1

I have deployed a hyperledger fabric network (v2.2.0) using Blockchain Automation Framework in a k8s cluster in Azure.

My network has 3 orgs (2 peer orgs and 1 orderer org) and one channel. I have taken backup of the cluster with the persistent volumes using velero (v1.5.3), so that I can restore the blockchain network in the cluster whenever needed.

My backup resulted in success, but when I tried to restore the backup in a new cluster, the ca-tools pods in all the 3 orgs are up and running, but the ca, peers and orderer pods are crashing with this error:

Getting secrets from Vault Server: http://abc.def.azure.com:8200 { "errors": [ "missing client token" ] } ERROR: unable to retrieve vault login token: { "errors": [ "missing client token" ] }

So, I am unable to proceed my work on backup and recovery of blockchain network deployed using BAF. It would be helpful if someone guided me on this to clear the above error. Thanks in Advance!

RichVel
  • 7,030
  • 6
  • 32
  • 48
Soundarya
  • 153
  • 1
  • 2
  • 12
  • Was HashiCorp Vault deployed in a separate Azure VM, or in the Kubernetes cluster? The BAF docs recommend the former. – RichVel Feb 22 '21 at 11:53
  • Thanks for your response. I have deployed the hashicorp vault in a separate azure vm. – Soundarya Feb 22 '21 at 12:47
  • The missing token must have been on an Azure disk attached to the Vault VM. Velero doesn't back up Azure VMs outside a Kubernetes cluster - you would need to have used something like Azure Backup for the Vault VM. Velero backs up the Kubernetes config, and the persistent volumes (disks) attached to the Kubernetes cluster. – RichVel Feb 23 '21 at 13:30
  • Ok, but I have a doubt. While taking backup, I am taking only the persistent volumes attached to the cluster using velero. And to test the restoration, I will just delete the cluster that I took backup and leave the vault as it is. So while restoring, the left vault will be used as it is. So in such case, the client token might not have missed since the vault itself is there actually. Can you please clarify this? – Soundarya Feb 24 '21 at 14:36
  • Good point - can't really help in that case, perhaps there is something in the data backed up by Velero (either K8s config or PV data) that is cluster-specific and needs updating for new cluster. Can't think of anything else – RichVel Feb 26 '21 at 17:17

0 Answers0