您的位置: 首页  >  技术问答  >  未检测到保管库令牌助手?

未检测到保管库令牌助手?

分类: 技术问答 2022-03-02 10:28:46

未检测到保管库令牌助手?

问题描述:

Problem:

I have three files in a vault:0.10.2 docker image at the following locations:

/home/myuser/token_helper: A token helper binary in Go that implements the token helper interface according to this documentation

/home/myuser/vault_start: A Go script that runs os.exec("vault", "operator", "init") and os.exec("vault", "server", "-config=myconfig.hcl")

/home/myuser/.vault: The token helper config file specifying the token helper binary location, and I've exported VAULT_CONFIG_PATH to point to this path. The file reads token_helper = "/home/myuser/token_helper".

The problem I'm seeing is while running the vault_start script, I get the following error:

failed to get token helper: error expanding config path "": exec: "getent": executable file not found in $PATH

Debugging Done So Far:

This error doesn't seem to be correct. which getent returns /usr/bin/getent, and the image $PATH contains it, proving that both exist. In addition, the config path is not "", it's set as /home/myuser/.vault but Vault detects it as empty apparently.

I've traced that error output to this file in Vault's command directory: . According to that block of code, it only errors out when $HOME is not set, but I've confirmed that $HOME is set in the shell.

In addition, I've specified everything that Vault has asked in order to implement the token helper according to this document, but it doesn't seem to be detecting the config file to run it. This seems to be an error with Vault, or am I missing something?

问题: strong> p>

我有三个文件 在 vault:0.10.2 code> docker映像中的以下位置: p>

/ home / myuser / token_helper code>:令牌帮助程序二进制文件 在Go中,它根据此文档实现了令牌帮助程序界面 p>

/ home / myuser / vault_start code>:运行 os.exec(“ vault”,“ operator”,“ init”)和 os.exec(“ vault”,“ server”,“-config = myconfig.hcl”) code> p>

/ home / myuser /.vault code>:令牌帮助器配置文件,指定了令牌帮助器的二进制位置,并且我已导出 VAULT_CONFIG_PATH code>指向此路径。 该文件读取 token_helper =“ / home / myuser / token_helper” code>。 p>

我看到的问题是运行 vault_start code>脚本时,出现以下错误: p> 

 无法获取令牌帮助器:扩展配置路径“”时出错:exec:“ getent”:在$ PATH 
  code>  pre> 
 
 
 调试完成中找不到可执行文件 远 strong>: p> 
 
 
此错误似乎不正确。  哪个getent  code>返回 / usr / bin / getent  code>,并且图像 $ PATH  code>包含它,证明两者都存在。 另外,配置路径不是“”  code>,而是设置为 /home/myuser/.vault  code>,但保险柜显然将其检测为空。 p> 
 \  n 
我已将该错误输出跟踪到 此文件在保险柜的 command  code>目录中:。 根据该代码块,只有在未设置 $ HOME  code>时,它才会出错,但是我已经确认在外壳程序中设置了 $ HOME  code>。   p> 
 
 
此外,我还根据此文档,但是它似乎没有检测到配置文件来运行它。 保管箱似乎出现错误,还是我遗漏了一些东西? p> 
  div>

Figured this out, it was because the os.exec("vault", "operator", "init") line did not inherit the VAULT_CONFIG_PATH variable setting from the host, and so it was empty.

The following shows how to give os.Exec environment variables during it's run:

    vaultInitCmd := exec.Command("vault", "operator", "init")
    vaultInitCmd.Env = []string{
    fmt.Sprintf(`VAULT_ADDR=%s`, addr),
    fmt.Sprintf(`VAULT_CONFIG_PATH=%s`, `/home/myuser/.vault`)}

相关推荐