vishalnayak/raft-recovery-peers-non-voter.sh

## raft-recovery-peers-non-voter.sh
#!/bin/bash

set -aex

pkill -9 vault || true
sleep 2s

cat > /tmp/vaultconfig.hcl -<<EOF
storage "raft" {
	path = "/tmp/raft1"
	node_id = "raft1"
}
listener "tcp" {
	address = "127.0.0.1:8200"
	tls_disable = true
}
cluster_addr = "http://127.0.0.1:8201"
disable_mlock = true
pid_file = "/tmp/vault.pid"
EOF

rm -rf /tmp/raft1
rm -rf /tmp/raft2
rm -rf /tmp/raft3
mkdir /tmp/raft1
mkdir /tmp/raft2
mkdir /tmp/raft3

VAULT_API_ADDR=http://127.0.0.1:8200 vault server -log-level=trace -config /tmp/vaultconfig.hcl > /tmp/raft1.log 2>&1 &
while ! nc -w 1 localhost 8200 </dev/null; do sleep 1; done

initResult=$(vault operator init -format json -key-shares 1 -key-threshold 1)
unsealKey=$(echo -n $initResult | jq -r '.unseal_keys_b64[0]')
rootToken=$(echo -n $initResult | jq -r '.root_token')
vault operator unseal $unsealKey
sleep 10s

vault status
vault login $rootToken
vault secrets enable kv
vault kv put kv/foo bar=baz

kill -9 $(cat /tmp/vault.pid)

cat > /tmp/raft1/raft/peers.json  -<<EOF
[
  {
    "id": "raft1",
    "address": "127.0.0.1:8201",
    "non_voter": true
  }
]
EOF

VAULT_API_ADDR=http://127.0.0.1:8200 vault server -log-level=trace -config /tmp/vaultconfig.hcl > /tmp/recovered.log 2>&1 &
while ! nc -w 1 localhost 8200 </dev/null; do sleep 1; done

vault operator unseal $unsealKey
	#!/bin/bash

	set -aex

	pkill -9 vault \|\| true
	sleep 2s

	cat > /tmp/vaultconfig.hcl -<<EOF
	storage "raft" {
	path = "/tmp/raft1"
	node_id = "raft1"
	}
	listener "tcp" {
	address = "127.0.0.1:8200"
	tls_disable = true
	}
	cluster_addr = "http://127.0.0.1:8201"
	disable_mlock = true
	pid_file = "/tmp/vault.pid"
	EOF

	rm -rf /tmp/raft1
	rm -rf /tmp/raft2
	rm -rf /tmp/raft3
	mkdir /tmp/raft1
	mkdir /tmp/raft2
	mkdir /tmp/raft3

	VAULT_API_ADDR=http://127.0.0.1:8200 vault server -log-level=trace -config /tmp/vaultconfig.hcl > /tmp/raft1.log 2>&1 &
	while ! nc -w 1 localhost 8200 </dev/null; do sleep 1; done

	initResult=$(vault operator init -format json -key-shares 1 -key-threshold 1)
	unsealKey=$(echo -n $initResult \| jq -r '.unseal_keys_b64[0]')
	rootToken=$(echo -n $initResult \| jq -r '.root_token')
	vault operator unseal $unsealKey
	sleep 10s

	vault status
	vault login $rootToken
	vault secrets enable kv
	vault kv put kv/foo bar=baz

	kill -9 $(cat /tmp/vault.pid)

	cat > /tmp/raft1/raft/peers.json -<<EOF
	[
	{
	"id": "raft1",
	"address": "127.0.0.1:8201",
	"non_voter": true
	}
	]
	EOF

	VAULT_API_ADDR=http://127.0.0.1:8200 vault server -log-level=trace -config /tmp/vaultconfig.hcl > /tmp/recovered.log 2>&1 &
	while ! nc -w 1 localhost 8200 </dev/null; do sleep 1; done

	vault operator unseal $unsealKey