search

hashicorp / consul-template

Template rendering, notifier, and supervisor for @HashiCorp Consul and Vault data.
https://www.hashicorp.com/
Mozilla Public License 2.0
4.76k stars 782 forks source link

consul-template and Vault unsupported protocol scheme "" #565

Closed tyrostone closed 8 years ago

tyrostone commented 8 years ago

Hi,

I am having trouble identifying the issue with my current Vault/consul-template setup. I have set the correct Vault (and Consul) permissions for the data I am attempting to access, and can confirm this by obtaining that data via curl on the machine in question. However, consul-template is not populating these values. See config, logs, and curl output below:

Config:

2016/03/04 17:34:57 [DEBUG] (runner) final config (tokens suppressed):
{
  "path": "config.hcl",
  "consul": "10.160.158.47:8500",
  "auth": {
    "enabled": false,
    "username": "",
    "password": ""
  },
  "vault": {
    "address": "10.160.158.47:8200",
    "renew": false,
    "ssl": {
      "enabled": false,
      "verify": false
    }
  },
  "ssl": {
    "enabled": false,
    "verify": true
  },
  "syslog": {
    "enabled": false,
    "facility": "LOCAL0"
  },
  "max_stale": 1000000000,
  "templates": [
    {
      "source": "/opt/application.properties.ctmpl",
      "destination": "/opt/application.properties",
      "command_timeout": 30000000000,
      "perms": 420,
      "backup": false
    }
  ],
  "retry": 30000000000,
  "wait": {
    "min": 0,
    "max": 0
  },
  "pid_file": "",
  "log_level": "debug",
  "deduplicate": {
    "enabled": false,
    "prefix": "consul-template/dedup/",
    "ttl": 15000000000
  },
  "reap": false
}

Curl command and output:
curl -H "X-Vault-Token: <TOKEN OMITTED>" \
     -X GET     http://10.160.158.47:8200/v1/secret/jobservice/data/keyalias
{"lease_id":"","renewable":false,"lease_duration":2592000,"data":{"value":"<VALUE OMITTED>"},"warnings":null,"auth":null}

