12 "github.com/hashicorp/vault/api"
16 vault = &vaultBooter{}
17 vaultCfg = api.DefaultConfig()
20 type vaultBooter struct {
24 func (vb *vaultBooter) Boot(ctx context.Context) error {
28 if vb.check(ctx) == nil {
32 bin := cfg.UsrDir + "/bin/vault"
34 URL: "https://releases.hashicorp.com/vault/0.6.4/vault_0.6.4_linux_amd64.zip",
43 cfgPath := path.Join(cfg.DataDir, "vault.hcl")
44 err = atomicWriteFile(cfgPath, []byte(fmt.Sprintf(`backend "consul" {
45 address = "127.0.0.1:%d"
49 address = "127.0.0.1:%d"
51 }`, cfg.Ports.ConsulHTTP, cfg.Ports.VaultServer)), 0644)
56 args := []string{"server", "-config=" + cfgPath}
57 supervisor := newSupervisor(ctx, "arvados-vault", bin, args...)
58 running, err := supervisor.Running(ctx)
63 defer feedbackf(ctx, "starting vault service")()
64 err = supervisor.Start(ctx)
66 return fmt.Errorf("starting vault: %s", err)
70 if err := vb.tryInit(ctx); err != nil {
73 return waitCheck(ctx, 30*time.Second, vb.check)
76 func (vb *vaultBooter) tryInit(ctx context.Context) error {
81 if err := waitCheck(ctx, time.Minute, func(context.Context) error {
83 vault, err = vb.client(ctx)
87 init, err = vault.Sys().InitStatus()
95 resp, err := vault.Sys().Init(&api.InitRequest{
100 return fmt.Errorf("vault-init: %s", err)
102 atomicWriteJSON(path.Join(cfg.DataDir, "vault-keys.json"), resp, 0400)
103 atomicWriteFile(path.Join(cfg.DataDir, "vault-root-token.txt"), []byte(resp.RootToken), 0400)
105 for _, key := range resp.Keys {
106 resp, err := vault.Sys().Unseal(key)
108 log.Printf("error: unseal: %s", err)
112 log.Printf("unseal successful")
116 return fmt.Errorf("vault unseal failed!")
119 func (vb *vaultBooter) client(ctx context.Context) (*api.Client, error) {
121 vaultCfg.Address = fmt.Sprintf("http://0.0.0.0:%d", cfg.Ports.VaultServer)
122 return api.NewClient(vaultCfg)
125 func (vb *vaultBooter) check(ctx context.Context) error {
127 vault, err := vb.client(ctx)
131 token, err := ioutil.ReadFile(path.Join(cfg.DataDir, "vault-root-token.txt"))
135 vault.SetToken(string(token))
136 if init, err := vault.Sys().InitStatus(); err != nil {
139 return fmt.Errorf("vault is not initialized")