Unverified Commit b51735af authored by Yoko's avatar Yoko Committed by GitHub
Browse files

Adding the known issue section (#7439)

* Adding the known issue section

* incorporated the feedback

* Added the known issue section

* Fixed a typo

* Created upgrade guide for 1.1.2
Showing with 72 additions and 7 deletions
+72 -7
......@@ -15,10 +15,10 @@ for Vault 1.0.3 compared to 1.1.0. Please read it carefully.
## JWT Backend Changes
Specifying the group claims parameter has changed to use a standards based lookup. The groups_claim_delimiter_pattern
Specifying the group claims parameter has changed to use a standards based lookup. The groups_claim_delimiter_pattern
has been removed and if the groups claim is not at the top level, it can now be specified as a JSONPointer.
Additionally, roles now have a "role type" parameter with a default type of "oidc". To configure new JWT roles, a role
Additionally, roles now have a "role type" parameter with a default type of "oidc". To configure new JWT roles, a role
type of "jwt" must be explicitly specified.
## Deprecated CLI Commands Removed
......@@ -27,6 +27,22 @@ CLI commands deprecated in 0.9.2 are now removed. Please see the CLI help output
## Additional Changes
* Vault no longer automatically mounts a k/v backend at the "secret/" path when initalizing Vault.
* Vault no longer automatically mounts a k/v backend at the "secret/" path when initializing Vault.
* Vault's cluster port will now be opened on HA standby nodes.
* Vault no longer supports running netRPC plugins. These were deprecated in favor of gRPC based plugins and any plugin built since 0.9.4 defaults to gRPC. Older plugins may need to be recompiled against the latest Vault dependencies.
\ No newline at end of file
* Vault no longer supports running netRPC plugins. These were deprecated in favor of gRPC based plugins and any plugin built since 0.9.4 defaults to gRPC. Older plugins may need to be recompiled against the latest Vault dependencies.
## Known Issues
-> **NOTE:** This is a known issue applicable to _Vault Enterprise_.
During upgrades to 1.1.0, 1.1.1 or 1.1.2, Vault replication secondaries may
require an automatically-triggered reindex, either if upgrading from a pre-0.8
version of Vault or if a previously-issued reindex operation has failed in the
past. In these reindex scenarios, the secondary cluster will perform a complete
WAL replay, which can take a long time and is a partially blocking operation.
This is fixed in [Vault
1.1.3](https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#113-june-5th-2019),
and we recommend upgrading to Vault 1.1.3+ rather than any prior 1.1.x version.
We also strongly recommend upgrading your Vault cluster to 1.1.3 if you are
running Vault Enterprise 1.1.0, 1.1.1 or 1.1.2.
......@@ -19,9 +19,9 @@ for Vault 1.1.0 compared to 1.1.1. Please read it carefully.
There is a known issue that could cause the upgrade to 1.1.1 to fail under
certain circumstances. This issue occurs when a KV version 2 mount exists but
contains no data. This will be fixed in 1.1.2. Addtionally a work around does
contains no data. This will be fixed in 1.1.2. Additionally a work around does
exist: prior to upgrading ensure all KV v2 mounts have at least one key written
to it.
to it.
### Change in LDAP Group CN handling
......@@ -36,9 +36,27 @@ config setting `use_pre111_group_cn_behavior` to allow reverting to the old
matching behavior; we also attempt to upgrade exiting configs to have that
defaulted to true.
### Long WAL replay
-> **NOTE:** This is a known issue applicable to _Vault Enterprise_.
During upgrades to 1.1.0, 1.1.1 or 1.1.2, Vault replication secondaries may
require an automatically-triggered reindex, either if upgrading from a pre-0.8
version of Vault or if a previously-issued reindex operation has failed in the
past. In these reindex scenarios, the secondary cluster will perform a complete
WAL replay, which can take a long time and is a partially blocking operation.
This is fixed in [Vault
1.1.3](https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#113-june-5th-2019),
and we recommend upgrading to Vault 1.1.3+ rather than any prior 1.1.x version.
We also strongly recommend upgrading your Vault cluster to 1.1.3 if you are
running Vault Enterprise 1.1.0, 1.1.1 or 1.1.2.
## JWT/OIDC Plugin
Logins of role_type "oidc" via the /login path are no longer allowed.
Logins of role_type "oidc" via the /login path are no longer allowed.
## ACL Wildcards
......
---
layout: "docs"
page_title: "Upgrading to Vault 1.1.2 - Guides"
sidebar_title: "Upgrade to 1.1.2"
sidebar_current: "docs-upgrading-to-1.1.2"
description: |-
This page explains a known issue upgrading to Vault 1.1.2 for Enterprise
users. Please read it carefully.
---
# Overview
This page explains a known issue upgrading to Vault 1.1.2 for Enterprise users.
Please read it carefully.
## Known Issues
-> **NOTE:** This is a known issue applicable to _Vault Enterprise_.
During upgrades to 1.1.0, 1.1.1 or 1.1.2, Vault replication secondaries may
require an automatically-triggered reindex, either if upgrading from a pre-0.8
version of Vault or if a previously-issued reindex operation has failed in the
past. In these reindex scenarios, the secondary cluster will perform a complete
WAL replay, which can take a long time and is a partially blocking operation.
This is fixed in [Vault
1.1.3](https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#113-june-5th-2019),
and we recommend upgrading to Vault 1.1.3+ rather than any prior 1.1.x version.
We also strongly recommend upgrading your Vault cluster to 1.1.3 if you are
running Vault Enterprise 1.1.0, 1.1.1 or 1.1.2.
......@@ -363,6 +363,7 @@
'upgrade-to-1.0.0',
'upgrade-to-1.1.0',
'upgrade-to-1.1.1',
'upgrade-to-1.1.2',
'upgrade-to-1.2.0',
'upgrade-to-1.2.1'
]
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment