Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd notify capabilities are not enabled by default #14371

Closed
RickyGrassmuck opened this issue Mar 4, 2022 · 2 comments · Fixed by #14385
Closed

systemd notify capabilities are not enabled by default #14371

RickyGrassmuck opened this issue Mar 4, 2022 · 2 comments · Fixed by #14385
Labels
release/packaging

Comments

@RickyGrassmuck
Copy link
Contributor

Describe the bug
In #11517, the ability to notify systemd with the status of the vault server was added but the default Vault systemd unit file provided in the official packages does not set Type=notify so this feature doesn't ever get used when installing through package managers.

I only happened to realize this was even a feature due to having debug logs enabled on a dev environment where I saw the log message saying would have sent systemd notification (systemd not present) and got a bit worried since this machine definitely is a systemd box. Took a bit of digging to find the commit adding this and the comment about the systemd service having to have the Type=notify in it.

I don't see any reason that the unit file for Vault shouldn't be updated with Type=notify set and am happy to open a PR if there aren't any objections to it.

To Reproduce
Steps to reproduce the behavior:

  1. Install vault from the official Apt repos
  2. Start vault with debug logging enabled
  3. Notice the message would have sent systemd notification (systemd not present) shortly after starting up.
  4. Run systemctl edit vault and paste the code below in the editor and save.
[Service]
Type=notify
  1. Run systemctl daemon-reload && systemctl restart vault and you will now see the message sent systemd notification: notification=READY=1

Expected behavior
Vault's systemd unit file should properly configure it's type as notify when installed from a package.

Environment:

  • Vault Server Version: 1.9.4
  • Vault CLI Version: 1.9.4
  • Server Operating System/Architecture: Ubuntu 20.04 AMD64

Vault server configuration file(s):

max_lease_ttl      = "420h"
default_lease_ttl  = "1h"
log_level          = "Debug"
api_addr           = "https://192.168.1.69:8200"
cluster_addr       = "https://192.168.1.69:8201"
plugin_directory   = "/etc/vault.d/plugins"

seal "transit" {
  disable_renewal = "false"
  key_name = "autounseal"
  mount_path = "transit/"
}

ui = true

storage "raft" {
  path    = "/opt/vault/data"
  node_id = "vault-2"
}

listener "tcp" {
  address         = "0.0.0.0:8200"
  tls_disable     = 0
  tls_cert_file   = "/etc/vault.d/ssl/vault.crt"
  tls_key_file    = "/etc/vault.d/ssl/vault.key"
  tls_min_version = "tls12"
}
@sgmiller
Copy link
Collaborator

sgmiller commented Mar 4, 2022

Seems reasonable, feel free to work up a PR.

@RickyGrassmuck RickyGrassmuck mentioned this issue Mar 5, 2022
Merged
@RickyGrassmuck
Copy link
Contributor Author

@sgmiller Just opened up #14385 to address this.

This was referenced Mar 9, 2022
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
release/packaging
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Set systemd service type to notify RickyGrassmuck/vault
2 participants
@sgmiller @RickyGrassmuck