Introduction
Vault Enterprise offers additional features that allow HA nodes to service read-only requests on the local standby node. Read-only requests are requests that do not modify Vault's storage. A Performance Standby will attempt to process requests that come in. If a storage write is detected the standby will forward the request over the cluster port connection to the active node. If the request is read-only the Performance Standby will handle the requests locally. Performance standby nodes are designed to provide horizontal scalability of read requests within a single Vault cluster.
Prerequisites
- Vault 0.11 Enterprise or newer
- Vault Enterprise Premium License is required for this feature
Issue
The Vault feature of Performance Standby is enabled by default. At Vault startup, a standby node will automatically attempt to load this feature and become a Performance Standby Node in the Vault cluster. This is regardless of whether or not this feature is included in the Vault license. When this process initiates the Vault license is checked to see if this feature exists in the license. If the feature is not in the license, the process of becoming a Performance Standby Node will fail. This may introduce delays in a Vault node joining the Vault cluster. Errors will also be observed in the Vault Operational Logs.
[ERROR] core: failed to elect as performance standby:
Solution
Determine whether or not your Vault license includes the Performance Standby feature:
vault read /sys/license/status -format=json
In the output from the above command, if the following is present in the output, then the Performance Standby feature is included in the license:
Feature Included
"Performance Replication"
"performance_standby_count": 9999,
Feature Not Included
If the above two entries are not present in the Vault license, but instead the following is observed:
"performance_standby_count":0
then the Vault license currently loaded does not include the Performance Standby feature. In this case it is recommended that Performance Standby mode is disabled to prevent Vault attempting to enter this mode at startup.
Disable Performance Standby Feature
To disable Performance Standby in a Vault cluster, the following parameter needs to be added to the Vault configuration file on every node in the Vault cluster:
disable_performance_standby = "true"
Outcome
Disabling the Performance Standby feature will do the following:
- tell a standby not to attempt to enable performance standby mode.
- tell the active node to not allow any performance standby connections.
Additional Information
- Vault Documentation: Performance Standbys
- Vault Tutorial: Performance Standby Nodes