Skip to content

Commit 4141518

Browse files
vault: Fix HAProxy backend healthchecks for standbys
In the previous HAProxy config for Vault, 200, 501 and 503 were treated as healthy. This allowed for bootstrapping Vault via HAProxy, but made standby backends appear as unhealthy, leading to a Prometheus alert. We no longer bootstrap Vault via HAProxy, so we can treat 200 (active) and 429 (standby) as healthy. Co-Authored-By: Dawud Mehmood <dawud@stackhpc.com>
1 parent bb5fea5 commit 4141518

File tree

2 files changed

+10
-3
lines changed

2 files changed

+10
-3
lines changed

doc/source/configuration/vault.rst

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -202,9 +202,8 @@ HAProxy integration is no longer required for generating OpenStack control plane
202202
option httpchk GET /v1/sys/health
203203
# https://www.vaultproject.io/api-docs/system/health
204204
# 200: initialized, unsealed, and active
205-
# 501: not initialised (required for bootstrapping)
206-
# 503: sealed (required for bootstrapping)
207-
http-check expect rstatus (200|501|503)
205+
# 429: standby
206+
http-check expect rstatus (200|429)
208207
209208
{% for host in groups['control'] %}
210209
{% set host_name = hostvars[host].ansible_facts.hostname %}
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
---
2+
fixes:
3+
- |
4+
Fixes an issue where HashiCorp Vault standby nodes would trigger a
5+
Prometheus alert. To apply this fix to an existing system, the HAProxy
6+
configuration for Vault (``kolla/config/haproxy/services.d/vault.cfg``)
7+
must be manually updated following the `Vault documentation
8+
<https://stackhpc-kayobe-config.readthedocs.io/en/stackhpc-2023.1/configuration/vault.html>`.

0 commit comments

Comments
 (0)