A Vault administrator is troubleshooting an issue where after a network outage, the Vault cluster is sealed and cannot be unsealed. The cluster has 5 nodes using Integrated Storage. The administrator runs `vault status` on each node and receives 'sealed' response. The administrator suspects that the cluster lost quorum during the outage. The administrator checks the Raft configuration and finds that there are 3 voter nodes and 2 non-voter nodes. Which action should the administrator take to recover the cluster?
Raft recover on a voter node restores quorum.
Why this answer
When a Vault cluster with Integrated Storage loses quorum (more than half of voter nodes are unavailable), the cluster cannot unseal because Raft requires a quorum of voters to elect a leader and process operations. Since all 5 nodes are sealed and the cluster has 3 voters, the outage likely caused the loss of at least 2 voters, breaking quorum. The correct recovery procedure is to use `vault operator raft recover` on a voter node, which creates a new single-node cluster with the existing data, allowing the administrator to then unseal and rejoin other nodes.
Exam trap
HashiCorp often tests the distinction between voter and non-voter roles in Raft; the trap here is assuming that any node can be used for recovery, when in fact only a voter node can bootstrap a new cluster because non-voters lack the quorum-critical state.
How to eliminate wrong answers
Option A is wrong because manually unsealing all nodes simultaneously does not restore Raft quorum; the cluster still lacks a leader and cannot process operations. Option B is wrong because `vault operator raft remove-peer` is used to remove a peer from the Raft configuration when the node is unreachable but quorum still exists; here quorum is lost, so the command will fail or be ineffective. Option C is wrong because `vault operator raft recover` must be run on a voter node, not a non-voter; non-voters do not participate in quorum and cannot bootstrap a new cluster.