mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-01 15:41:22 +01:00
Code Issues Projects Releases Wiki Activity
vault/website/source/docs/upgrading/plugins.html.md
Mike Green 9167ee74e6 Docs: Add note about needing to do plugin reload on each node (#8108) 
* Add note about needing to do this on each node

Specifically calling this out will heed off operators doing this on a single node and thinking it is a bug that it didn't propagate to the other nodes, secondaries, etc.

* Updated to reflect not needing to do registration on each
2020-01-08 16:09:41 -08:00

44 lines
1.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: "docs"
page_title: "Upgrading Plugins - Guides"
sidebar_title: "Upgrade Plugins"
sidebar_current: "docs-upgrading-plugins"
description: |-
These are general upgrade instructions for Vault plugins.
---
# Upgrading Vault Plugins
The following procedure details steps for upgrading a plugin that has already
been registered to the catalog on a running server. This procedure is applicable
to secret, auth, and database plugins.
## Upgrade Procedure
Vault executes plugin binaries when they are configured and roles are established
around them. The binary cannot be modified or replaced while running, so
upgrades cannot be performed by simply swapping the binary and updating the hash
in the plugin catalog.
Instead, you can restart or reload a plugin with the
`sys/plugins/reload/backend` [API][plugin_reload_api]. Follow these steps to
replace or upgrade a Vault plugin binary:
1. Register plugin_v1 to the catalog
2. Mount the plugin backend
3. Register plugin_v2 to the catalog under the same plugin name, but with
updated command to run plugin_v2 and updated sha256 of plugin_v2
4. Trigger a plugin reload with `sys/plugins/reload/backend` to reload all
mounted backends using that plugin or a subset of the mounts using that plugin
with either the `plugin` or `mounts` parameter respectively.
Until step 4, the mount will still use plugin_v1, and when the reload is
triggered, Vault will kill plugin_v1s process and start a plugin_v2 process.
-> **Important:** Plugin reload of a new plugin binary must be
performed on each Vault instance. Performing a plugin upgrade on a single
instance or through a load balancer can result in mismatched
plugin binaries within a cluster.
[plugin_reload_api]: /api/system/plugins-reload-backend.html
Reference in New Issue View Git Blame Copy Permalink