search

hashicorp / vault

A tool for secrets management, encryption as a service, and privileged access management
https://www.vaultproject.io/
Other
29.99k stars 4.12k forks source link

vault start, get such error: [WARN] storage migration check error: error="Get \"http://%2Fconsul-unix-socket%2Fconsul-client.sock/v1/kv/vault/core/migration\": http: invalid Host header" #27101

Open qiangliabcd opened 1 month ago

qiangliabcd commented 1 month ago

vault use such configmap: vault.json: | { "backend": { "consul": { "address": "unix:///consul-unix-socket/consul-client.sock", "scheme": "http", "disable_registration": "false" } }, "listener": { "tcp": { "address": "0.0.0.0:8200", "tls_cert_file": "/certs/tls.crt", "tls_key_file": "/certs/tls.key", "tls_min_version": "tls12", "tls_cipher_suites": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" } } }

consul client use such configmap: client.json: | { "server": false, "datacenter": "wdc", "retry_join": [ "consul-0.consul.pltfrm.svc.cluster.local", "consul-1.consul.pltfrm.svc.cluster.local", "consul-2.consul.pltfrm.svc.cluster.local" ], "addresses": { "http": "unix:///consul-unix-socket/consul-client.sock" }, "unix_sockets": { "mode": "600" }, "encrypt": "xxxxxx", "log_level": "INFO", "bind_addr": "0.0.0.0", "ports": { "dns": -1, "https": 8700 }, "verify_outgoing": true, "verify_incoming": false, "verify_server_hostname": false, "key_file": "/certs/tls.key", "cert_file": "/certs/tls.crt", "ca_file": "/certs/ca_chain.crt", "disable_update_check": true, "leave_on_terminate": true, "ui": true, "disable_host_node_id": true }

consul server use such configmap: consul.json: | { "bootstrap_expect": 3, "server": true, "datacenter": "wdc", "bind_addr": "0.0.0.0", "client_addr": "0.0.0.0", "retry_join": [ "consul-0.consul.pltfrm.svc.cluster.local", "consul-1.consul.pltfrm.svc.cluster.local", "consul-2.consul.pltfrm.svc.cluster.local" ], "encrypt": "xxxxxx", "log_level": "INFO", "ports": { "https": 8700, "http": -1, "dns": -1 }, "limits": { "http_max_conns_per_client": 300 }, "verify_outgoing": true, "verify_incoming": false, "verify_server_hostname": false, "key_file": "/certs/tls.key", "cert_file": "/certs/tls.crt", "ca_file": "/certs/ca_chain.crt", "disable_update_check": true, "leave_on_terminate": false, "ui": true, "disable_host_node_id": true }

with above config, vault:1.11.10 and consul:1.13.8 work well.

now change vault image from 1.11.10 to 1.12.11, when start vault, it report such error: [WARN] storage migration check error: error="Get \"http://%2Fconsul-unix-socket%2Fconsul-client.sock/v1/kv/vault/core/migration\": http: invalid Host header"

seem vault version upgrade to 1.12.11 cause this issue, how to fix it? thanks!

kaleshag commented 1 month ago

I have tried with vault 1.12.10 and 1.13.13 to different versions, after 1.11.x for all versions of vault we are having this error.