|
|
@@ -362,6 +362,42 @@ date; salt -C '*com not ( afs* or nga* or dc-c19* or la-c19* or dgi-* or moose-
|
|
|
watch "salt -C '*accenturefederalcyber.com not ( afs* or nga* or dc-c19* or la-c19* or dgi-* or moose-splunk-idx* or modelclient-splunk-idx* or bas-* or frtib* or ca-c19* or resolver* or vault-1*com or sensu*com )' cmd.run 'uptime' --out=txt"
|
|
|
```
|
|
|
|
|
|
+### Vault Service likes to crap out after reboot; verify the service is back up
|
|
|
+
|
|
|
+Borrowed this from [Vault Upgrade instructions](Vault%20Upgrade%20Notes.md)
|
|
|
+
|
|
|
+```
|
|
|
+# Check the status
|
|
|
+salt vault* cmd.run cmd='VAULT_SKIP_VERIFY=1 VAULT_ADDR=https://127.0.0.1 vault status'
|
|
|
+
|
|
|
+# If you see "connection refused", the Vault service is not running
|
|
|
+salt vault* cmd.run 'systemctl start vault'
|
|
|
+
|
|
|
+# Check the status
|
|
|
+salt vault* cmd.run cmd='VAULT_SKIP_VERIFY=1 VAULT_ADDR=https://127.0.0.1 vault status'
|
|
|
+
|
|
|
+vault-1.pvt.xdr.accenturefederalcyber.com:
|
|
|
+ Key Value
|
|
|
+ --- -----
|
|
|
+ Recovery Seal Type shamir
|
|
|
+ Initialized true
|
|
|
+ Sealed false
|
|
|
+ Total Recovery Shares 5
|
|
|
+ Threshold 2
|
|
|
+ Version 1.9.3
|
|
|
+ Storage Type dynamodb
|
|
|
+ Cluster Name vault-cluster-b6aa0cd0
|
|
|
+ Cluster ID d0d778a9-b123-4a6a-7712-0b99d54f8a00
|
|
|
+ HA Enabled true
|
|
|
+ HA Cluster https://10.40.0.204:443
|
|
|
+ HA Mode standby
|
|
|
+ Active Node Address https://vault.pvt.xdr.accenturefederalcyber.com
|
|
|
+
|
|
|
+```
|
|
|
+
|
|
|
+Verify the UI is up [Vault Prod](https://vault.pvt.xdr.accenturefederalcyber.com/ui/)
|
|
|
+
|
|
|
+
|
|
|
Take care of the resolvers one at a time and with the `GC Prod Salt Master`. Reboot one of each at the same time.
|
|
|
```
|
|
|
salt -C 'resolver-govcloud.pvt.*com or resolver-vmray-*.pvt.*com' test.ping --out=txt
|
Jeremy Cooper [AFS MBP]