I can't enable the secrets engine
DZoubire opened this issue · 10 comments
TL;DR
Hi,
I have downloaded the file vault-secrets-gen_0.1.6, I deleted the "path_passphrase.go" and the related code of the passphrase in the other files, then I compiled the code and sent it to my docker container with Linux x86_64 architecture instance that runs vault:1.8.1 version.
I transferred the vault-secret-gen file to the Linux under /vault/plugins directory (have mentioned this path for plugins in vault config file).
I successfully registered the plugin, but i can't enable it, i got this error :
Expected behavior
No response
Observed behavior
No response
Vault CLI (or API) output
/vault/plugins # ls -l
total 17592
-rwxrwxr-x 1 root root 18013605 Aug 10 09:56 vault-secrets-gen
/vault/plugins # vault secrets enable \
> -path="gen" \
> -plugin-name="secrets-gen" \
> plugin
Error enabling: Error making API request.
URL: POST http://127.0.0.1:8200/v1/sys/mounts/gen
Code: 400. Errors:
* fork/exec /vault/plugins/vault-secrets-gen: no such file or directory
Vault server logs
/vault/plugins # ls /sys/mounts/
ls: /sys/mounts/: No such file or directory
/vault/plugins # ls /sys/
block bus class dev devices firmware fs kernel module
/vault/plugins #
Additional information
Could you show me where am I going wrong, and how to correct it ?
Regards,
Please provide an end-to-end reproduction case. Be sure to include:
- Your vault config file
- The command you ran to start Vault
- The complete Vault server logs
- The steps and commands you used to build the binary and the build output
- The output of
ldd /vault/plugins/vault-secrets-gen
my vault config file:
server@TAG-3136:~/docker-vault$ cat docker-compose.yml
services:
vault:
image: vault:1.8.1
cap_add:
- IPC_LOCK
environment:
VAULT_LOCAL_CONFIG: '{"backend": {"file": {"path": "/vault/file"}}, "ui":"true", "listener": [{"tcp": {"address": "0.0.0.0:8400", "tls_disable": "1"}}], "plugin_directory":"/vault/plugins/"}'
server@TAG-3136:~/docker-vault$
commands to start vault:
I run the container "docker-compose up"
then : export VAULT_ADDR='http://127.0.0.1:8200'
and : export VAULT_TOKEN="root-token"
The complete Vault server logs:
server@TAG-3136:~/docker-vault$ docker-compose up
Creating docker-vault_vault_1 ... done
Attaching to docker-vault_vault_1
vault_1 | ==> Vault server configuration:
vault_1 |
vault_1 | Api Address: http://0.0.0.0:8200
vault_1 | Cgo: disabled
vault_1 | Cluster Address: https://0.0.0.0:8201
vault_1 | Go Version: go1.16.6
vault_1 | Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1 | Listener 2: tcp (addr: "0.0.0.0:8400", cluster address: "0.0.0.0:8401", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1 | Log Level: info
vault_1 | Mlock: supported: true, enabled: false
vault_1 | Recovery Mode: false
vault_1 | Storage: file
vault_1 | Version: Vault v1.8.1
vault_1 | Version Sha: 4b0264f28defc05454c31277cfa6ff63695a458d
vault_1 |
vault_1 | ==> Vault server started! Log data will stream in below:
vault_1 |
vault_1 | 2022-08-10T13:28:40.026Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
vault_1 | 2022-08-10T13:28:40.026Z [WARN] no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
vault_1 | 2022-08-10T13:28:40.028Z [INFO] core: security barrier not initialized
vault_1 | 2022-08-10T13:28:40.028Z [INFO] core: security barrier initialized: stored=1 shares=1 threshold=1
vault_1 | 2022-08-10T13:28:40.029Z [INFO] core: post-unseal setup starting
vault_1 | 2022-08-10T13:28:40.035Z [INFO] core: loaded wrapping token key
vault_1 | 2022-08-10T13:28:40.035Z [INFO] core: upgrading plugin information: plugins=[]
vault_1 | 2022-08-10T13:28:40.035Z [INFO] core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1 | 2022-08-10T13:28:40.035Z [INFO] core: no mounts; adding default mount table
vault_1 | 2022-08-10T13:28:40.037Z [INFO] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1 | 2022-08-10T13:28:40.037Z [INFO] core: successfully mounted backend: type=system path=sys/
vault_1 | 2022-08-10T13:28:40.037Z [INFO] core: successfully mounted backend: type=identity path=identity/
vault_1 | 2022-08-10T13:28:40.039Z [INFO] core: successfully enabled credential backend: type=token path=token/
