From d23db14c460f247d70e918f429d74a291d66b44c Mon Sep 17 00:00:00 2001 From: Sarah Chavis <62406755+schavis@users.noreply.github.com> Date: Thu, 20 Jun 2024 10:48:30 -0700 Subject: [PATCH] [DOCS: SPE-827] Add autopilot known issue to 1.15 docs and 1.16/1.17 release notes (#27454) * Update 1.15 docs with autopilot known issue * add autopilot issue to 1.16 and 1.17 release notes as known issue --- website/content/docs/release-notes/1.15.0.mdx | 2 +- website/content/docs/release-notes/1.16.1.mdx | 1 + website/content/docs/release-notes/1.17.0.mdx | 1 + .../docs/upgrading/upgrade-to-1.15.x.mdx | 2 ++ .../known-issues/1_15-auto-upgrade.mdx | 27 +++++++++++++++++++ 5 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 website/content/partials/known-issues/1_15-auto-upgrade.mdx diff --git a/website/content/docs/release-notes/1.15.0.mdx b/website/content/docs/release-notes/1.15.0.mdx index 9397f647c3..6ff50af92f 100644 --- a/website/content/docs/release-notes/1.15.0.mdx +++ b/website/content/docs/release-notes/1.15.0.mdx @@ -30,7 +30,7 @@ description: |- | 1.15.0 - 1.15.5 | [Audit fails to recover from panics when formatting audit entries](/vault/docs/upgrading/upgrade-to-1.15.x#audit-fails-to-recover-from-panics-when-formatting-audit-entries) | | 1.15.0 - 1.15.7 | [Vault Enterprise performance standby nodes audit all request headers regardless of settings](/vault/docs/upgrading/upgrade-to-1.15.x#vault-enterprise-performance-standby-nodes-audit-all-request-headers) | | 1.15.3 - 1.15.9 | [New nodes added by autopilot upgrades provisioned with the wrong version](/vault/docs/upgrading/upgrade-to-1.15.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) | - +| 1.15.8+ | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.15.x#autopilot) ## Vault companion updates diff --git a/website/content/docs/release-notes/1.16.1.mdx b/website/content/docs/release-notes/1.16.1.mdx index 110b72ff7d..ddf68c228d 100644 --- a/website/content/docs/release-notes/1.16.1.mdx +++ b/website/content/docs/release-notes/1.16.1.mdx @@ -21,6 +21,7 @@ description: |- | 1.16.0+ | [LDAP auth entity alias names no longer include upndomain](/vault/docs/upgrading/upgrade-to-1.16.x#ldap-auth-entity-alias-names-no-longer-include-upndomain) | 1.16.0+ | [Azure secrets engine role creation failing](/vault/docs/upgrading/upgrade-to-1.16.x#azure-secrets-engine-role-creation-failing) | 1.16.1 - 1.16.3 | [New nodes added by autopilot upgrades provisioned with the wrong version](/vault/docs/upgrading/upgrade-to-1.15.x#new-nodes-added-by-autopilot-upgrades-provisioned-with-the-wrong-version) +| 1.15.8+ | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.15.x#autopilot) ## Vault companion updates diff --git a/website/content/docs/release-notes/1.17.0.mdx b/website/content/docs/release-notes/1.17.0.mdx index a17b2e8874..6d17558f8e 100644 --- a/website/content/docs/release-notes/1.17.0.mdx +++ b/website/content/docs/release-notes/1.17.0.mdx @@ -20,6 +20,7 @@ description: |- | Beta feature deprecated (1.17) | [Request limiter deprecated](/vault/docs/upgrading/upgrade-to-1.17.x#request-limiter) | | Known issue (1.17.0+) | [PKI OCSP GET requests can return HTTP redirect responses](/vault/docs/upgrading/upgrade-to-1.17.x#pki-ocsp) | | Known issue (1.17.0) | [Vault Agent and Vault Proxy consume excessive amounts of CPU](/vault/docs/upgrading/upgrade-to-1.17.x#agent-proxy-cpu-1-17) | +| Known issue (1.15.8+) | [Autopilot upgrade for Vault Enterprise fails](/vault/docs/upgrading/upgrade-to-1.15.x#autopilot) ## Vault companion updates diff --git a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx index 903a3bd6ad..d08ed8a506 100644 --- a/website/content/docs/upgrading/upgrade-to-1.15.x.mdx +++ b/website/content/docs/upgrading/upgrade-to-1.15.x.mdx @@ -47,6 +47,8 @@ option. ## Known issues and workarounds +@include 'known-issues/1_15-auto-upgrade.mdx' + @include 'known-issues/transit-managed-keys-panics.mdx' @include 'known-issues/transit-managed-keys-sign-fails.mdx' diff --git a/website/content/partials/known-issues/1_15-auto-upgrade.mdx b/website/content/partials/known-issues/1_15-auto-upgrade.mdx new file mode 100644 index 0000000000..25d27e90d9 --- /dev/null +++ b/website/content/partials/known-issues/1_15-auto-upgrade.mdx @@ -0,0 +1,27 @@ + + + +### Autopilot upgrade for Vault Enterprise fails + +#### Affected versions + +- 1.15.8+ + +#### Issue + +The expected process for voter status management does not occur during the +autopilot upgrade process. The autopilot upgrade process adds new nodes (new version) as +`target_version_non_voters` then `target_version_voters` but existing nodes (old +version) fail to upgrade and maintain their current voter status. + +#### Workaround + +1. Disable autopilot upgrades and manually upgrade all nodes in the cluster. +1. Explicitly set the `autopilot_upgrade_version` parameter to the desired + version in the raft `storage` stanza on your new nodes: + + ```hcl + storage "raft" { + autopilot_upgrade_version = "1.15.8" + } + ```