Vault
Rollback a Vault upgrade
Vault supports in-place upgrades but does not support automatic rollbacks.
Before you start
- You must have
sudo
permissions on the Vault server. Make sure you have can install binaries on the Vault server. - You must have admin permissions for Vault. Make sure you can stop and start the Vault process.
- Identify unseal candidates. Identify and notify enough people with unseal shards to meet the unseal threshold after restart.
Basic rollback process
To rollback a Vault upgrade:
Use
SIGINT
orSIGTERM
to shut down Vault.$ kill <vault_pid>
Install your previous version of Vault over your existing instance.
Replace the upgraded Vault data store with your pre-upgrade snapshot.
Replace the upgraded Vault configuration with your pre-upgrade configuration.
Start Vault.
Verify the current version:
$ vault status | grep Version
Unseal Vault.
Test the rollback.