Handling Vault Node Restart

Each time a Vault node restarts, you will have to unseal it, so that it can participate in the cluster. Here are steps to do that. 

 Switch to root on the node with: 

 sudo -i 

 Set exports for the node: 

 NOTE: Make sure that the vault_addr variable is pointing to the local node being unsealed, here. 

 export VAULT_ADDR="https://vault0205.ogsofttech.lan:8200";

export VAULT_CACERT="/opt/vault/tls/ca.crt" 

 NOTE: Use the fully-qualified hostname above, as it appears in the node's cert. 

 Now, unseal each node, by calling this command once each, for three of the five unseal keys: 

 NOTE: It will prompt you for the unseal key, each time you run it. 

 vault operator unseal 

 Once unsealed, you can verify cluster membership with this: 

 vault operator raft list-peers 

 When run, you will see something like this: 

 

 If healthy, you will see one node as leader, and the others as voting followers. 

 NOTE: Make sure each node you configured, is present.