Introduction
This article documents a solution to Vault not starting up due to a parsing error in the vault://<node-id>
URL.
Event notifications have been added and enabled by default in Vault 1.16.x and later. The event notification subsystem in Vault is referenced internally using the vault://<node_id>
URL. The URL can contain invalid characters causing Vault to fail during startup.
Problem
Starting Vault fails with the following error displayed in the operations logs:
Error initializing core: parse "vault://f2896a57-aa99-bbe8-1098-cff4fa153729\n": net/url: invalid control character in URL
Prerequisites (if applicable)
- Vault CE and Enterprise 1.16.x and later
Cause
The event notification subsystem uses the vault://<node-id>
URL internally. The node id value is read from the VAULT_RAFT_NODE_ID
environment variable, the node_id
configuration parameter in the vault.hcl
file, or the data/node-id
file when neither the environment variable or configuration option has been set.
The node id value should conform to the hostname specification outlined in RFC 952.
In cases where a data/node-id
file is used (this is automatically generated) the file should not contain any newline or carriage return characters.
Overview of possible solutions
Solutions:
- Verify that the
VAULT_RAFT_NODE_ID
environment variable contains no invalid characters. - Verify that the
node_id
configuration parameter value contains no invalid characters. - Verify that the
data/node-id
file contains no invalid characters or newline/carriage returns.- In cases where auto-join is used, the
data/node-id
file can be deleted and the Vault services restarted so that a new file is generated.
- In cases where auto-join is used, the
Outcome
Vault should start without the reported error once the node id value contains no invalid characters.
Additional Information
- Vault Documentation: Kubernetes Auth Method
- Vault Documentation: Integrated storage (Raft) backend
- External: RFC 952