2018-06-21 15:42:35 +00:00
---
2020-01-18 00:18:09 +00:00
layout: guides
page_title: Vault Disaster Recovery Replication Setup - Guides
sidebar_title: Disaster Recovery Setup
2018-06-21 15:42:35 +00:00
description: |-
This guide demonstrates step-by-step instruction of setting up a disaster
recovery (DR) replications.
---
# Vault Disaster Recovery Replication
~> **Enterprise Only:** Disaster Recovery Replication is a part of _Vault Enterprise Pro_.
It is inevitable for organizations to have a disaster recovery (DR) strategy to
protect their Vault deployment against catastrophic failure of an entire
cluster. Vault Enterprise supports multi-datacenter deployment where you can
replicate data across datacenters for performance as well as disaster recovery.
A cluster is the basic unit of Vault Enterprise replication which follows the
leader-follower model. A leader cluster is referred to as the **primary**
cluster and is considered the _system of record_. Data is streamed from the
primary cluster to all **secondary** (follower) clusters.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![Replication Pattern](/img/vault-ref-arch-8.png)
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
~> **Important:** In DR replication, secondary clusters **_do not forward_**
2018-06-21 15:42:35 +00:00
service read or write requests until they are promoted and become a new primary
2020-01-18 00:18:09 +00:00
- they essentially act as a warm standby cluster.
2018-06-21 15:42:35 +00:00
2020-01-22 20:05:41 +00:00
The [Mount Filter](/guides/operations/mount-filter) guide provides step-by-step
2020-01-18 00:18:09 +00:00
instructions on setting up performance replication. This guide focuses on DR
2018-06-21 15:42:35 +00:00
replication setup.
## Reference Materials
2020-01-22 20:05:41 +00:00
- [Performance Replication and Disaster Recovery (DR) Replication](/docs/enterprise/replication#performance-replication-and-disaster-recovery-dr-replication)
- [DR Replication API](/api/system/replication-dr)
- [Replication Setup & Guidance](/guides/operations/replication)
- [Vault HA guide](/guides/operations/vault-ha-consul)
2018-06-21 15:42:35 +00:00
## Estimated Time to Complete
10 minutes
## Prerequisites
This intermediate Vault operations guide assumes that you have some working
knowledge of Vault.
You need two Vault Enterprise clusters: one behaves as the **primary cluster**,
and another becomes the **secondary**.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Prerequisites](/img/vault-dr-0.png)
2018-06-21 15:42:35 +00:00
## Steps
This guide walk through the following operations:
1. [Enable DR Primary Replication](#step1)
1. [Enable DR Secondary Replication](#step2)
1. [Promote DR Secondary to Primary](#step3)
1. [Demote DR Primary to Secondary](#step4)
1. [Disable DR Primary](#step5)
### <a name="step1"></a>Step 1: Enable DR Primary Replication
#### CLI command
1. Enable DR replication on the **primary** cluster.
2020-01-18 00:18:09 +00:00
```plaintext
$ vault write -f sys/replication/dr/primary/enable
WARNING! The following warnings were returned from Vault:
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
* This cluster is being enabled as a primary for replication. Vault will be
unavailable for a brief period and will resume service shortly.
```
2018-06-21 15:42:35 +00:00
1. Generate a secondary token.
2020-01-18 00:18:09 +00:00
```plaintext
$ vault write sys/replication/dr/primary/secondary-token id="secondary"
```
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
The output should look similar to:
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
```plaintext
Key Value
--- -----
wrapping_token: eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyIjoiaHR0cDovLzEzLjU3LjIwLjQxOjgyMDAiLCJleHAiOjE1MjkzMzkzMzEsImlhdCI6MTUyOTMzNzUzMSwianRpIjoiZDZmMmMzZTItMTZjNS1mNTU0LWYxMzAtNzMzZDE0OWNiNTIzIiwidHlwZSI6IndyYXBwaW5nIn0.MIGIAkIArsC3s1x7GYnEbaYwAbYUj-Wgp4B3Q3kVXL0BbaKvsECySV4Pwtm--i24OSQfI9zAlsG8ZypOWJdngRa59wlhWdQCQgG22-I-aNWPehjsqmwwEADU-u37LUrR6O0MsUCqtfWYwIM9o7PFP1wMZ4JwDGftQXUH6hIrkXZDxnnGsSCJ1Vl75w
wrapping_accessor: bab0ea36-23f6-d21d-4ca6-a9c3673766a3
wrapping_token_ttl: 30m
wrapping_token_creation_time: 2018-06-18 15:58:51.645117216 +0000 UTC
wrapping_token_creation_path: sys/replication/dr/primary/secondary-token
```
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
-> Copy the generated **`wrapping_token`** which you will need to enable the DR
secondary cluster.
2018-06-21 15:42:35 +00:00
#### API call using cURL
1. Enable DR replication on the **primary** cluster by invoking **`/sys/replication/dr/primary/enable`** endpoint.
2020-01-18 00:18:09 +00:00
**Example:**
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
```plaintext
$ curl --header "X-Vault-Token: ..." \
--request POST \
--data '{}' \
https://cluster-A.example.com:8200/v1/sys/replication/dr/primary/enable
{
"request_id": "ef38af20-9c1f-138a-2d03-bbb6410fb0fc",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": [
"This cluster is being enabled as a primary for replication. Vault will be
unavailable for a brief period and will resume service shortly."
],
"auth": null
}
```
2018-06-21 15:42:35 +00:00
1. Generate a secondary token by invoking **`/sys/replication/dr/primary/secondary-token`** endpoint.
2020-01-18 00:18:09 +00:00
**Example:**
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
```plaintext
$ curl --header "X-Vault-Token: ..." \
--request POST \
--data '{ "id": "secondary"}' \
https://cluster-A.example.com:8200/v1/sys/replication/dr/primary/secondary-token | jq
{
"request_id": "",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": {
"token": "eyJhbGciOiJFUzUxMiIsInR5cCI6IkpXVCJ9.eyJhZGRyIjoiaHR0cDovLzEzLjU3LjIwLjQxOjgyMDAiLCJleHAiOjE1MjkzNDQzMjcsImlhdCI6MTUyOTM0MjUyNywianRpIjoiYmRiZTJiNzEtODgwMS05YjZjLTNjMTQtMzVkNDI3NDQ3MjEzIiwidHlwZSI6IndyYXBwaW5nIn0.MIGIAkIBmESVVq_83l9hixTN7Ot0v5XQMsQfi1zV9APooZWkLvbS2olBWSQnskykQQH6GskMOi-ypOlAabqxWmfoCLA8-TICQgHRdkbJGgAQtWmjc8Z-ZEgymMv8YZq6qQxbUtPXloyM-cf_1Y1qmdGDYWtjPqoF5m1Bt_WkAJl9MguVb04QMWSotw",
"accessor": "7e56e9da-178c-119d-1d01-807a203fa0b3",
"ttl": 1800,
"creation_time": "2018-06-18T17:22:07.129747708Z",
"creation_path": "sys/replication/dr/primary/secondary-token"
},
"warnings": null,
"auth": null
}
```
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
-> Copy the generated **`token`** which you will need to enable the DR
secondary cluster.
2018-06-21 15:42:35 +00:00
#### Web UI
Open a web browser and launch the Vault UI (e.g.
https://cluster-A.example.com:8200/ui) and then login.
1. Select **Replication** and check the **Disaster Recovery (DR)** radio button.
2020-01-18 00:18:09 +00:00
![DR Replication - primary](/img/vault-dr-1.png)
2018-06-21 15:42:35 +00:00
1. Click **Enable replication**.
1. Select the **Secondaries** tab, and then click **Add**.
2020-01-18 00:18:09 +00:00
![DR Replication - primary](/img/vault-dr-2.png)
2018-06-21 15:42:35 +00:00
1. Populate the **Secondary ID** field, and click **Generate token**.
2020-01-18 00:18:09 +00:00
![DR Replication - primary](/img/vault-dr-3.png)
2018-06-21 15:42:35 +00:00
1. Click **Copy** to copy the token which you will need to enable the DR secondary cluster.
2020-01-18 00:18:09 +00:00
![DR Replication - primary](/img/vault-dr-4.png)
2018-06-21 15:42:35 +00:00
### <a name="step2"></a>Step 2: Enable DR Secondary Replication
The following operations must be performed on the DR secondary cluster.
#### CLI command
1. Enable DR replication on the **secondary** cluster.
2020-01-18 00:18:09 +00:00
```plaintext
$ vault write sys/replication/dr/secondary/enable token="..."
```
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
Where the `token` is the `wrapping_token` obtained from the primary cluster.
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
Expected output:
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
```plaintext
WARNING! The following warnings were returned from Vault:
* Vault has successfully found secondary information; it may take a while to
perform setup tasks. Vault will be unavailable until these tasks and initial
sync complete.
```
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
!> **NOTE:** This will immediately clear all data in the secondary cluster.
2018-06-21 15:42:35 +00:00
#### API call using cURL
1. Enable DR replication on the **secondary** cluster.
2020-01-18 00:18:09 +00:00
```plaintext
$ tee payload.json <<EOF
{
"token": "..."
}
EOF
$ curl --header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://cluster-B.example.com:8200/v1/sys/replication/dr/secondary/enable | jq
{
"request_id": "7a9730c1-b6fc-6557-5c0a-081e1f89ed2d",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": [
"Vault has successfully found secondary information; it may take a while
to perform setup tasks. Vault will be unavailable until these tasks and
initial sync complete."
],
"auth": null
2018-06-21 15:42:35 +00:00
}
2020-01-18 00:18:09 +00:00
```
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
Where the `token` in `payload.json` is the token obtained from the primary
cluster.
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
!> **NOTE:** This will immediately clear all data in the secondary cluster.
2018-06-21 15:42:35 +00:00
#### Web UI
1. Now, launch the Vault UI for the **secondary** cluster (e.g. https://cluster-B.example.com:8200/ui) and click **Replication**.
1. Check the **Disaster Recovery (DR)** radio button and select **secondary** under the **Cluster mode**. Paste the token you copied from the primary in the **Secondary activation token** field.
2020-01-18 00:18:09 +00:00
![DR Replication - secondary](/img/vault-dr-5.png)
2018-06-21 15:42:35 +00:00
1. Click **Enable replication**.
2020-01-18 00:18:09 +00:00
![DR Replication - secondary](/img/vault-dr-5.2.png)
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
!> **NOTE:** This will immediately clear all data in the secondary cluster.
2018-06-21 15:42:35 +00:00
### <a name="step3"></a>Step 3: Promote DR Secondary to Primary
This step walks you through the promotion of the secondary cluster to become the
new primary when a catastrophic failure causes the primary cluster to be
inoperable. Refer to the [_Important Note about Automated DR
Failover_](#important) section for more background information.
First, you must generate a **DR operation token** which you need to promote the
2020-01-22 20:05:41 +00:00
secondary cluster. The process, outlined below using API calls, is the similar to [_Generating a Root Token (via CLI)_](/guides/operations/generate-root).
2018-06-21 15:42:35 +00:00
#### From Terminal
2020-01-18 00:18:09 +00:00
1. Generate an one time password (OTP) to use:
2018-06-21 15:42:35 +00:00
```plaintext
2018-09-20 16:19:01 +00:00
$ vault operator generate-root -dr-token -generate-otp
2018-06-21 15:42:35 +00:00
HenFLWmt0AgrjWJp/RECzQ==
```
2020-01-18 00:18:09 +00:00
1. Start the DR operation token generation process by invoking **`/sys/replication/dr/secondary/generate-operation-token/attempt`** endpoint.
2018-06-21 15:42:35 +00:00
2018-06-21 18:11:30 +00:00
**Example:**
2018-06-21 15:42:35 +00:00
```plaintext
$ tee payload.json <<EOF
{
"otp": "HenFLWmt0AgrjWJp/RECzQ=="
}
EOF
$ curl --request PUT \
--data @payload.json \
https://cluster-B.example.com:8200/v1/sys/replication/dr/secondary/generate-operation-token/attempt | jq
{
"nonce": "455bf989-6575-1262-c0d0-a94eaf60bdd0",
"started": true,
"progress": 0,
"required": 3,
"complete": false,
"encoded_token": "",
"encoded_root_token": "",
"pgp_fingerprint": ""
}
```
-> Distribute the generated **`nonce`** to each unseal key holder.
2020-01-18 00:18:09 +00:00
1. In order to generate a DR operation token, a quorum of unseal keys must be
entered by each key holder via **`/sys/replication/dr/secondary/generate-operation-token/update`** endpoint.
2018-06-21 15:42:35 +00:00
**Example:**
```plaintext
$ tee payload_key1.json <<EOF
{
"key": "<primary_unseal_key_1>",
"nonce": "455bf989-6575-1262-c0d0-a94eaf60bdd0"
}
EOF
$ curl --request PUT \
2020-01-18 00:18:09 +00:00
--data @payload_key1.json \
https://cluster-B.example.com:8200/v1/sys/replication/dr/secondary/generate-operation-token/update | jq
{
"nonce": "455bf989-6575-1262-c0d0-a94eaf60bdd0",
"started": true,
"progress": 1,
"required": 3,
"complete": false,
"encoded_token": "",
"encoded_root_token": "",
"pgp_fingerprint": ""
}
2018-06-21 15:42:35 +00:00
```
This operation must be executed by each unseal key holder. Once the quorum
has been reached, the output contains the encoded DR operation token
(`encoded_token`).
**Example:**
```plaintext
$ curl --request PUT \
2020-01-18 00:18:09 +00:00
--data @payload_key3.json \
https://cluster-B.example.com:8200/v1/sys/replication/dr/secondary/generate-operation-token/update | jq
2018-06-21 15:42:35 +00:00
{
"nonce": "455bf989-6575-1262-c0d0-a94eaf60bdd0",
"started": true,
"progress": 3,
"required": 3,
"complete": true,
"encoded_token": "dKNQqNmh3JfJcSZdGlkttQ==",
"encoded_root_token": "",
"pgp_fingerprint": ""
}
```
2020-01-18 00:18:09 +00:00
1. Decode the generated DR operation token (`encoded_token`).
2018-06-21 15:42:35 +00:00
**Example:**
```plaintext
2018-09-20 16:19:01 +00:00
$ vault operator generate-root -dr-token \
2018-06-21 15:42:35 +00:00
-decode="dKNQqNmh3JfJcSZdGlkttQ==" \
-otp="HenFLWmt0AgrjWJp/RECzQ=="
23e02f22-2ae6-94cc-d93f-5ee295e03e9d
```
2020-01-18 00:18:09 +00:00
1. Finally, promote the DR secondary to become the primary by invoking the
**`sys/replication/dr/secondary/promote`** endpoint. The request payload must
contains the DR operation token.
2018-06-21 15:42:35 +00:00
**Example:**
```plaintext
$ tee payload.json <<EOF
{
2020-01-18 00:18:09 +00:00
"dr_operation_token": "23e02f22-2ae6-94cc-d93f-5ee295e03e9d"
2018-06-21 15:42:35 +00:00
}
EOF
$ curl --header "X-Vault-Token: ..." \
2020-01-18 00:18:09 +00:00
--request POST \
--data @payload.json \
https://cluster-B.example.com:8200/v1/sys/replication/dr/secondary/promote | jq
2018-06-21 15:42:35 +00:00
{
"request_id": "3879546b-1dc7-8490-521b-80104ad761b5",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": [
"This cluster is being promoted to a replication primary. Vault will be unavailable
for a brief period and will resume service shortly."
],
"auth": null
}
```
#### Web UI
2020-01-18 00:18:09 +00:00
1. Click on **Generate OTP** to generate an OTP. Then click **Copy OTP**.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - secondary](/img/vault-dr-6.png)
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
1. Click **Generate Operation Token**.
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
1. A quorum of unseal keys must be entered to create a new operation token for
the DR secondary.
2018-06-21 15:42:35 +00:00
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - secondary](/img/vault-dr-7.png)
2018-06-21 15:42:35 +00:00
-> This operation must be performed by each unseal-key holder.
2020-01-18 00:18:09 +00:00
1. Once the quorum has been reached, the output displays the encoded DR operation token. Click **Copy CLI command**.
2018-06-21 15:42:35 +00:00
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - secondary](/img/vault-dr-8.png)
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
1. Execute the CLI command from a terminal to generate a DR operation token
using the OTP generated earlier. (Be sure to enter your OTP in the command.)
2018-06-21 15:42:35 +00:00
**Example:**
```
2018-09-20 16:19:01 +00:00
$ vault operator generate-root -dr-token \
2020-01-18 00:18:09 +00:00
-otp="vZpZZf5UI1nvB3A5/7Xq9A==" \
2018-06-21 15:42:35 +00:00
-decode="cuplaFGYduDEY6ZVC5IfaA=="
cf703c0d-afcc-55b9-2b64-d66cf427f59c
```
2020-01-18 00:18:09 +00:00
1. Now, click **Promote** tab, and then enter the generated DR operation token.
2018-06-21 15:42:35 +00:00
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - secondary](/img/vault-dr-9-1.png)
2018-06-21 15:42:35 +00:00
2020-01-18 00:18:09 +00:00
1. Click **Promote cluster**.
2018-06-21 15:42:35 +00:00
When you prompted, "_Are you sure you want to promote this cluster?_", click **Promote cluster** again to complete.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - secondary](/img/vault-dr-9.png)
2018-06-21 15:42:35 +00:00
> Once the secondary cluster was successfully promoted, you should be able to
2020-01-18 00:18:09 +00:00
> log in using the original primary cluster's root token or via configured
> authentication method. If desired, generate a [new root
2020-01-22 20:05:41 +00:00
> token](/guides/operations/generate-root).
2018-06-21 15:42:35 +00:00
### <a name="step4"></a>Step 4: Demote DR Primary to Secondary
If the _original_ DR primary cluster becomes operational again, you may want to
utilize the cluster by making it a DR secondary cluster. This step explains how
to demote the original DR primary cluster to a secondary.
~> Remember that there is only **one** primary cluster available to the clients
in DR replication.
#### CLI command
Execute the following command to demote the original DR primary cluster to a
secondary.
```plaintext
$ vault write -f sys/replication/dr/primary/demote
WARNING! The following warnings were returned from Vault:
* This cluster is being demoted to a replication secondary. Vault will be
unavailable for a brief period and will resume service shortly.
```
This secondary cluster will not attempt to connect to a primary (see the
update-primary call), but will maintain knowledge of its cluster ID and can be
reconnected to the same DR replication set without wiping local storage.
#### API call using cURL
Invoke the **`sys/replication/dr/secondary/enable`** endpoint to demote the
original DR primary cluster to a secondary.
```plaintext
$ curl --header "X-Vault-Token: ..." \
--request POST \
https://cluster-A.example.com:8200/v1/sys/replication/dr/primary/demote | jq
{
"request_id": "8a40adac-6eb7-c798-48d0-f7cdd25fdd6f",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": [
"This cluster is being demoted to a replication secondary. Vault will be unavailable for a brief period and will resume service shortly."
],
"auth": null
}
```
This secondary cluster will not attempt to connect to a primary (see the
update-primary call), but will maintain knowledge of its cluster ID and can be
reconnected to the same DR replication set without wiping local storage.
#### Web UI
Select **Replication** and click **Demote cluster**.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - demotion](/img/vault-dr-10.png)
2018-06-21 15:42:35 +00:00
When you prompted, "_Are you sure you want to demote this cluster?_", click
**Demote cluster** again to complete.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - demotion](/img/vault-dr-12.png)
2018-06-21 15:42:35 +00:00
### <a name="step5"></a>Step 5: Disable DR Primary
Once the DR secondary cluster was promoted to be the **new primary**, you may
want to disable the DR replication on the _original_ primary when it becomes
operational again.
~> Remember that there is only **one** primary cluster available to the clients
in DR replication.
#### CLI command
Execute the following command to disable DR replication.
```plaintext
$ vault write -f sys/replication/dr/primary/disable
WARNING! The following warnings were returned from Vault:
* This cluster is having replication disabled. Vault will be unavailable for
a brief period and will resume service shortly.
```
Any secondaries will no longer be able to connect.
#### API call using cURL
Invoke the **`sys/replication/dr/primary/disable`** endpoint to disable DR
replication.
```plaintext
$ curl --header "X-Vault-Token: ..." \
--request POST \
https://cluster-A.example.com:8200/v1/sys/replication/dr/primary/disable | jq
{
"request_id": "92a5f57a-2f7b-11be-b9dd-0f028396fba8",
"lease_id": "",
"renewable": false,
"lease_duration": 0,
"data": null,
"wrap_info": null,
"warnings": [
"This cluster is having replication disabled. Vault will be unavailable for a brief period and will resume service shortly."
],
"auth": null
}
```
Any secondaries will no longer be able to connect.
