open-vault/website/source/docs/http/sys-replication-secondary.html.md

layout	page_title	sidebar_current	description
http	HTTP API: /sys/replication/secondary	docs-http-replication-secondary	The '/sys/replication/secondary' endpoint focuses on replication management operations on secondary clusters.

/sys/replication/secondary/enable

POST

Description

Enables replication on a secondary using a secondary activation token.

Caution: this will immediately clear all data in the cluster!

Method

URL

`/sys/replication/secondary/enable`

Parameters

• token required The secondary activation token fetched from the primary.
• primary_api_addr optional Set this to the API address (normal Vault address) to override the value embedded in the token. This can be useful if the primary’s redirect address is not accessible directly from this cluster (e.g. through a load balancer).
• ca_file optional The path to a CA root file (PEM format) that the secondary can use when unwrapping the token from the primary. If this and ca_path are not given, defaults to system CA roots.
• ca_path optional The path to a CA root directory containing PEM-format files that the secondary can use when unwrapping the token from the primary. If this and ca_file are not given, defaults to system CA roots.

Returns

`200` response code and a warning.

/sys/replication/secondary/promote

POST

Description

Promotes the secondary cluster to primary. For data safety and security reasons, new secondary tokens will need to be issued to other secondaries, and there should never be more than one primary at a time.

Method

URL

`/sys/replication/secondary/promote`

Parameters

• primary_cluster_addr optional Can be used to override the cluster address that the primary gives to secondary nodes. Useful if the primary’s cluster address is not directly accessible and must be accessed via an alternate path/address (e.g. through a load balancer).

Returns

`200` response code and a warning.

/sys/replication/secondary/disable

POST

Description

Disable replication entirely on the cluster. The cluster will no longer be able to connect to the primary.

Caution: re-enabling this node as a primary or secondary will change its
cluster ID; in the secondary case this means a wipe of the underlying
storage when connected to a primary, and in the primary case, secondaries
connecting back to the cluster (even if they have connected before) will
require a wipe of the underlying storage.

Method

URL

`/sys/replication/secondary/disable`

Parameters

None

Returns

`200` response code and a warning.

/sys/replication/secondary/update-primary

POST

Description

Change a secondary cluster’s assigned primary cluster using a secondary activation token. This does not wipe all data in the cluster.

Method

URL

`/sys/replication/secondary/update-primary`

Parameters

• token required The secondary activation token fetched from the primary. If you set this to a blank string, the cluster will stay a secondary but clear its knowledge of any past primary (and thus not attempt to connect to the previous primary). This can be useful if the primary is down to stop the secondary from trying to reconnect to it.
• primary_api_addr optional Set this to the API address (normal Vault address) to override the value embedded in the token. This can be useful if the primary’s redirect address is not accessible directly from this cluster.
• ca_file optional The path to a CA root file (PEM format) that the secondary can use when unwrapping the token from the primary. If this and ca_path are not given, defaults to system CA roots.
• ca_path optional The path to a CA root directory containing PEM-format files that the secondary can use when unwrapping the token from the primary. If this and ca_file are not given, defaults to system CA roots.

Returns

`200` response code and a warning.