Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running vault v1.14.1 without DBUS_SESSION_BUS_ADDRESS set and no /run/user/<uid>/bus launches a persistent dbus-daemon #22560

Closed
brinnjoyce opened this issue Aug 25, 2023 · 4 comments
Closed

Running vault v1.14.1 without DBUS_SESSION_BUS_ADDRESS set and no /run/user/<uid>/bus launches a persistent dbus-daemon #22560

brinnjoyce opened this issue Aug 25, 2023 · 4 comments
Labels
core/dev core Issues and Pull-Requests specific to Vault Core

Comments

@brinnjoyce
Copy link

brinnjoyce commented Aug 25, 2023
edited

Describe the bug
Running vault as a user without DBUS_SESSION_BUS_ADDRESS set and no /run/user/<uid>/bus file causes vault to run dbus-launch which launches a persistent dbus-daemon process like this:
/usr/bin/dbus-daemon --syslog --fork --print-pid 4 --print-address 6 --session.

A new dbus-daemon will be launched every time vault is run.

The dbus-daemon processes use inotify instances, so if vault is executed enough times (configuration management in our instance) the user running vault will run into the fs.inotify.max_user_instances limit or fd limits causing issues for systemd etc.

To Reproduce
Steps to reproduce the behavior:

  1. Run vault --version with no DBUS_SESSION_BUS_ADDRESS set and no /run/user/<uid>/bus file
  2. See that there is now a new dbus-daemon process running as the user that ran vault.

Expected behavior
There should be no extra processes left running.

Environment:

  • Vault CLI Version (retrieve with vault version): v1.14.1
  • Server Operating System/Architecture: Ubuntu 18.04/22.04 amd64

Additional context

This is related to the godbus/dbus issue raised here godbus/dbus#372
Testing this as a workaround does avoid the issue:

env DBUS_SESSION_BUS_ADDRESS=$XDG_RUNTIME_DIR/bus vault --version
@brinnjoyce brinnjoyce changed the title Running vault v1.14.1 as root launches a forked dbus-daemon Running vault v1.14.1 without DBUS_SESSION_BUS_ADDRESS set and no /run/user/<uid>/bus launches a persistent dbus-daemon Aug 25, 2023
@biazmoreira biazmoreira added core Issues and Pull-Requests specific to Vault Core core/dev labels Aug 29, 2023
@biazmoreira biazmoreira mentioned this issue Aug 29, 2023
Closed
@biazmoreira
Copy link
Contributor

This is related to the snowflake bug, which I re-opened here snowflakedb/gosnowflake#901

We'll try to work this around with snowflake before trying to fix it directly in Vault.

@sfc-gh-dszmolka sfc-gh-dszmolka mentioned this issue Aug 29, 2023
Closed
@danielhass
Copy link

Thanks @vegaman for reporting this and providing a workaround.

We ran into this issue too with v1.14.1 and setting the env variable DBUS_SESSION_BUS_ADDRESS=$XDG_RUNTIME_DIR/bus seems to be a proper workaround so far.

@Soromeister Soromeister reopened this Sep 6, 2023
@jkhuang-42
Copy link

Running into this issue on vault version v1.14.3-ent but the workaround did not seem to have any effect, new dbus daemons still seem to be generated each time vault is called.

To be clear, is the workaround just export DBUS_SESSION_BUS_ADDRESS=$XDG_RUNTIME_DIR/bus ?

Also in my environment, XDG_RUNTIME_DIR does not have a value, is that an issue?

@Soromeister
Copy link
Contributor

@jkhuang-42, please see this KB article on how to solve this in the meantime. The article also covers the situation with no XDG_RUNTIME_DIR value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core/dev core Issues and Pull-Requests specific to Vault Core
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@danielhass @brinnjoyce @Soromeister @biazmoreira @jkhuang-42