vault_1 | 2022-08-10T13:28:40.039Z [INFO] rollback: starting rollback manager
vault_1 | 2022-08-10T13:28:40.039Z [INFO] core: restoring leases
vault_1 | 2022-08-10T13:28:40.040Z [INFO] identity: entities restored
vault_1 | 2022-08-10T13:28:40.040Z [INFO] identity: groups restored
vault_1 | 2022-08-10T13:28:40.040Z [INFO] expiration: lease restore complete
vault_1 | 2022-08-10T13:28:40.040Z [INFO] core: post-unseal setup complete
vault_1 | 2022-08-10T13:28:40.041Z [INFO] core: root token generated
vault_1 | 2022-08-10T13:28:40.041Z [INFO] core: pre-seal teardown starting
vault_1 | 2022-08-10T13:28:40.041Z [INFO] rollback: stopping rollback manager
vault_1 | 2022-08-10T13:28:40.041Z [INFO] core: pre-seal teardown complete
vault_1 | 2022-08-10T13:28:40.041Z [INFO] core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8201
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8401
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8401
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core: post-unseal setup starting
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core: loaded wrapping token key
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core: upgrading plugin information: plugins=[]
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1 | 2022-08-10T13:28:40.042Z [INFO] core: successfully mounted backend: type=system path=sys/
vault_1 | 2022-08-10T13:28:40.043Z [INFO] core: successfully mounted backend: type=identity path=identity/
vault_1 | 2022-08-10T13:28:40.043Z [INFO] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1 | 2022-08-10T13:28:40.043Z [INFO] core: successfully enabled credential backend: type=token path=token/
vault_1 | 2022-08-10T13:28:40.043Z [INFO] rollback: starting rollback manager
vault_1 | 2022-08-10T13:28:40.043Z [INFO] core: restoring leases
vault_1 | 2022-08-10T13:28:40.045Z [INFO] identity: entities restored
vault_1 | 2022-08-10T13:28:40.045Z [INFO] identity: groups restored
vault_1 | 2022-08-10T13:28:40.045Z [INFO] expiration: lease restore complete
vault_1 | 2022-08-10T13:28:40.045Z [INFO] core: post-unseal setup complete
vault_1 | 2022-08-10T13:28:40.045Z [INFO] core: vault is unsealed
vault_1 | 2022-08-10T13:28:40.047Z [INFO] core: successful mount: namespace="" path=secret/ type=kv
vault_1 | 2022-08-10T13:28:40.057Z [INFO] secrets.kv.kv_f12d96d1: collecting keys to upgrade
vault_1 | 2022-08-10T13:28:40.057Z [INFO] secrets.kv.kv_f12d96d1: done collecting keys: num_keys=1
vault_1 | 2022-08-10T13:28:40.057Z [INFO] secrets.kv.kv_f12d96d1: upgrading keys finished
vault_1 | WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
vault_1 | and starts unsealed with a single unseal key. The root token is already
vault_1 | authenticated to the CLI, so you can immediately begin using Vault.
vault_1 |
vault_1 | You may need to set the following environment variable:
vault_1 |
vault_1 | $ export VAULT_ADDR='http://0.0.0.0:8200'
vault_1 |
vault_1 | The unseal key and root token are displayed below in case you want to
vault_1 | seal/unseal the Vault or re-authenticate.
vault_1 |
vault_1 | Unseal Key: AQsExZvYGbsAo7MGqW4drGyJji2dHvOS3k/LlyQ8Ync=
vault_1 | Root Token: s.dLB8coH1rrP48Xr1JbsBYFGN
vault_1 |
vault_1 | Development mode should NOT be used in production installations!
The steps and commands you used to build the binary and the build output:
- after making my changes to the code, I executed the go bulid command " go build -o vault-secrets-gen main.go"
- then, I archived the "vault-secrets-gen" file and sent it to my vault container through "ftp"
- I extracted the tar file, moved the "vault-secrets-gen" to "/vault/plugins"
- I Enabled mlock : setcap cap_ipc_lock=+ep /vault/plugins/vault-secrets-gen
- registed the plugin : vault plugin register -sha256="${SHA256}" -command="vault-secrets-gen" secret secrets-gen
- and I tied to enable it : vault secrets enable -path="gen" -plugin-name="secrets-gen" plugin
The output of ldd /vault/plugins/vault-secrets-gen:
/vault/plugins # ldd vault-secrets-gen
/lib64/ld-linux-x86-64.so.2 (0x7fad36e11000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7fad36e11000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7fad36e11000)
What are the vault server logs after you run vault secrets enable
?