#### Web UI
Select **Replication** and click **Disable replication**.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - demotion](/img/vault-dr-11.png)
2018-06-21 15:42:35 +00:00
When you prompted, "_Are you sure you want to disable replication on this
cluster?_", click **Disable** again to complete.
New Docs Website (#5535)
* conversion stage 1
* correct image paths
* add sidebar title to frontmatter
* docs/concepts and docs/internals
* configuration docs and multi-level nav corrections
* commands docs, index file corrections, small item nav correction
* secrets converted
* auth
* add enterprise and agent docs
* add extra dividers
* secret section, wip
* correct sidebar nav title in front matter for apu section, start working on api items
* auth and backend, a couple directory structure fixes
* remove old docs
* intro side nav converted
* reset sidebar styles, add hashi-global-styles
* basic styling for nav sidebar
* folder collapse functionality
* patch up border length on last list item
* wip restructure for content component
* taking middleman hacking to the extreme, but its working
* small css fix
* add new mega nav
* fix a small mistake from the rebase
* fix a content resolution issue with middleman
* title a couple missing docs pages
* update deps, remove temporary markup
* community page
* footer to layout, community page css adjustments
* wip downloads page
* deps updated, downloads page ready
* fix community page
* homepage progress
* add components, adjust spacing
* docs and api landing pages
* a bunch of fixes, add docs and api landing pages
* update deps, add deploy scripts
* add readme note
* update deploy command
* overview page, index title
* Update doc fields
Note this still requires the link fields to be populated -- this is solely related to copy on the description fields
* Update api_basic_categories.yml
Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages.
* Add bottom hero, adjust CSS, responsive friendly
* Add mega nav title
* homepage adjustments, asset boosts
* small fixes
* docs page styling fixes
* meganav title
* some category link corrections
* Update API categories page
updated to reflect the second level headings for api categories
* Update docs_detailed_categories.yml
Updated to represent the existing docs structure
* Update docs_detailed_categories.yml
* docs page data fix, extra operator page remove
* api data fix
* fix makefile
* update deps, add product subnav to docs and api landing pages
* Rearrange non-hands-on guides to _docs_
Since there is no place for these on learn.hashicorp, we'll put them
under _docs_.
* WIP Redirects for guides to docs
* content and component updates
* font weight hotfix, redirects
* fix guides and intro sidenavs
* fix some redirects
* small style tweaks
* Redirects to learn and internally to docs
* Remove redirect to `/vault`
* Remove `.html` from destination on redirects
* fix incorrect index redirect
* final touchups
* address feedback from michell for makefile and product downloads
2018-10-19 15:40:11 +00:00
![DR Replication - demotion](/img/vault-dr-13.png)
2018-06-21 15:42:35 +00:00
Any secondaries will no longer be able to connect.
!> **Caution:** Once this is done, re-enabling the DR replication as a primary
2020-01-18 00:18:09 +00:00
will change the cluster's ID. Its connecting secondaries will require a wipe of
2018-06-21 15:42:35 +00:00
the underlying storage even if they have connected before. If re-enabling DR
replication as a secondary, its underlying storage will be wiped when connected
to a primary.
## <a name="important"></a>Important Note about Automated DR Failover
Vault does not support an automatic failover/promotion of a DR secondary
cluster, and this is a deliberate choice due to the difficulty in accurately
evaluating why a failover should or shouldn't happen. For example, imagine a
DR secondary loses its connection to the primary. Is it because the primary is
down, or is it because networking between the two has failed?
If the DR secondary promotes itself and clients start connecting to it, you now
have two active clusters whose data sets will immediately start diverging.
There's no way to understand simply from one perspective or the other which one
of them is right.
Vault's API supports programmatically performing various replication operations
which allows the customer to write their own logic about automating some of
these operations based on experience within their own environments. You can
review the available replication APIs at the following links:
2020-01-22 20:05:41 +00:00
- [Vault Replication API](/api/system/replication)
- [DR Replication API](/api/system/replication-dr)
- [Performance Replication API](/api/system/replication-performance)
2018-06-21 15:42:35 +00:00
## Next steps
2020-01-22 20:05:41 +00:00
Read [Production Hardening](/guides/operations/production) to learn more
2018-06-21 15:42:35 +00:00
about the guidance on hardening the production deployments of Vault.