Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault storage migration from MySQL to RAFT results in uninitialized cluster despite successful migration #29368

Open
javiermmenendez opened this issue Jan 19, 2025 · 0 comments
Open

Vault storage migration from MySQL to RAFT results in uninitialized cluster despite successful migration #29368

javiermmenendez opened this issue Jan 19, 2025 · 0 comments

Comments

@javiermmenendez
Copy link

Describe the bug
I'm trying to migrate from a MySQL storage backend to a RAFT storage backend following the official documentation, but the migration process results in an uninitialized cluster, preventing me from proceeding with the migration.
I follow this document: https://support.hashicorp.com/hc/en-us/articles/17295423360403-How-to-migrate-Vault-s-storage-backend-to-a-new-Vault-cluster-in-Kubernetes
To Reproduce
Steps to reproduce the behavior:

Have a source Vault cluster running with MySQL storage backend (verified running and unsealed)
Deploy a new Vault instance configured with RAFT storage (uninitialized as per documentation)
Create and apply the migration configuration file
Run vault operator migrate -config migrate.hcl
Check new cluster status showing uninitialized state instead of initialized as documented

Expected behavior
According to the documentation, after migration, the new RAFT cluster should be initialized and ready to unseal, but instead, it remains uninitialized.
Environment:

Source Vault Server Version: 1.13.2
Destination Vault Server Version: 1.18.1
Server Operating System/Architecture: OpenShift 4.14
Both source and destination Vault instances are running in the same OpenShift cluster

Migration configuration file:

  username = "mysql_user"
  password = "XXXXXXXXXXXXX"
  database = "vault"
  address = "vault-mariadb:3306"
}

storage_destination "raft" {
  path = "/vault/data/dyn-migrate"
  node_id = "vault-0"
}
cluster_addr = "http://127.0.0.1:8201"

Additional context
The migration command completes successfully with the message "Success! All of the keys have been migrated." However, when checking the status of the new cluster, it shows as uninitialized:

Key                Value
---                -----
Seal Type          shamir
Initialized        false
Sealed             true
Total Shares       0
Threshold          0
Unseal Progress    0/0
Unseal Nonce       n/a
Version            1.18.1
Build Date         2024-10-29T14:21:31Z
Storage Type       raft
HA Enabled         true

The source cluster status was properly initialized and unsealed before the migration attempt.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@javiermmenendez