Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vault v1.17.0: DynamoDB as HA storage causes random members to be sealed sometimes randomly. #28896

Open
hajali-amine opened this issue Nov 13, 2024 · 2 comments

Comments

@hajali-amine
Copy link

Describe the bug

We have a 3 node Vault cluster with DynamoDB as an HA backend.

Randomly, one of the members will get sealed all of a sudden thus making the cluster a 2 node cluster.

Once we unseal it, it gets back to normal.

To Reproduce

It happens randomly

Expected behavior

It doesn't get sealed.

Environment:
Vault v1.17.0
Ubuntu 20.04.6 LTS

Vault server configuration file(s):

cluster_name = "x"
max_lease_ttl = "768h"
default_lease_ttl = "768h"

disable_clustering = "False"
cluster_addr = "https://x:8201"
api_addr = "https://x:8200"

plugin_directory = "/usr/local/lib/vault/plugins"

listener "tcp" {
  address = "x:8200"
  cluster_address = "x:8201"
  tls_client_ca_file="xxxx.pem"
  tls_cert_file = "xxxx.pem"
  tls_key_file = "xxxx.key"
  tls_min_version  = "tls13"
  tls_disable = "false"
  }

backend "dynamodb" {
    table =          "xxxxx"
    ha_enabled =     "True"
    max_parallel =   "128"
    region =         ""
    access_key =     ""
    secret_key =     ""
    session_token =  ""
}


ui = true

log_format = "json"

telemetry {
    prometheus_retention_time = "720h"
    disable_hostname = true
  }
@stevendpclark
Copy link
Contributor

Hello @hajali-amine,

Are there any logs you can post around when the node seals itself that could indicate the cause? With the information you've provided we don't have enough to investigate.

@hajali-amine
Copy link
Author

here are the logs around the time it happened - there's nothing before or after these lines in here

vault-logs-pre-seal-20241201.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants