Re: [vault] UI (browser) link not working for Vault HA Cluster
1,009 views
Skip to first unread message
Vikrant Dubey
Sep 22, 2018, 1:57:29 PM9/22/18
to vault...@googlegroups.com
I am all set with my
--> 2 Vault servers: 1 active and 1 standby
--> Cluster of 3 Consul servers.
But Vault URL for its UI is not working. Error 404 is coming. What needs to be done to get UI open using http://IPADDRESS:8200/ui
Regards.
VIKRANT DUBEY
On Sat, Sep 22, 2018, 4:54 PM Vikrant Dubey <vikra...@gmail.com> wrote:
Hello All,I am all set with my--> 2 Vault servers: 1 active and 1 standby--> Cluster of 3 Consul servers.But Vault URL for its UI is not working. Error 404 is coming. What needs to be done to get UI open using http://IPADDRESS:8200/uiOn Fri, Sep 21, 2018 at 9:09 PM Chris Hoffman <chof...@hashicorp.com> wrote:--Vault HA mode works where all server instances are using the same shared storage but only one is active at a given time. You can read more about HA here https://www.vaultproject.io/guides/operations/vault-ha-consul.html and https://www.vaultproject.io/docs/concepts/ha.html.As a point of clarification, the exportable flag is only valid for API requests from Vault. Server to server communication through Vault’s replication modes found in Vault Enterprise will still pass this information to secondary servers.ChrisOn Sep 21, 2018, 1:25 AM -0400, Salvador Salazar <ssal...@gmail.com>, wrote:
Reading through https://www.vaultproject.io/docs/internals/high-availability.html documentation, it is unclear to me how a HA set up works. I understand it's a master-slave scheme, where only the master will process all incoming request (reads and writes).--However, if I understood correctly, when using the transit secret engine, encryption keys are stored within Vault's server. In the eventual scenario of the server going down, how do the "slave" vault servers learn about the pre-existent encryption keys? Do I need to set keys as "exportable", as https://www.vaultproject.io/api/secret/transit/index.html#exportable, and copy the keys to the slave servers?If there is any deeper documentation that you can point me to, I will be happy to go through everything. :)Thank you
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/9578523c-c528-4dc7-beb3-a82bb2765f87%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/f47cf0a0-5cfe-43f5-9264-12a0aba015aa%40Spark.
For more options, visit https://groups.google.com/d/optout.
Vikrant Dubey
Sep 22, 2018, 6:20:06 PM9/22/18
to vault...@googlegroups.com
I am all set with my
--> 2 Vault servers: 1 active and 1 standby
--> Cluster of 3 Consul servers.
But Vault URL for its UI is NOT working. Error 404 is coming. What needs to be done to get UI open using http://IPADDRESS:8200/ui
Matthew Irish
Sep 24, 2018, 12:36:06 PM9/24/18
to Vault
Hi Vikrant,
Do you have the ui enabled in your config file? https://www.vaultproject.io/docs/configuration/ui/index.html
Once that's enabled, if you go directly to http://IPADDRESS:8200 in a browser, you should be redirected to the the ui. If you want to go directly there, make sure that you're navigating to /ui/ with the trailing slash.
Cheers,
Matthew
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CA%2Bj_%2BkEfCfpVsUviz52%2BP1SaW4ogeUHJGML5n9Auk%3Dd63J0v-A%40mail.gmail.com.
Vikrant Dubey
Sep 24, 2018, 12:47:21 PM9/24/18
to vault...@googlegroups.com
Thank you for responding and understanding my concern. I tried with ui = true. But did not worked.Ok..let me explain you. Vault when installed alone its ui works fine..but when i point vault to consul background then vault ui stop working. Only consul ui works. My question is :
1) can we open Vault ui and Consul ui at the same time.
2) how will i write secrets from vault to consul. I mean how should i practically use this vault HA cluster having consul as backend.
Thanks in advance!!
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAM6U7_P1OttYFE_36XVxtnp3%3DcR0dOCLQ3CSqPBvRgWQeWW9VQ%40mail.gmail.com.
Message has been deleted
Fred Mehrdad
Oct 25, 2018, 12:16:15 PM10/25/18
to Vault
I had put ui: true under tcp. like this
{
"listener": {
"tcp": {
...
"ui": true
}
},
"storage": {
"consul": {
"address": "consul-server:8500",
"path": "vault"
}
}
}
Once I moved to top it worked.
{
"listener": {
"tcp": {
...
}
},
"storage": {
"consul": {
"address": "consul-server:8500",
"path": "vault"
}
}
"ui": true
}
Reply all
Reply to author
Forward
0 new messages