c45bdca0b3
* raft: initial work on raft ha storage support * add note on join * add todo note * raft: add support for bootstrapping and joining existing nodes * raft: gate bootstrap join by reading leader api address from storage * raft: properly check for raft-only for certain conditionals * raft: add bootstrap to api and cli * raft: fix bootstrap cli command * raft: add test for setting up new cluster with raft HA * raft: extend TestRaft_HA_NewCluster to include inmem and consul backends * raft: add test for updating an existing cluster to use raft HA * raft: remove debug log lines, clean up verifyRaftPeers * raft: minor cleanup * raft: minor cleanup * Update physical/raft/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/ha.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/ha.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/logical_system_raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * address feedback comments * address feedback comments * raft: refactor tls keyring logic * address feedback comments * Update vault/raft.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * address feedback comments * testing: fix import ordering * raft: rename var, cleanup comment line * docs: remove ha_storage restriction note on raft * docs: more raft HA interaction updates with migration and recovery mode * docs: update the raft join command * raft: update comments * raft: add missing isRaftHAOnly check for clearing out state set earlier * raft: update a few ha_storage config checks * Update command/operator_raft_bootstrap.go Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com> * raft: address feedback comments * raft: fix panic when checking for config.HAStorage.Type * Update vault/raft.go Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * Update website/pages/docs/commands/operator/raft.mdx Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> * raft: remove bootstrap cli command * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * Update vault/raft.go Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * raft: address review feedback * raft: revert vendored sdk * raft: don't send applied index and node ID info if we're HA-only Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> Co-authored-by: Alexander Bezobchuk <alexanderbez@users.noreply.github.com> Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
50 lines
1.9 KiB
Plaintext
50 lines
1.9 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Recovery Mode
|
|
sidebar_title: Recovery Mode
|
|
description: Recovery mode allows for doing surgery on a Vault that won't start.
|
|
---
|
|
|
|
# Recovery Mode
|
|
|
|
Vault can be started using the `-recovery` flag to bring it up in Recovery Mode.
|
|
|
|
In recovery mode, Vault:
|
|
|
|
- is automatically unsealed once a recovery token is issued
|
|
- apart from recovery token operations, only supports the `sys/raw` endpoint
|
|
- `raw` requests must be authenticated using a recovery token
|
|
- won't form clusters or handle requests forwarded by standbys
|
|
|
|
## Recovery tokens
|
|
|
|
Recovery tokens are issued in much the same way as root tokens are generated:
|
|
the API is basically the same, only using a different endpoint. Unlike root
|
|
tokens, the recovery token is not persisted, so if Vault is restarted into
|
|
recovery mode a new one must be generated.
|
|
|
|
Only a single recovery token can be generated. If lost, restart Vault and
|
|
generate a new one.
|
|
|
|
## Raw requests
|
|
|
|
Requests can be issued to `sys/raw` in just the same way as in regular Vault
|
|
server mode. The only difference is that in recovery mode, `X-Vault-Token`
|
|
must contain a recovery token instead of a service or batch token.
|
|
|
|
## Raft rejoin
|
|
|
|
Raft integrated storage is the immediate motivation for recovery mode. With
|
|
other backends it was always possible to delete data directly from a storage
|
|
backend, but that's impractical with a Raft backend. That said, recovery mode
|
|
works with any backend.
|
|
|
|
In order to bring the Vault server up reliably, using any node's raft data,
|
|
recovery mode Vault automatically resizes the cluster to size 1. This means
|
|
that after having used recovery mode, part of the procedure for returning to
|
|
active service must include rejoining the raft cluster.
|
|
|
|
If Raft is used exclusively for `ha_storage`, recovery mode will not allow for
|
|
changes to the Raft data but instead allow for modification of the underlying
|
|
physical data that is associated with Vault's storage backend.
|