Skip to main content

Handling Vault Node Restart

Each time a Vault node restarts, you will have to unseal it, so that it can participate in the cluster.
Here are steps to do that.

Switch to root on the node with:

sudo -i

Set exports for the node:

NOTE: Make sure that the vault_addr variable is pointing to the local node being unsealed, here.

export VAULT_ADDR="https://vault0205.ogsofttech.lan:8200";
export VAULT_CACERT="/opt/vault/tls/ca.crt"

NOTE: Use the fully-qualified hostname above, as it appears in the node's cert.

Now, unseal each node, by calling this command once each, for three of the five unseal keys:

NOTE: It will prompt you for the unseal key, each time you run it.

vault operator unseal

Once unsealed, you can verify cluster membership with this:

vault operator raft list-peers

When run, you will see something like this:

image.png

If healthy, you will see one node as leader, and the others as voting followers.

NOTE: Make sure each node you configured, is present.

 

No Comments
Back to top