Adding an UG note on primary_cluster_addr behavior (#10071)

hashicorp · Oct 2, 2020 · 5bee820 · 5bee820
1 parent bf8d7ef
commit 5bee820
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/website/pages/docs/upgrading/upgrade-to-1.4.0.mdx b/website/pages/docs/upgrading/upgrade-to-1.4.0.mdx
@@ -12,6 +12,10 @@ description: |-
 This page contains the list of deprecations and important or breaking changes
 for Vault 1.3.X compared to 1.4.0. Please read it carefully.
 
+## Known Issues
+
+@include 'partials/primary-cluster-addr-change.mdx'
+
 @include 'partials/aws-auth-metadata-issue.mdx'
 
 @include 'partials/aws-sts-issue.mdx'

diff --git a/website/pages/partials/primary-cluster-addr-change.mdx b/website/pages/partials/primary-cluster-addr-change.mdx
@@ -0,0 +1,16 @@
+### Primary Cluster Address Change
+
+In Vault 1.4.0-1.4.3, a secondary cluster with a single `primary_cluster_addr`
+configured will obtain the address of the active node in the primary cluster
+via replication heartbeats from the primary cluster.
+
+If the `api_addr` and `cluster_addr` in the heartbeats from the primary
+cluster are not reachable from the secondary cluster, replication will not
+work. This situation can arise if, for example, `primary_cluster_addr`
+corresponds to a load balancer accessible from the secondary cluster, but the
+`api_addr` and `cluster_addr` on the primary cluster are only accessible
+from the primary cluster.
+
+In Vault 1.4.4, we will use the `primary_cluster_addr` if it has been set,
+instead of relying on the heartbeat information, but it's possible to
+encounter this issue in Vault 1.4.0-1.4.3.