Is your container alpine? Can you turn on debug logging
- after you run "vault secrets enable" vault secret logs are :
vault_1 | 2022-08-11T07:50:44.275Z [DEBUG] secrets.secrets-gen.secrets-gen_e32130e2.secrets-gen: starting plugin: metadata=true path=/vault/plugins/vault-secrets-gen args=["/vault/plugins/vault-secrets-gen"]
vault_1 | 2022-08-11T07:50:44.275Z [ERROR] secrets.system.system_2fdb0b73: error occurred during enable mount: path=gen/ error="fork/exec /vault/plugins/vault-secrets-gen: no such file or directory"
-
yes my container is Alpine.
-
my debug login :
server@TAG-3136:~/docker-vault$ docker-compose up
Creating docker-vault_vault_1 ... done
Attaching to docker-vault_vault_1
vault_1 | ==> Vault server configuration:
vault_1 |
vault_1 | Api Address: http://0.0.0.0:8200
vault_1 | Cgo: disabled
vault_1 | Cluster Address: https://0.0.0.0:8201
vault_1 | Go Version: go1.16.6
vault_1 | Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1 | Listener 2: tcp (addr: "0.0.0.0:8400", cluster address: "0.0.0.0:8401", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
vault_1 | Log Level: debug
vault_1 | Mlock: supported: true, enabled: false
vault_1 | Recovery Mode: false
vault_1 | Storage: file
vault_1 | Version: Vault v1.8.1
vault_1 | Version Sha: 4b0264f28defc05454c31277cfa6ff63695a458d
vault_1 |
vault_1 | ==> Vault server started! Log data will stream in below:
vault_1 |
vault_1 | 2022-08-11T07:41:45.565Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
vault_1 | 2022-08-11T07:41:45.565Z [WARN] no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
vault_1 | 2022-08-11T07:41:45.566Z [DEBUG] core: set config: sanitized config={"api_addr":"","cache_size":0,"cluster_addr":"","cluster_cipher_suites":"","cluster_name":"","default_lease_ttl":0,"default_max_request_duration":0,"disable_cache":false,"disable_clustering":false,"disable_indexing":false,"disable_mlock":true,"disable_performance_standby":false,"disable_printable_check":false,"disable_sealwrap":false,"disable_sentinel_trace":false,"enable_response_header_hostname":false,"enable_response_header_raft_node_id":false,"enable_ui":true,"listeners":[{"config":{"address":"127.0.0.1:8200","proxy_protocol_authorized_addrs":"127.0.0.1:8200","proxy_protocol_behavior":"allow_authorized","tls_disable":true},"type":"tcp"},{"config":{"address":"0.0.0.0:8400","tls_disable":"1"},"type":"tcp"}],"log_format":"unspecified","log_level":"Debug","max_lease_ttl":0,"pid_file":"","plugin_directory":"/vault/plugins/","raw_storage_endpoint":false,"seals":[{"disabled":false,"type":"shamir"}],"storage":{"cluster_addr":"","disable_clustering":false,"redirect_addr":"","type":"file"},"telemetry":{"add_lease_metrics_namespace_labels":false,"circonus_api_app":"","circonus_api_token":"","circonus_api_url":"","circonus_broker_id":"","circonus_broker_select_tag":"","circonus_check_display_name":"","circonus_check_force_metric_activation":"","circonus_check_id":"","circonus_check_instance_id":"","circonus_check_search_tag":"","circonus_check_tags":"","circonus_submission_interval":"","circonus_submission_url":"","disable_hostname":true,"dogstatsd_addr":"","dogstatsd_tags":null,"lease_metrics_epsilon":3600000000000,"maximum_gauge_cardinality":500,"metrics_prefix":"","num_lease_metrics_buckets":168,"prometheus_retention_time":86400000000000,"stackdriver_debug_logs":false,"stackdriver_location":"","stackdriver_namespace":"","stackdriver_project_id":"","statsd_address":"","statsite_address":"","usage_gauge_period":600000000000}}
vault_1 | 2022-08-11T07:41:45.566Z [DEBUG] storage.cache: creating LRU cache: size=0
vault_1 | 2022-08-11T07:41:45.566Z [DEBUG] cluster listener addresses synthesized: cluster_addresses=[0.0.0.0:8201, 0.0.0.0:8401]
vault_1 | 2022-08-11T07:41:45.566Z [INFO] core: security barrier not initialized
vault_1 | 2022-08-11T07:41:45.566Z [INFO] core: security barrier initialized: stored=1 shares=1 threshold=1
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster name not found/set, generating new
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster name set: name=vault-cluster-494a9348
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster ID not found, generating new
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: cluster ID set: id=7eab64e5-59d7-4e65-50e7-26d2d5a8ce78
vault_1 | 2022-08-11T07:41:45.567Z [INFO] core: post-unseal setup starting
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: clearing forwarding clients
