting rollback manager
2016/11/01 11:07:53 [INFO] core: post-unseal setup complete
```
Jeff Mitchell
Nov 1, 2016, 10:30:25 AM11/1/16
to vault...@googlegroups.com
Hi Conor,
It's hard to say without more context but I'd first try hitting up
your Vault instances directly (CLI, for instance) and check status
(e.g. 'vault status'). If the status reply doesn't think there's a
leader, then the next question is why, but this is a good first step.
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/aced6415-a1d4-4588-bb30-d3483f7cdc2a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
It's hard to say without more context but I'd first try hitting up
your Vault instances directly (CLI, for instance) and check status
(e.g. 'vault status'). If the status reply doesn't think there's a
leader, then the next question is why, but this is a good first step.
Best,
Jeff
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/aced6415-a1d4-4588-bb30-d3483f7cdc2a%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
conor....@infectiousmedia.com
Nov 4, 2016, 6:27:10 AM11/4/16
to Vault
Thanks for getting back to me Jeff.
The vault status returns
High-Availability Enabled: true
Mode: active
Leader: http://172.x.y.z:8500 (consul)
Vault sometimes works and I get a return value for the secret/path but the majority of the time "no active Vault instance found".
I set a time delay between each access to the Vault but this did not fix the issue.
Thanks
Conor
Jeff Mitchell
Nov 4, 2016, 9:54:16 AM11/4/16
to vault...@googlegroups.com
Hi Conor,
That leader address looks fishy -- it's showing port 8500 which is the
Consul port.
Can you paste your Vault configuration files?
Best,
Jeff
That leader address looks fishy -- it's showing port 8500 which is the
Consul port.
Can you paste your Vault configuration files?
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/d8a74334-a489-4122-baf3-9a6225624e21%40googlegroups.com.
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
conor....@infectiousmedia.com
Nov 4, 2016, 10:32:49 AM11/4/16
to Vault
Hi Jeff,
Thanks
#We don't run swap on our hosts to this is fine. disable_mlock = true backend "consul" { address = "172.x.y.z:8500" advertise_addr = "http://172.x.y.z:8500" path = "vault" } listener "tcp" { address = "0.0.0.0:8200" tls_disable = 1 }
Conor
On Tuesday, 1 November 2016 11:12:52 UTC, conor....@infectiousmedia.com wrote:
Jeff Mitchell
Nov 4, 2016, 10:35:50 AM11/4/16
to vault...@googlegroups.com
Hi Conor,
That advertise_addr is going to cause you problems for sure...it
should probably be port 8200. I recommend taking a look at
https://www.vaultproject.io/docs/concepts/ha.html as it covers this
and forwarding setup in detail.
Best,
Jeff
That advertise_addr is going to cause you problems for sure...it
should probably be port 8200. I recommend taking a look at
https://www.vaultproject.io/docs/concepts/ha.html as it covers this
and forwarding setup in detail.
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/f853185b-047e-4be4-ae4f-81b4c994a301%40googlegroups.com.
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
conor....@infectiousmedia.com
Nov 4, 2016, 11:20:28 AM11/4/16
to Vault
Hi Jeff,
I am still getting the above error.
vault@3bff6e3d7406:/$ vault status
Sealed: false
Key Shares: 5
Key Threshold: 3
Unseal Progress: 0
High-Availability Enabled: true
Mode: active
Jeff Mitchell
Nov 4, 2016, 2:52:31 PM11/4/16
to vault...@googlegroups.com
Hi Conor,
I don't have good ideas right now -- my only suggestion currently
would be to keep a close eye on the Vault logs and Consul logs to look
for any kind of flapping in leadership of either one. If you're not
seeing leader elections taking place in either and 'vault status'
constantly returns the expected result then it may be something
specific to hvac.
Best,
Jeff
I don't have good ideas right now -- my only suggestion currently
would be to keep a close eye on the Vault logs and Consul logs to look
for any kind of flapping in leadership of either one. If you're not
seeing leader elections taking place in either and 'vault status'
constantly returns the expected result then it may be something
specific to hvac.
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/da92d863-ba3b-4abd-9800-eb4bcb6960e1%40googlegroups.com.
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
Reply all
Reply to author
Forward
0 new messages