Vault in rootless docker container

Question

Vault in rootless docker container

dzieciou opened this issue 3 years ago · 1 comments

I'm trying to run Vault in container using root-less docker on Ubuntu 20.2. However, I keep getting the following error:

vault    | Error initializing core: Failed to lock memory: cannot allocate memory
vault    |
vault    | This usually means that the mlock syscall is not available.

The problem does not occur when running a container with docker having root privileges.

Is there a way to provide root-less docker with privileges for mlock?

docker-compose.yml:

version: "3"
services:
  vault:
    image: "hashicorp/vault:1.8.0-rc2"
    user: "root"
    container_name: vault
    restart: on-failure:10
    volumes:
      - ./config:/vault/config:rw
      - ./file:/vault/file:rw
    ports:
      - 8200:8200
    cap_add:
      - IPC_LOCK
    environment:
      - VAULT_ADDR=http://0.0.0.0:8200
    command: vault server -config=/vault/config

config.hcl:

storage "file" {
  path    = "/vault/file"
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = "true"
}

api_addr = "http://127.0.0.1:8200"
ui = true

Answer 1 · 2021-10-26T11:58:13.000Z

Did you try disabling mlock?