Consul-template logs:
2016/03/04 17:34:57 [INFO] (runner) creating consul/api client
2016/03/04 17:34:57 [DEBUG] (runner) setting consul address to 10.160.158.47:8500
2016/03/04 17:34:57 [INFO] (runner) creating vault/api client
2016/03/04 17:34:57 [DEBUG] (runner) setting vault address to 10.160.158.47:8200
2016/03/04 17:34:57 [DEBUG] (runner) setting vault token
2016/03/04 17:34:57 [INFO] (runner) creating Watcher
2016/03/04 17:34:57 [INFO] (runner) starting
2016/03/04 17:34:57 [DEBUG] (runner) running initial templates
2016/03/04 17:34:57 [INFO] (runner) running
2016/03/04 17:34:57 [DEBUG] (runner) checking template /opt/application.properties.ctmpl
2016/03/04 17:34:57 [INFO] (runner) was not watching 4 dependencies
2016/03/04 17:34:57 [INFO] (watcher) adding "key(jobservice-rest/data/s3BucketName)"
2016/03/04 17:34:57 [DEBUG] (watcher) "key(jobservice-rest/data/s3BucketName)" starting
2016/03/04 17:34:57 [INFO] (watcher) adding "vault(secret/jobservice/data)"
2016/03/04 17:34:57 [DEBUG] (watcher) "vault(secret/jobservice/data)" starting
2016/03/04 17:34:57 [INFO] (watcher) adding "vault(secret/jobservice/data)"
2016/03/04 17:34:57 [DEBUG] (watcher) "vault(secret/jobservice/data)" already exists, skipping
2016/03/04 17:34:57 [INFO] (watcher) adding "key(jobservice-rest/data/s3BucketName)"
2016/03/04 17:34:57 [DEBUG] (watcher) "key(jobservice-rest/data/s3BucketName)" already exists, skipping
2016/03/04 17:34:57 [INFO] (runner) diffing and updating dependencies
2016/03/04 17:34:57 [INFO] (runner) watching 2 dependencies
2016/03/04 17:34:57 [DEBUG] (view) "vault(secret/jobservice/data)" starting fetch
2016/03/04 17:34:57 [DEBUG] ("vault(secret/jobservice/data)") querying vault with &{AllowStale:true WaitIndex:0 WaitTime:1m0s}
2016/03/04 17:34:57 [ERR] (view) "vault(secret/jobservice/data)" error reading from vault: Get /v1/secret/jobservice/data: unsupported protocol scheme ""
2016/03/04 17:34:57 [INFO] (view) "vault(secret/jobservice/data)" errored, retrying in 30s
2016/03/04 17:34:57 [ERR] (runner) watcher reported error: error reading from vault: Get /v1/secret/jobservice/data: unsupported protocol scheme ""
2016/03/04 17:34:57 [INFO] (runner) running
2016/03/04 17:34:57 [DEBUG] (runner) checking template /opt/application.properties.ctmpl
2016/03/04 17:34:57 [INFO] (runner) missing data for 2 dependencies
2016/03/04 17:34:57 [INFO] (runner) diffing and updating dependencies
2016/03/04 17:34:57 [DEBUG] (runner) "vault(secret/jobservice/data)" is still needed
2016/03/04 17:34:57 [DEBUG] (runner) "key(jobservice-rest/data/s3BucketName)" is still needed
2016/03/04 17:34:57 [INFO] (runner) watching 2 dependencies
2016/03/04 17:34:57 [DEBUG] (view) "key(jobservice-rest/data/s3BucketName)" starting fetch
2016/03/04 17:34:57 [DEBUG] ("key(jobservice-rest/data/s3BucketName)") querying consul with &{Datacenter: AllowStale:true RequireConsistent:false WaitIndex:0 WaitTime:1m0s Token: Near:}
2016/03/04 17:34:57 [DEBUG] ("key(jobservice-rest/data/s3BucketName)") Consul returned dynarch-jobservice-rest-data-coral
2016/03/04 17:34:57 [INFO] (view) "key(jobservice-rest/data/s3BucketName)" received data
2016/03/04 17:34:57 [DEBUG] (view) "key(jobservice-rest/data/s3BucketName)" starting fetch
2016/03/04 17:34:57 [DEBUG] ("key(jobservice-rest/data/s3BucketName)") querying consul with &{Datacenter: AllowStale:true RequireConsistent:false WaitIndex:17902 WaitTime:1m0s Token: Near:}
2016/03/04 17:34:57 [DEBUG] (runner) receiving dependency "key(jobservice-rest/data/s3BucketName)"
2016/03/04 17:34:57 [INFO] (runner) running
2016/03/04 17:34:57 [DEBUG] (runner) checking template /opt/application.properties.ctmpl
2016/03/04 17:34:57 [INFO] (runner) missing data for 1 dependencies
2016/03/04 17:34:57 [INFO] (runner) diffing and updating dependencies
2016/03/04 17:34:57 [DEBUG] (runner) "vault(secret/jobservice/data)" is still needed
2016/03/04 17:34:57 [DEBUG] (runner) "key(jobservice-rest/data/s3BucketName)" is still needed
2016/03/04 17:34:57 [INFO] (runner) watching 2 dependencies
^CReceived interrupt, cleaning up...
2016/03/04 17:35:24 [INFO] (runner) stopping
2016/03/04 17:35:24 [INFO] (watcher) stopping all views
2016/03/04 17:35:24 [DEBUG] (watcher) stopping "vault(secret/jobservice/data)"
2016/03/04 17:35:24 [DEBUG] (watcher) stopping "key(jobservice-rest/data/s3BucketName)"

Criticisms aside, what is the cause of the unsupported protocol scheme issue? How do I debug/fix this? Thanks!

sethvargo commented 8 years ago

Hi @tyrostone

What version of Consul Template are you using?

tyrostone commented 8 years ago

Sorry, v0.13.0

sethvargo commented 8 years ago

Hi @tyrostone

Can you please try updating your vault address to be:

http://10.160.158.47:8200

instead of just the IP and port?

tyrostone commented 8 years ago

That did the trick - thank you.

justechn commented 8 years ago

Can we get this updated so the consul and vault addresses are consistent? Either require http:// on both or neither?

Thanks