11 "github.com/hashicorp/vault/api"
15 vault = &vaultBooter{}
16 vaultCfg = api.DefaultConfig()
19 type vaultBooter struct {
23 func (vb *vaultBooter) Boot(ctx context.Context) error {
27 if vb.check(ctx) == nil {
31 bin := cfg.UsrDir + "/bin/vault"
33 URL: "https://releases.hashicorp.com/vault/0.6.4/vault_0.6.4_linux_amd64.zip",
42 cfgPath := path.Join(cfg.DataDir, "vault.hcl")
43 err = atomicWriteFile(cfgPath, []byte(fmt.Sprintf(`backend "consul" {
44 address = "127.0.0.1:%d"
48 address = "127.0.0.1:%d"
50 }`, cfg.Ports.ConsulHTTP, cfg.Ports.VaultServer)), 0644)
55 args := []string{"server", "-config=" + cfgPath}
56 supervisor := newSupervisor(ctx, "arvados-vault", bin, args...)
57 running, err := supervisor.Running(ctx)
62 defer feedbackf(ctx, "starting vault service")()
63 err = supervisor.Start(ctx)
65 return fmt.Errorf("starting vault: %s", err)
73 func (vb *vaultBooter) tryInit(ctx context.Context) {
75 vault, err := vb.client(ctx)
79 if init, err := vault.Sys().InitStatus(); err != nil {
80 log.Printf("error: vault InitStatus: %s", err)
85 resp, err := vault.Sys().Init(&api.InitRequest{
90 log.Printf("vault-init: %s", err)
93 atomicWriteJSON(path.Join(cfg.DataDir, "vault-keys.json"), resp, 0400)
94 atomicWriteFile(path.Join(cfg.DataDir, "vault-root-token.txt"), []byte(resp.RootToken), 0400)
96 for _, key := range resp.Keys {
97 resp, err := vault.Sys().Unseal(key)
99 log.Printf("error: unseal: %s", err)
103 log.Printf("unseal successful")
109 func (vb *vaultBooter) client(ctx context.Context) (*api.Client, error) {
111 vaultCfg.Address = fmt.Sprintf("http://0.0.0.0:%d", cfg.Ports.VaultServer)
112 return api.NewClient(vaultCfg)
115 func (vb *vaultBooter) check(ctx context.Context) error {
117 vault, err := vb.client(ctx)
121 token, err := ioutil.ReadFile(path.Join(cfg.DataDir, "vault-root-token.txt"))
125 vault.SetToken(string(token))
126 if init, err := vault.Sys().InitStatus(); err != nil {
129 return fmt.Errorf("vault is not initialized")