Hi community!
I want to know if is possible check a vault server behind of haproxy to know 2 things…
1 - know if vault container is UP checking simple http check and get answer about site
using the doc explain here /sys/health - HTTP API | Vault by HashiCorp
i test first with CLI to confirm 200 result code as example below
curl -Is https://vault.example.com/v1/sys/health
HTTP/1.1 200 OK
cache-control: no-store
content-type: application/json
date: Thu, 11 Nov 2021 13:36:26 GMT
set-cookie: SERVERID=vault_; path=/; HttpOnly; Secure
2 - and the most important
We want to know if is possible create an option httpchk to verify the result according of the code to get an alert if Vaul is “sealed” or “unseal”
using the CLI
curl -s https://vault.example.com/v1/sys/health | jq
{
"initialized": true,
"sealed": false,
"standby": false,
"performance_standby": false,
"replication_performance_mode": "disabled",
"replication_dr_mode": "disabled",
"server_time_utc": 1636638053,
"version": "1.8.3",
"cluster_name": "vault-cluster-6f60dfc1",
"cluster_id": "60fb078b-0dfc-ae37-3ede-c617fa40eccc"
}
according to the doc of vault health check must be receive the 503 code about it. wich is be used to haproxy for check and send an alert down / up.
vault doc: /sys/health - HTTP API | Vault by HashiCorp