nomad 0.5.5 segfault with vault enable=true #2451
Comments
|
with vault { enabled=false }, it starts up fine. |
|
@csawyerYumaed Just verified! It crashes if that role doesn't exist! If you create the role it should work. |
|
I used to use a root token, but according to the 0.5.5 changelog, root tokens aren't allowed anymore, so I'm using the instructions provided via the docs.. curl https://nomadproject.io/data/vault/nomad-server-policy.hcl -O -s -L |
|
@csawyerYumaed Change I see the docs that confused you (https://www.nomadproject.io/docs/agent/configuration/vault.html). Will update the website. |
|
yup, sorry! I should have caught that. Fixed, and it starts now! :) |
|
@csawyerYumaed Website is updated! Sorry about that! |
|
Oh also @dadgar , if yo udon't allow root tokens, the website should probably be updated to not mention root tokens anymore. |
|
@csawyerYumaed Root tokens are still allowed. What has changed is that tasks can't ask for a root token. https://www.nomadproject.io/docs/vault-integration/index.html#root-token-integration |
|
AH! I misunderstood that, and went to all this trouble to not use a root token for nomad master. Oh well, probably better for me anyways! Thanks for "forcing" me to be more secure, HAHA :) |
|
I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues. |
If you have a question, prepend your issue with
[question]or preferably use the nomad mailing list.If filing a bug please include the following:
Nomad version
Nomad v0.5.5
Operating system and Environment details
$ cat /etc/issue
Debian GNU/Linux 8 \n \l
$ uname -a
Linux nomad1 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux
Issue
sigsev
Reproduction steps
vault {
enabled = true
address = "https://vault.service.consul:8200"
token = "MAGICTOKENHERE"
# Setting the create_from_role option causes Nomad to create tokens for tasks
# via the provided role. This allows the role to manage what policies are
# allowed and disallowed for use by tasks.
create_from_role = "nomad-server"
}
Nomad Server logs (if appropriate)
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0xd0fca0]
goroutine 12 [running]:
github.com/hashicorp/nomad/nomad.(*vaultClient).validateRole(0xc420381380, 0xc4203e12b1, 0xc, 0xc4204b8000, 0x0)
/opt/gopath/src/github.com/hashicorp/nomad/nomad/vault.go:793 +0x290
github.com/hashicorp/nomad/nomad.(*vaultClient).parseSelfToken(0xc420381380, 0xc420444001, 0x0)
/opt/gopath/src/github.com/hashicorp/nomad/nomad/vault.go:680 +0x291
github.com/hashicorp/nomad/nomad.(*vaultClient).establishConnection(0xc420381380)
/opt/gopath/src/github.com/hashicorp/nomad/nomad/vault.go:437 +0x293
github.com/hashicorp/nomad/nomad.(*vaultClient).(github.com/hashicorp/nomad/nomad.establishConnection)-fm()
/opt/gopath/src/github.com/hashicorp/nomad/nomad/vault.go:259 +0x2a
github.com/hashicorp/nomad/nomad.wrapNilError.func1(0x0, 0x0)
/opt/gopath/src/github.com/hashicorp/nomad/nomad/vault.go:1178 +0x24
github.com/hashicorp/nomad/vendor/gopkg.in/tomb%2ev2.(*Tomb).run(0xc4204031d0, 0xc420413380)
/opt/gopath/src/github.com/hashicorp/nomad/vendor/gopkg.in/tomb.v2/tomb.go:153 +0x2b
created by github.com/hashicorp/nomad/vendor/gopkg.in/tomb%2ev2.(*Tomb).Go
/opt/gopath/src/github.com/hashicorp/nomad/vendor/gopkg.in/tomb.v2/tomb.go:149 +0xd2
Nomad Client logs (if appropriate)
Job file (if appropriate)
The text was updated successfully, but these errors were encountered: