[xenial->bionic] (queens) vault fails to upgrade if all vault units are sealed beforehand (fails during post-series-upgrade hook)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vault-charm |
New
|
Undecided
|
Unassigned |
Bug Description
During series upgrade, the lead vault unit (the first one to be upgraded during series upgrade), failed to unseal and, thus went into hook error:
Model Controller Cloud/Region Version SLA Timestamp
mojo tinwood-serverstack serverstack/
App Version Status Scale Charm Store Rev OS Notes
vault 1.1.1 error 3 vault local 0 ubuntu
vault-hacluster blocked 3 hacluster local 13 ubuntu
Unit Workload Agent Machine Public address Ports Message
vault/0 active idle 61 172.20.0.73 8200/tcp Unit is ready (active: true, mlock: enabled)
vault-hacluster/1 blocked idle 172.20.0.73 HA services shutdown, peers are ready for series upgrade
vault/1* error idle 62 172.20.0.70 8200/tcp hook failed: "post-series-
vault-
vault/2 active idle 63 172.20.0.57 8200/tcp Unit is ready (active: false, mlock: enabled)
vault-hacluster/2 blocked idle 172.20.0.57 HA services shutdown, peers are ready for series upgrade
Machine State DNS Inst id Series AZ Message
61 started 172.20.0.73 a32fc17b-
62 started 172.20.0.70 c6b855d4-
63 started 172.20.0.57 3953490a-
The last few lines in the log, prior to the error:
unit-vault-1: 04:10:52 DEBUG unit.vault/
unit-vault-1: 04:10:53 DEBUG unit.vault/
unit-vault-1: 04:10:53 DEBUG unit.vault/
unit-vault-1: 04:10:53 DEBUG unit.vault/
unit-vault-1: 04:10:53 DEBUG unit.vault/
unit-vault-1: 04:10:53 INFO unit.vault/
unit-vault-1: 04:10:54 INFO unit.vault/
unit-vault-1: 04:10:54 INFO unit.vault/
unit-vault-1: 04:10:54 INFO unit.vault/
unit-vault-1: 04:10:54 INFO unit.vault/
unit-vault-1: 04:14:58 ERROR unit.vault/
Traceback (most recent call last):
File "/var/lib/
bus.
File "/var/lib/
_invoke(
File "/var/lib/
handler.
File "/var/lib/
self.
File "/var/lib/
if not client_
File "/var/lib/
vault.
File "/var/lib/
return self.call(f, *args, **kw)
File "/var/lib/
do = self.iter(
File "/var/lib/
raise retry_exc.reraise()
File "/var/lib/
raise self.last_
File "/usr/lib/
return self.__get_result()
File "/usr/lib/
raise self._exception
File "/var/lib/
result = fn(*args, **kwargs)
File "/var/lib/
client.
File "/var/lib/
return self.auth(
File "/var/lib/
**kwargs
File "/var/lib/
response = self.post(url, **kwargs).json()
File "/var/lib/
return self.request(
File "/var/lib/
utils.
File "/var/lib/
raise exceptions.
hvac.exceptions
...
Interestingly, it's failed at the "client.
Possibly the same as https:/ /bugs.launchpad .net/vault- charm/+ bug/1889654 "
ocn rev 105 Unable to authorize approle after unseal".