Introduction
This support article provides general guidelines for customers to address a common scenario where a HCP Vault Dedicated (HVD) cluster, intended for an upgrade, remains stuck in an "Updating" state. This issue prevents further maintenance or feature adoption, such as tier upgrades. The information below is focused on identifying the root cause and outlining the necessary steps to resolve the condition, ensuring a smooth path to the desired cluster configuration.
Problem
The primary issue is the inability to proceed with a planned cluster upgrade (e.g., changing the resource tier) because the cluster's status remains perpetually set to "Updating."
Issue Summary and Impact:
- Upgrade Blockage: The intended upgrade (e.g., to a more capable tier like STANDARD_SMALL) cannot be initiated or completed.
- Operational Hold: Any further maintenance actions requiring a stable, running state are blocked until the "Updating" status is resolved.
- Resource Management Issues: Prolonged "Updating" status can prevent the resolution of underlying issues, such as resource exhaustion, which may have prompted the upgrade attempt in the first place.
Solution -
The core solution involves waiting for the cluster to transition back to a stable state ("Running") and then immediately proceeding with the required upgrade.
Recommendations -
Customers should review whether any managed activity is contributing to the prolonged Updating state:
-
Check for automated tasks or deployments:
Identify any recent or ongoing automation that may be placing additional load on the cluster, such as CI/CD pipelines, bulk secret rotations, heavy API-based migrations, periodic backup/export jobs, or aggressive health checks. Temporarily pausing or throttling these jobs can help the cluster complete its update and stabilize. -
Review audit and system logs for unusual activity:
Inspect Vault audit logs for unexpected or high-volume request patterns (for example, repeated authentication attempts, rapid secret reads/writes, or misconfigured scripts looping on failures). Addressing noisy or misbehaving clients reduces pressure on the control plane and can allow the update process to finish successfully. -
Validate client configuration changes:
Confirm that no recent changes in clients (libraries, tokens, retry logic, or timeouts) are causing spikes in traffic or repeated failures against the cluster, especially during the upgrade window.
If, after pausing or correcting such workloads and allowing sufficient time for the system to settle, the cluster still remains stuck in the “Updating” state, customers should then contact support with:
- The cluster ID and region
- The approximate time the update was initiated
- A summary of any automation or workload changes around that time
- Relevant log excerpts that show unusual or high-volume activity
Once Support are able to bring the cluster back up to 'Running' state, please perform the below Actions to resolve/mitigate:
- Monitor Cluster State: Continuously monitor the cluster's status until it transitions from "Updating" to a stable state (e.g., "Running," "Active," or equivalent).
- Initiate Upgrade: As soon as the cluster returns to a stable state, immediately initiate the required cluster upgrade. For example, if the intention was to resolve resource issues by increasing capacity, proceed with the upgrade to the targeted tier (e.g., STANDARD_SMALL).
- Tier Upgrade Example: The successful action requires upgrading the cluster to the desired capacity or resource tier, such as STANDARD_SMALL.
Verification
To confirm the issue is resolved and the cluster is fully operational with the new configuration, perform the following verification steps:
- Confirm Stable State: Verify that the cluster status is currently "Running" (or the equivalent stable status) and is no longer reporting "Updating."
- Verify New Tier: Check the cluster configuration details to confirm that the upgrade to the intended tier (e.g., STANDARD_SMALL) was successful.
- Check Service Functionality: Ensure all services and workloads dependent on the cluster are functioning as expected, and the issues (e.g., resource exhaustion) that prompted the upgrade are resolved.
Conclusion
A cluster stuck in the "Updating" state is a temporary blocker for essential maintenance. By waiting for the cluster to resolve into a stable state and then promptly initiating the required configuration upgrade, customers can successfully transition their clusters to the desired operational tier and mitigate prior issues like resource exhaustion. If the cluster remains stuck in the "Updating" state for an extended period, please contact support for further investigation.
References -
- Manage clusters: https://developer.hashicorp.com/vault/tutorials/get-started-hcp-vault-dedicated/manage-clustersdeveloper.hashicorp
- Major version upgrades: https://developer.hashicorp.com/hcp/docs/vault/versionsdeveloper.hashicorp
- Upgrade settings: https://developer.hashicorp.com/vault/tutorials/get-started-hcp-vault-dedicated/manage-clustersdeveloper.hashicorp
- Tiers and features: https://developer.hashicorp.com/hcp/docs/vault/get-started/deployment-considerations/tiers-and-featuresdeveloper.hashicorp
- Contacting Support: https://support.hashicorp.com/hc/en-ushashicorp