Reinitializing Consul storage for Vault is a process of resetting the state of a Vault server's backend storage, which is maintained in Consul. This process is usually carried out when there is a need to start with a clean slate, or when there are inconsistencies or errors in the backend storage.
Reinitializing Consul storage for Vault is a critical process that should be approached with caution, as it involves deleting all of the data in the storage and starting over.This guide is intended to go through the process of reinitializing Vault with Consul as storage backend.
This process is done manually by following these steps:
1. Take a snapshot from the Consul leader node to backup your data
$ consul snapshot save backup.snapIf the leader node is unavailable include the -stale argument when executing the snapshot.
$ consul snapshot save -stale backup.snap2. Stop the Vault service on all Vault cluster node
$ systemctl stop vault3. Stop the Consul agent on all Vault nodes
$ systemctl stop consul4. Delete the Vault data from Consul nodes, the path vault/depends on the storage path defined in the storage stanza in the Vault configuration file
$ consul kv delete -recurse -token=$CONSUL_TOKEN vault/5. Start the Consul agents on the Vault nodes
$ systemctl start consul6. Start the Vault service on the Vault nodes
$ systemctl start vaultVault cluster state has been deleted and is now uninitialized. You have the option to reinitialize the cluster or add the nodes to an already existing Vault cluster.
References:
https://developer.hashicorp.com/vault/tutorials/day-one-consul/deployment-guide
https://developer.hashicorp.com/vault/tutorials/day-one-consul/reference-architecture
https://developer.hashicorp.com/vault/docs/commands/operator/init