Introduction
Problem
Errors are encountered when attempting to perform a save or a restore of a Vault snapshot onto different storage types that are not Raft (aka Integrated Storage). For example a Consul storage type may be in use as per what's configured in Vaults (HCL) configuration file within the storage stanza; then restorting to the CLI snapshots operators like those below shall result in errors similar to:
save |
vault operator raft snapshot save raft_filename.snap |
restore (force) |
vault operator raft snapshot restore -force raft_filename.snap |
restore |
vault operator raft snapshot restore -force raft_filename.snap |
Prerequisites
- Vault all versions with storage backend different than RAFT integrated storage.
Cause
- If the storage backend is not a RAFT integrated storage type, then a save or restore of a RAFT snapshot is not available. For example the storage stanza may contain:
-
storage "file" {
path = "<filesystem_mount>/vault/data"
}
-
-
Trying to save a RAFT snapshot with a "file" storage will yield a HTTP-404 response:
-
vault operator raft snapshot save raft.snap
Error taking the snapshot: Error making API request.
URL: GET http://<VAULT_ADDR:8200>/v1/sys/storage/raft/snapshot
Code: 404. Errors:
* 1 error occurred:
* unsupported path
-
Solutions:
-
Review the Vault configuration and ensure that the RAFT integrated storage stanza is matching the storage backend of the Vault cluster.
- After revalidating the configuration of running a Vault with RAFT storage backend and having a TOKEN with ROOT permissions retry the save or restore snapshot operation.
Outcome
As part of Vault Standard Operating Procedure, save or restore a Vault snapshot should be successful.
Additional Information
- Vault Standard Operating Procedures
- Vault Storage Stanza
- Vault RAFT integrated storage configuration
- Vault Integrated storage backend