Missing dependencies in bootstrap/user-data script causing broken deployment
Closed this issue · 5 comments
The bootstrap script on Vault instances fails due to missing objects in S3, effectively breaking the entire quickstart CFN deployment.
+ wget https://s3.amazonaws.com/aws-quickstart/quickstart-hashicorp-vault/submodules/quickstart-hashicorp-consul/scripts/consul_client_bootstrap.sh
--2019-10-16 17:20:45-- https://s3.amazonaws.com/aws-quickstart/quickstart-hashicorp-vault/submodules/quickstart-hashicorp-consul/scripts/consul_client_bootstrap.sh
Resolving s3.amazonaws.com (s3.amazonaws.com)... 54.231.48.251
Connecting to s3.amazonaws.com (s3.amazonaws.com)|54.231.48.251|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2019-10-16 17:20:45 ERROR 404: Not Found.
+ chmod 755 ./consul_client_bootstrap.sh
chmod: cannot access './consul_client_bootstrap.sh': No such file or directory```
@bkc1 I have locked the consul submodule to the previous version of consul as a workaround. This should return the missing scripts
Testing details:
curl -I https://s3.amazonaws.com/aws-quickstart/quickstart-hashicorp-vault/submodules/quickstart-hashicorp-consul/scripts/consul_client_bootstrap.sh
HTTP/1.1 200 OK
Date: Wed, 16 Oct 2019 23:52:05 GMT
Last-Modified: Wed, 16 Oct 2019 23:50:45 GMT
ETag: "0ca5576264be072deacc70a19dbd4f0
Issue Root Cause:
The consul reference got some update which are not compatible yet with the vault bootstrapping (currently vault does not use configsets, authenticated s3 calls and cfn-signaling)
I will work on making the vault reference full compatible with the latest consul. Hopefully this will unblock you for now. Please let me know if the lastest master (even with s3) resolves this issue
Consul now at previous version browse to submodule
s3 bucket is now updated:
verified: (check for updated description)
curl -s https://s3.amazonaws.com/aws-quickstart/quickstart-hashicorp-vault/submodules/quickstart-hashicorp-consul/templates/quickstart-hashicorp-consul.template |grep branch
"Description": "HashiCorp Consul License: Apache 2.0 branch:submodule-freeze (Please do not remove) Aug,18,2018 QS(0036)",
Output from fix verification
ubuntu@ip-10-0-15-249:~$ consul members
Node Address Status Type Build Protocol DC Segment
ip-10-0-15-249 10.0.15.249:8301 alive server 1.2.2 2 dc1 <all>
ip-10-0-53-95 10.0.53.95:8301 alive server 1.2.2 2 dc1 <all>
ip-10-0-65-178 10.0.65.178:8301 alive server 1.2.2 2 dc1 <all>
ip-10-0-19-102 10.0.19.102:8301 alive client 1.6.0 2 dc1 <default>
ip-10-0-20-135 10.0.20.135:8301 alive client 1.6.0 2 dc1 <default>
ip-10-0-48-112 10.0.48.112:8301 alive client 1.6.0 2 dc1 <default>
ip-10-0-59-150 10.0.59.150:8301 alive client 1.6.0 2 dc1 <default>
ip-10-0-73-254 10.0.73.254:8301 alive client 1.6.0 2 dc1 <default>
ubuntu@ip-10-0-19-102:~$ vault operator unseal
Unseal Key (will be hidden):
Key Value
--- -----
Seal Type shamir
Sealed true
Total Shares 5
Threshold 3
Unseal Progress 1/3
Unseal Nonce 2774aebd-9d20-99b2-763d-d224bb399084
Version 0.10.4
HA Enabled true
ubuntu@ip-10-0-19-102:~$
Fixed in 31cf84e
Planned updates:
Refactor template to use latest Consul and Vault
Project started here Hashicorp Vault version (1.2.3)
Contribution welcome. If you need to get in touch feel free tonynv@amazon.com
Thank you @avattathil