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: done clearing forwarding clients
vault_1 | 2022-08-11T07:41:45.567Z [DEBUG] core: persisting feature flags
vault_1 | 2022-08-11T07:41:45.573Z [INFO] core: loaded wrapping token key
vault_1 | 2022-08-11T07:41:45.573Z [INFO] core: upgrading plugin information: plugins=[]
vault_1 | 2022-08-11T07:41:45.573Z [INFO] core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1 | 2022-08-11T07:41:45.573Z [INFO] core: no mounts; adding default mount table
vault_1 | 2022-08-11T07:41:45.573Z [INFO] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1 | 2022-08-11T07:41:45.574Z [INFO] core: successfully mounted backend: type=system path=sys/
vault_1 | 2022-08-11T07:41:45.574Z [INFO] core: successfully mounted backend: type=identity path=identity/
vault_1 | 2022-08-11T07:41:45.577Z [INFO] core: successfully enabled credential backend: type=token path=token/
vault_1 | 2022-08-11T07:41:45.577Z [INFO] rollback: starting rollback manager
vault_1 | 2022-08-11T07:41:45.577Z [INFO] core: restoring leases
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] identity: loading entities
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] identity: entities collected: num_existing=0
vault_1 | 2022-08-11T07:41:45.578Z [INFO] identity: entities restored
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] identity: identity loading groups
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] identity: groups collected: num_existing=0
vault_1 | 2022-08-11T07:41:45.578Z [INFO] identity: groups restored
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] expiration: collecting leases
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] expiration: leases collected: num_existing=0
vault_1 | 2022-08-11T07:41:45.578Z [INFO] core: post-unseal setup complete
vault_1 | 2022-08-11T07:41:45.578Z [INFO] expiration: lease restore complete
vault_1 | 2022-08-11T07:41:45.578Z [INFO] core: root token generated
vault_1 | 2022-08-11T07:41:45.578Z [INFO] core: pre-seal teardown starting
vault_1 | 2022-08-11T07:41:45.578Z [DEBUG] expiration: stop triggered
vault_1 | 2022-08-11T07:41:45.579Z [DEBUG] expiration: finished stopping
vault_1 | 2022-08-11T07:41:45.579Z [INFO] rollback: stopping rollback manager
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: pre-seal teardown complete
vault_1 | 2022-08-11T07:41:45.579Z [DEBUG] core: unseal key supplied: migrate=false
vault_1 | 2022-08-11T07:41:45.579Z [DEBUG] core: starting cluster listeners
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8201
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8401
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8401
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: post-unseal setup starting
vault_1 | 2022-08-11T07:41:45.579Z [DEBUG] core: clearing forwarding clients
vault_1 | 2022-08-11T07:41:45.579Z [DEBUG] core: done clearing forwarding clients
vault_1 | 2022-08-11T07:41:45.579Z [DEBUG] core: persisting feature flags
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: loaded wrapping token key
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: upgrading plugin information: plugins=[]
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: successfully setup plugin catalog: plugin-directory=/vault/plugins
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: successfully mounted backend: type=system path=sys/
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: successfully mounted backend: type=identity path=identity/
vault_1 | 2022-08-11T07:41:45.579Z [INFO] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
vault_1 | 2022-08-11T07:41:45.580Z [INFO] core: successfully enabled credential backend: type=token path=token/
vault_1 | 2022-08-11T07:41:45.580Z [INFO] rollback: starting rollback manager
vault_1 | 2022-08-11T07:41:45.580Z [INFO] core: restoring leases
vault_1 | 2022-08-11T07:41:45.580Z [DEBUG] identity: loading entities
vault_1 | 2022-08-11T07:41:45.580Z [DEBUG] identity: entities collected: num_existing=0
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] expiration: collecting leases
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] expiration: leases collected: num_existing=0
vault_1 | 2022-08-11T07:41:45.581Z [INFO] identity: entities restored
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] identity: identity loading groups
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] identity: groups collected: num_existing=0
