Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename VAULT_VERSION environment variable in Dockerfile #140

Closed
wants to merge 2 commits into from

Conversation

@wouterhund
Copy link

commented Mar 18, 2019

Today I tried to get a custom database plugin running within the Vault docker container, only to face the error net/rpc plugin protocol not supported

After a bit of digging I found https://github.com/hashicorp/vault/blob/master/helper/pluginutil/env.go#L36 and tried changing the name of the VAULT_VERSION environment variable used within the Dockerfile to something else. This resolved my issue, so there appears to be an issue with vault plugins if the VAULT_VERSION environment variable is already set upon starting Vault.

My simple fix is to refrain from setting VAULT_VERSION in the container.

Instead of this PR it might be desired to fix the environment setting behavior in https://github.com/hashicorp/vault/blob/fb89af7cfa66b033951fa4c44ff31718537f094f/helper/pluginutil/runner.go#L81

@hashicorp-cla

This comment has been minimized.

Copy link

commented Mar 18, 2019

CLA assistant check
All committers have signed the CLA.

@wouterhund

This comment has been minimized.

Copy link
Author

commented Apr 8, 2019

@chrishoffman @lawliet89 Could you please take a look at this? We'd prefer not to have to keep a fork of this Dockerfile in order to use custom plugins.

@chrishoffman

This comment has been minimized.

Copy link
Member

commented Apr 12, 2019

The VAULT_VERSION environment variable is only used for building the image. I believe what might be happening is that your plugin is still using net/rpc and just needs to have it's dependencies updated to pull in the latest plugin library code.

@lawliet89

This comment has been minimized.

Copy link
Contributor

commented Apr 12, 2019

You might want to consider replacing the ENV with an ARG instead which is not persisted into the final image built.

(Also, I am not a maintainer, just a passerby.)

@wouterhund

This comment has been minimized.

Copy link
Author

commented Apr 16, 2019

Hi @chrishoffman, when a Dockerfile does ENV VAULT_VERSION 1.2.3 the running container will see the VAULT_VERSION environment variable being set. This confuses the running vault process, as it does not properly overwrite this environment variable when spawning plugins, and then the plugins get confused.

So the true bug appears to be with Vault not replacing the environment variable properly when spawning a plugin. Changing the naming in the Dockerfile is a simple workaround and may help avoid confusion.

Using ARG instead of ENV would also be good I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.