dial tcp 127.0.0.1:8200: connect: connection refused
3,151 views
Skip to first unread message
gianpaolo
Oct 18, 2019, 5:08:22 AM10/18/19
to Vault
Hello!
Started using vault and followed this guide to install it.
It worked fine but when I reboot the machine (Ubuntu) I saw this error:
>vault status
Error checking seal status: Get http://127.0.0.1:8200/v1/sys/seal-status: dial tcp 127.0.0.1:8200: connect: connection refused
Error checking seal status: Get http://127.0.0.1:8200/v1/sys/seal-status: dial tcp 127.0.0.1:8200: connect: connection refused
systemctl status vault
● vault.service - "HashiCorp Vault - A tool for managing secrets"
Loaded: loaded (/etc/systemd/system/vault.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-10-18 10:34:12 CEST; 14min ago
Docs: https://www.vaultproject.io/docs/
Main PID: 1554 (vault)
Tasks: 7 (limit: 4656)
CGroup: /system.slice/vault.service
└─1554 /usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
● vault.service - "HashiCorp Vault - A tool for managing secrets"
Loaded: loaded (/etc/systemd/system/vault.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2019-10-18 10:34:12 CEST; 14min ago
Docs: https://www.vaultproject.io/docs/
Main PID: 1554 (vault)
Tasks: 7 (limit: 4656)
CGroup: /system.slice/vault.service
└─1554 /usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
I'can't find any log file either.
Env vars are correctly setup. Config files here:
vault.hcl
disable_cache = true
disable_mlock = true
ui = true
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
storage "file" {
path = "/opt/vault/data"
}
api_addr = "http://0.0.0.0:8200"
max_lease_ttl = "10h"
default_lease_ttl = "10h"
cluster_name = "vault"
raw_storage_endpoint = true
disable_sealwrap = true
disable_printable_check = true
disable_mlock = true
ui = true
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
storage "file" {
path = "/opt/vault/data"
}
api_addr = "http://0.0.0.0:8200"
max_lease_ttl = "10h"
default_lease_ttl = "10h"
cluster_name = "vault"
raw_storage_endpoint = true
disable_sealwrap = true
disable_printable_check = true
/etc/systemd/system/vault.service
[Unit]
Description="HashiCorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault.d/vault.hcl
StartLimitIntervalSec=60
StartLimitBurst=3
[Service]
User=vault
Group=vault
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
StartLimitInterval=60
StartLimitIntervalSec=60
StartLimitBurst=3
LimitNOFILE=65536
LimitMEMLOCK=infinity
[Install]
WantedBy=multi-user.target
Description="HashiCorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault.d/vault.hcl
StartLimitIntervalSec=60
StartLimitBurst=3
[Service]
User=vault
Group=vault
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
StartLimitInterval=60
StartLimitIntervalSec=60
StartLimitBurst=3
LimitNOFILE=65536
LimitMEMLOCK=infinity
[Install]
WantedBy=multi-user.target
What am I doing wrong?
Gianpaolo
Lowe Schmidt
Oct 18, 2019, 9:30:14 AM10/18/19
to Vault
If you ever stop Vault, you will need to unseal the instance before it can be used.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/7788df8b-0fc0-4e83-b32c-241316d49662%40googlegroups.com.
Nick Cabatoff
Oct 18, 2019, 9:35:57 AM10/18/19
to vault...@googlegroups.com
Even when sealed Vault should still be listening, so you shouldn't get a "connection refused".
What does journalctl -eu vault report?
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAC-wWcQTUk1S7v%3DQUhTvvAtB8%3D%3D36AeO5Z%2B4MTjd%2BVO3e0sraA%40mail.gmail.com.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages