From a6c810a49a7a3d4ceb2765c494c24bd56f8d7ec0 Mon Sep 17 00:00:00 2001 From: Ellie Date: Tue, 23 Jul 2024 09:31:51 -0500 Subject: [PATCH] Update vault/identity_store_util.go Co-authored-by: Paul Banks --- vault/identity_store_util.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index 9c2be36c7b22..9ec83704355d 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -174,11 +174,12 @@ func (i *IdentityStore) loadGroups(ctx context.Context) error { if errors.Is(err, logical.ErrReadOnly) { // This is an imperfect solution to unblock customers who are running into - // a readonly error during a DR failover (jira #28191). More specifically, there - // are duplicate aliases in storage that are merged during loadEntities. Vault - // attempts to remove these deleted entities from the group, but fails in the case - // where the node is a PR secondary because the RPC client is not yet initialized - // and the storage is read-only. + // a readonly error during a DR failover (jira #28191). More specifically, if there + // are duplicate aliases in storage then they are merged during loadEntities. Vault + // attempts to remove the deleted duplicate entities from their groups to clean up. + // If the node is a PR secondary though it will fail because the RPC client + // is not yet initialized and the storage is read-only. This prevents the cluster from + // unsealing entirely and can potentially block a DR failover from succeeding. i.logger.Warn("received a read only error while trying to upsert group to storage") } else if err != nil { txn.Abort()