search

kelseyhightower / serverless-vault-with-cloud-run

Guide to running Vault on Cloud Run
Apache License 2.0
398 stars 48 forks source link

storage migration check error when deploying #1

Open savageb1ts opened 3 years ago

savageb1ts commented 3 years ago

When deploying with: --set-env-vars="GOOGLE_PROJECT=${PROJECT_ID},GOOGLE_STORAGE_BUCKET=${GCS_BUCKET_NAME}" \

deployment never completes for me and error is logged:
"textPayload": "2020-12-18T01:45:05.526Z [WARN] storage migration check error: error=\"failed to read value for \"core/migration\": googleapi: got HTTP response code 400 with body: <?xml version='1.0' encoding='UTF-8'?><Error><Code>InvalidBucketName</Code><Message>The specified bucket is not valid.</Message><Details>Invalid bucket name: 'gs:'</Details></Error>\"",

Deploying with the gs:// removed from the GOOGLE_STORAGE_BUCKET variable allows the deployment to succeed:

gcloud beta run deploy vault-server \  
    --no-allow-unauthenticated \  
    --concurrency 50 \  
    --cpu 2 \  
    --image gcr.io/hightowerlabs/vault:run \   
    --memory '2G' \  
    --min-instances 1 \  
    --max-instances 1 \  
    --platform managed \  
    --port 8200 \  
    --service-account ${SERVICE_ACCOUNT_EMAIL} \  
    --set-env-vars="GOOGLE_PROJECT=${PROJECT_ID},GOOGLE_STORAGE_BUCKET=${GCS_BUCKET_NAME#'gs://'}" \  
    --timeout 300 \  
    --region us-west1
kevin-shelaga commented 3 years ago

Same issue here.

gcloud beta run deploy vault-server \
  --no-allow-unauthenticated \
  --concurrency 50 \
  --cpu 2 \
  --image gcr.io/hightowerlabs/vault:run \
  --memory '2G' \
  --min-instances 1 \
  --max-instances 1 \
  --platform managed \
  --port 8200 \
  --service-account ${SERVICE_ACCOUNT_EMAIL} \
  --set-env-vars="GOOGLE_PROJECT=${PROJECT_ID},GOOGLE_STORAGE_BUCKET=${GCS_BUCKET_NAME}" \
  --timeout 300 \
  --region us-west1
lvaylet commented 3 years ago

After looking at the bin/deploy script, I managed to fix the issue by removing the gs:// prefix from the GCS_BUCKET_NAME variable (and adding it manually when required).

So try deploying the new revision with:

gcloud beta run deploy vault-server \
  --no-allow-unauthenticated \
  --concurrency 50 \
  --cpu 2 \
  --image gcr.io/hightowerlabs/vault:run \
  --memory '2G' \
  --min-instances 1 \
  --max-instances 1 \
  --platform managed \
  --port 8200 \
  --service-account ${SERVICE_ACCOUNT_EMAIL} \
  --set-env-vars="GOOGLE_PROJECT=${PROJECT_ID},GOOGLE_STORAGE_BUCKET=${PROJECT_ID}-data" \
  --timeout 300 \
  --region us-west1

Note that the name of the buckets are not consistent between README.md and bin/deploy(...-data and ...-vault-data respectively).

kevin-shelaga commented 3 years ago

@lvaylet thank you, that fixed the issue for me :)

lvaylet commented 3 years ago

Thanks @kevin-shelaga but @savageb1ts' solution requires less editing. I should have read his post entirely before offering a less optimal solution. I stopped reading after noticing I had the same issue... I submitted a PR anyway, just in case others run into the same issue.