search

remilapeyre / vault-acme

Mozilla Public License 2.0
93 stars 23 forks source link

Cannot build #1

Closed heri16 closed 4 years ago

heri16 commented 4 years ago

This go package cannot be built:

export GO111MODULE=off
go get -d -u github.com/remilapeyre/vault-acme
cd $GOPATH/src/github.com/remilapeyre/vault-acme
export GO111MODULE=on
go get -d -v ./...
go get github.com/mitchellh/gox
make all

Do the paths need to be fixed?

heri16 commented 4 years ago

https://github.com/remilapeyre/vault-acme/blob/6ac7a952d9f7d04354aa4ecc0cc2be963e7da411/cmd/acme/main.go#L6

remilapeyre commented 4 years ago

Sorry about that, I always get confused with go modules, does the last commit fix your issue?

heri16 commented 4 years ago 
go: github.com/remilapeyre/acme/cmd/acme imports
    github.com/remilapeyre/vault-acme/acme: github.com/remilapeyre/vault-acme@v0.0.0-20191122113615-f6be7db50cb3: parsing go.mod:
    module declares its path as: github.com/remilapeyre/acme
            but was required as: github.com/remilapeyre/vault-acme

https://github.com/remilapeyre/vault-acme/blob/f6be7db50cb37540be293a7fc7af33f2ab290fc8/go.mod#L1

remilapeyre commented 4 years ago

Can you try setting this to module github.com/remilapeyre/vault-acme ?

Never again will I use different paths on my computer and GitHub :)

heri16 commented 4 years ago

Haha... it happens to everyone. Yes it works if i rename the above line in go.mod.

Currently trying to get this plugin compiled with CGO_ENABLED=0 to work on the official Vault docker image that uses alpine linux. But seems like it breaks something.

heri16 commented 4 years ago

The latest commit seems to have broken something?

#> vault secrets enable acme
Error enabling: Error making API request.

URL: POST http://139.162.27.172:22663/v1/sys/mounts/acme
Code: 400. Errors:

* Unrecognized remote plugin message:

This usually means that the plugin is either invalid or simply
needs to be recompiled to support the latest protocol.
heri16 commented 4 years ago

Found the workaround. "disable_mlock": "true"

Is there a reason this plugin cannot be loaded when mlock is enabled?

remilapeyre commented 4 years ago

This is the first time I write a Vault plugin so I'm not sure. I followed the documentation at https://www.vaultproject.io/docs/internals/plugins.html and https://learn.hashicorp.com/vault/developer/plugin-backends but could not get the plugin to work without disabling mlock either.

I don't know if I missed something or if the documentation is not up to date.

Are you running Vault in Docker?

heri16 commented 4 years ago

Yes I am running vault in Docker using the official docker image. Initially I thought alpine musl was the problem, but it seems like "mlock" is the problem. CGO_ENABLED=1 or CGO_ENABLED=0 or setcap cap_ipc_lock=+ep acme-plugin does not help. Shall we open another issue with regards to mlock support?

remilapeyre commented 4 years ago

Yes, I've added a note regarding this in the Readme and opened #2