vault_1 | 2022-08-11T07:41:45.581Z [INFO] identity: groups restored
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] core: request forwarding setup function
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] core: clearing forwarding clients
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] core: done clearing forwarding clients
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] core: request forwarding not setup
vault_1 | 2022-08-11T07:41:45.581Z [DEBUG] core: leaving request forwarding setup function
vault_1 | 2022-08-11T07:41:45.581Z [INFO] expiration: lease restore complete
vault_1 | 2022-08-11T07:41:45.581Z [INFO] core: post-unseal setup complete
vault_1 | 2022-08-11T07:41:45.581Z [INFO] core: vault is unsealed
vault_1 | 2022-08-11T07:41:45.582Z [INFO] core: successful mount: namespace="" path=secret/ type=kv
vault_1 | 2022-08-11T07:41:45.582Z [DEBUG] would have sent systemd notification (systemd not present): notification=READY=1
vault_1 | 2022-08-11T07:41:45.593Z [INFO] secrets.kv.kv_c624dd0b: collecting keys to upgrade
vault_1 | 2022-08-11T07:41:45.593Z [INFO] secrets.kv.kv_c624dd0b: done collecting keys: num_keys=1
vault_1 | 2022-08-11T07:41:45.593Z [DEBUG] secrets.kv.kv_c624dd0b: upgrading keys: progress=0/1
vault_1 | 2022-08-11T07:41:45.593Z [INFO] secrets.kv.kv_c624dd0b: upgrading keys finished
vault_1 | WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
vault_1 | and starts unsealed with a single unseal key. The root token is already
vault_1 | authenticated to the CLI, so you can immediately begin using Vault.
vault_1 |
vault_1 | You may need to set the following environment variable:
vault_1 |
vault_1 | $ export VAULT_ADDR='http://0.0.0.0:8200'
vault_1 |
vault_1 | The unseal key and root token are displayed below in case you want to
vault_1 | seal/unseal the Vault or re-authenticate.
vault_1 |
vault_1 | Unseal Key: hiMYKylBC9UWgKx0ppronqDbmrG6IdMiofYKmyOctHw=
vault_1 | Root Token: s.0sXrPIYWQhe0c6g8MfNDE8cj
vault_1 |
vault_1 | Development mode should NOT be used in production installations!
vault_1 |
vault_1 | 2022-08-11T07:50:44.275Z [DEBUG] secrets.secrets-gen.secrets-gen_e32130e2.secrets-gen: starting plugin: metadata=true path=/vault/plugins/vault-secrets-gen args=["/vault/plugins/vault-secrets-gen"]
vault_1 | 2022-08-11T07:50:44.275Z [ERROR] secrets.system.system_2fdb0b73: error occurred during enable mount: path=gen/ error="fork/exec /vault/plugins/vault-secrets-gen: no such file or directory"
There are a number of issues with alpine linux and Vault plugins: hashicorp/vault#8009. Do other plugins compiled from source work?
Also, does this happen with a pre-compiled version from the releases page?
I didn't try the other plugins.
the pre-compiled plugin works very well, but after the modification it won't.
If the pre-compiled plugin works, please use that. This is likely a problem with your installation or setup, which is outside the scope of this project.
Hi @sethvargo now i got this error when try to enable it :
Error enabling: Error making API request.
URL: POST http://0.0.0.0:8200/v1/sys/mounts/gen
Code: 400. Errors:
* Unrecognized remote plugin message:
This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol.
and after executing this command i got this error :
/ # ldd /vault/plugins/vault-secrets-gen
/lib/ld-musl-x86_64.so.1: /vault/plugins/vault-secrets-gen: Not a valid dynamic program
for vault logs :
vault_1 | 2022-08-16T12:01:33.817Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: starting plugin: metadata=true path=/vault/plugins/vault-secrets-gen args=["/vault/plugins/vault-secrets-gen"]
vault_1 | 2022-08-16T12:01:33.817Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: plugin started: metadata=true path=/vault/plugins/vault-secrets-gen pid=342
vault_1 | 2022-08-16T12:01:33.817Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: waiting for RPC address: metadata=true path=/vault/plugins/vault-secrets-gen
vault_1 | 2022-08-16T12:01:33.817Z [ERROR] secrets.system.system_b8748210: error occurred during enable mount: path=gen/
vault_1 | error=
vault_1 | | Unrecognized remote plugin message:
vault_1 | |
vault_1 | | This usually means that the plugin is either invalid or simply
vault_1 | | needs to be recompiled to support the latest protocol.
vault_1 |
vault_1 | 2022-08-16T12:01:33.818Z [DEBUG] secrets.secrets-gen.secrets-gen_c6a64fea.secrets-gen: plugin process exited: metadata=true path=/vault/plugins/vault-secrets-gen pid=342 error="exit status 1"