Duplicate listeners attempting to be created

[smcpeck]

I'm using (what I think is) a simple docker-compose setup.

docker-compose.yml

version: '3.6'

services:
  vault:
    image: vault
    volumes:
      - /srv/vault/config:/vault/config
      - /srv/vault/config/vault-config.json:/vault/config/vault-config.hcl
      - /srv/vault/policies:/vault/policies
      - /srv/vault/data:/vault/data
      - /srv/vault/logs:/vault/logs
    command: server -config=/vault/config/vault-config.hcl -log-level=trace
    cap_add:
      - IPC_LOCK

vault-config.hcl

backend "file" {
  path = "vault/data"
}

listener "tcp" {
  address = "127.0.0.1:8200"
  tls_disable = true
}

api_addr = "http://127.0.0.1:8200"

ui = true

logs

Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: address already in use,
2021-04-29T15:46:56.257Z [INFO]  proxy environment: http_proxy= https_proxy= no_proxy=,
2021-04-29T15:46:56.259Z [DEBUG] core: set config: sanitized config={"api_addr":"http://127.0.0.1:8200","cache_size":0,"cluster_addr":"","cluster_cipher_suites":"","cluster_name":"","default_lease_ttl":0,"default_max_request_duration":0,"disable_cache":false,"disable_clustering":false,"disable_indexing":false,"disable_mlock":false,"disable_performance_standby":false,"disable_printable_check":false,"disable_sealwrap":false,"disable_sentinel_trace":false,"enable_ui":true,"listeners":[{"config":{"address":"127.0.0.1:8200","tls_disable":true},"type":"tcp"},{"config":{"address":"127.0.0.1:8200","tls_disable":true},"type":"tcp"}],"log_format":"unspecified","log_level":"","max_lease_ttl":0,"pid_file":"","plugin_directory":"","raw_storage_endpoint":false,"seals":[{"disabled":false,"type":"shamir"}],"storage":{"cluster_addr":"","disable_clustering":false,"redirect_addr":"http://127.0.0.1:8200","type":"file"}},
2021-04-29T15:46:56.259Z [DEBUG] storage.cache: creating LRU cache: size=0,

Things of note from the logs.

• Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: address already in use
• "listeners":[{"config":{"address":"127.0.0.1:8200","tls_disable":true},"type":"tcp"},{"config":{"address":"127.0.0.1:8200","tls_disable":true},"type":"tcp"}]

It seems, to me, that vault's config is doubling up on listener creation and the 2nd attempt fails which kills the whole startup process.

This happens no matter what port I put in my listener config, so it isn't that 8200 is starting based on some default config and then my config is doubling it up. If I put 8201 in there, then the config shown in the logs shows duplicate listeners for 8201.

I've seen many posts that seem semi-related to my issue, but none of them offer up a decent solution that has worked for me.

[rhotchkiss]

I believe this may be related to https://github.com/hashicorp/docker-vault/issues/109

i.e. vault is automatically reading in config from the config volume(s), and then also reading it from your command line argument. I would suggest removing the config volumes from your compose file to check this.

[smcpeck]

Thanks, @rhotchkiss. I'll give this a look and report back once I've done so.

[wildone]

yep thats correct you don't need -config if you are loading it via volume.

[smcpeck]

Better late than never, right? I never fully configured Vault, but did get further along after removing the command line argument that points to the config file. 🍻

[tvsaru]

This tripped me as well. I was trying to setup a local dev env with two docker containers acting as two nodes in vault cluster.

> tree
.
├── config
│   ├── configuration.common.hcl
|   ├── configuration.node1.hcl
│   └── configuration.node2.hcl
└── logs
    ├── node1
    ├── node2

I thought in my docker-compose.yml I could do this:

...
  vault_foo_node_1:
  ...
    command:
      - server
      - -config=/vault/config/configuration.common.hcl
      - -config=/vault/config/configuration.node1.hcl
    volumes:
      - ./config/:/vault/config
      - ./logs/node1:/vault/logs

but as you noted that results in vault loading the config files from command line options and ALSO from the config volume.

After finding this Github Issue, I restructured as follows:

> tree
.
├── config
│   ├── configuration.common.hcl
│   ├── node1
│   │   └── configuration.node1.hcl
│   └── node2
│       └── configuration.node2.hcl
└── logs
    ├── node1
    ├── node2

docker-compose.yml:

...
  vault_foo_node_1:
  ...
    command:
      - server
    volumes:
      - ./config/node1:/vault/config
      - ./config/configuration.common.hcl:/vault/config/configuration.common.hcl
      - ./logs/node1:/vault/logs
...
  vault_foo_node_2:
  ...
    command:
      - server
    volumes:
      - ./config/node2:/vault/config
      - ./config/configuration.common.hcl:/vault/config/configuration.common.hcl
      - ./logs/node2:/vault/logs

[ahmetonurslmz]

Hello,

I’ve written solution in the link. Please check it out to fix the issue. https://en.ahmetonursolmaz.com.tr/error-initializing-listener-of-type-tcp-listen-tcp-127-0-0-18200-bind-address-already-in-use/