Unable to start the vault service
Closed this issue · 4 comments
VAULT CONFIGURATION SCRIPT
local-vault-1 | (./infrastructure/local/./vault/scripts/init.sh):
local-vault-1 | ===================================
local-postgres-1 | 2023-11-17 03:51:49.176 UTC [1] LOG: starting PostgreSQL 14.10 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924, 64-bit
local-postgres-1 | 2023-11-17 03:51:49.176 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
local-postgres-1 | 2023-11-17 03:51:49.176 UTC [1] LOG: listening on IPv6 address "::", port 5432
local-postgres-1 | 2023-11-17 03:51:49.272 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
local-vault-1 | ==> Vault server configuration:
local-vault-1 |
local-vault-1 | Api Address: http://0.0.0.0:8200
local-vault-1 | Cgo: disabled
local-vault-1 | Cluster Address: https://0.0.0.0:8201
local-vault-1 | Environment Variables: GODEBUG, HOME, HOSTNAME, PATH, PWD, SHLVL, VAULT_ADDR, VAULT_ADDRESS, VAULT_API_ADDR
local-vault-1 | Go Version: go1.20.3
local-vault-1 | Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
local-vault-1 | Log Level:
local-vault-1 | Mlock: supported: true, enabled: true
local-vault-1 | Recovery Mode: false
local-vault-1 | Storage: file
local-vault-1 | Version: Vault v1.13.2, built 2023-04-25T13:02:50Z
local-vault-1 | Version Sha: b9b773f1628260423e6cc9745531fd903cae853f
local-vault-1 |
local-vault-1 | ==> Vault server started! Log data will stream in below:
local-vault-1 |
local-vault-1 | 2023-11-17T03:51:49.267Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
local-vault-1 | 2023-11-17T03:51:49.321Z [INFO] core: Initializing version history cache for core
local-postgres-1 | 2023-11-17 03:51:49.364 UTC [22] LOG: database system was shut down at 2023-11-17 03:51:11 UTC
local-postgres-1 | 2023-11-17 03:51:49.405 UTC [1] LOG: database system is ready to accept connections
local-vault-1 |
local-vault-1 | ===== Unseal the Vault =====
local-vault-1 | Unseal Key (will be hidden):
local-vault-1 | An error occurred attempting to ask for an unseal key. The raw error message
local-vault-1 | is shown below, but usually this is because you attempted to pipe a value
local-vault-1 | into the unseal command or you are executing outside of a terminal (tty). You
local-vault-1 | should run the unseal command from a terminal for maximum security. If this
local-vault-1 | is not an option, the unseal key can be provided as the first argument to the
local-vault-1 | unseal command. The raw error was: file descriptor 0 is not a terminal
local-vault-1 | Unseal Key (will be hidden):
local-vault-1 | An error occurred attempting to ask for an unseal key. The raw error message
local-vault-1 | is shown below, but usually this is because you attempted to pipe a value
local-vault-1 | into the unseal command or you are executing outside of a terminal (tty). You
local-vault-1 | should run the unseal command from a terminal for maximum security. If this
local-vault-1 | is not an option, the unseal key can be provided as the first argument to the
local-vault-1 | unseal command. The raw error was: file descriptor 0 is not a terminal
local-vault-1 | Unseal Key (will be hidden):
local-vault-1 | An error occurred attempting to ask for an unseal key. The raw error message
local-vault-1 | is shown below, but usually this is because you attempted to pipe a value
local-vault-1 | into the unseal command or you are executing outside of a terminal (tty). You
local-vault-1 | should run the unseal command from a terminal for maximum security. If this
local-vault-1 | is not an option, the unseal key can be provided as the first argument to the
local-vault-1 | unseal command. The raw error was: file descriptor 0 is not a terminal
local-vault-1 | Token (will be hidden):
local-vault-1 | Error authenticating: An error occurred attempting to ask for a token. The raw error message is shown below, but usually this is because you attempted to pipe a value into the command or you are executing outside of a terminal (tty). If you want to pipe the value, pass "-" as the argument to read from stdin. The raw error was: file descriptor 0 is not a terminal
local-vault-1 | Error enabling: Error making API request.
local-vault-1 |
local-vault-1 | URL: POST http://127.0.0.1:8200/v1/sys/mounts/secret
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 |
local-vault-1 | ===== ENABLED KV secrets =====
local-vault-1 | Error registering plugin vault-plugin-secrets-iden3: Error making API request.
local-vault-1 |
local-vault-1 | URL: PUT http://127.0.0.1:8200/v1/sys/plugins/catalog/vault-plugin-secrets-iden3
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 | Error enabling: Error making API request.
local-vault-1 |
local-vault-1 | URL: POST http://127.0.0.1:8200/v1/sys/mounts/iden3
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 | Error enabling: Error making API request.
local-vault-1 |
local-vault-1 | URL: POST http://127.0.0.1:8200/v1/sys/mounts/kv
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 | ===== ENABLED IDEN3 =====
local-vault-1 | ===== CREATE POLICIES =====
local-vault-1 | Error uploading policy: Error making API request.
local-vault-1 |
local-vault-1 | URL: PUT http://127.0.0.1:8200/v1/sys/policies/acl/issuernode
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 | ===== CREATE USERS =====
local-vault-1 | Error enabling userpass auth: Error making API request.
local-vault-1 |
local-vault-1 | URL: POST http://127.0.0.1:8200/v1/sys/auth/userpass
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 | Error writing data to auth/userpass/users/issuernode: Error making API request.
local-vault-1 |
local-vault-1 | URL: PUT http://127.0.0.1:8200/v1/auth/userpass/users/issuernode
local-vault-1 | Code: 503. Errors:
local-vault-1 |
local-vault-1 | * Vault is sealed
local-vault-1 | token:
the command make new_password=*** change-vault-password is commented in Makefile, Since the command requires the issuer-vault to be up...I think its a chicken and egg situation.
yash@yash-Lenovo-G50-80:~/go/src/P.O.C/polygonid_issuer_node/issuer-node$ make new_password=*** change-vault-password
docker exec issuer-vault-1 \
vault write auth/userpass/users/issuernode password=***
Error response from daemon: No such container: issuer-vault-1
make: *** [Makefile:216: change-vault-password] Error 1
yash@yash-Lenovo-G50-80:~/go/src/P.O.C/polygonid_issuer_node/issuer-node$
Hi @yash-block8, That command should not be used right now. We have removed it because it doesn't work indeed.
We will push a new version of the init vault script to allow password change.
This issue is stale because it has been open 20 days with no activity. Remove stale label, add the enhancement label or comment to avoid closing it in 10 days.
This issue was closed because it has been stalled for 10 days with no activity.