Vault 开发模式初始化错误,作为高山容器中的 non-root 用户:/dev/null/.vault 不是目录

Vault dev mode initialization error as non-root user in alpine container: /dev/null/.vault not a directory

标题有点概括。 Dockerfile 如下。我在构建中没有其他错误。当我在 ENTRYPOINT.

之前将用户设置为 vault 时,docker 运行 命令吐出如下所示的 Error initializing

它在 /dev/null 中寻找什么,或者它为什么在那里寻找?我无法在任何相关的谷歌搜索中找到对 /dev/null 的任何引用。

> docker build -t vault-deploy .
> docker run --rm -it --cap-add=IPC_LOCK -p 127.0.0.1:8200:8200 vault-deploy



         Api Address: http://0.0.0.0:8200
                 Cgo: enabled
     Cluster Address: https://0.0.0.0:8201
          Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
           Log Level: trace
               Mlock: supported: true, enabled: false
             Storage: file
             Version: Vault v0.11.0

Error initializing Dev mode: open /dev/null/.vault: not a directory


vault-dev-config.hcl:

storage "file" {
  path = "/var/vault/data"
  }

(如果我使用 storage "inmem" {} 或让它使用默认配置,我会得到相同的行为。)


Docker文件:

FROM [INTERNAL DOCKER IMAGE REPOSITORY]/alpine-python3

# Vault is in the testing repository, edge branch.
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories

# - - - - - - - - - - - - - - - - - - - - - - - -
# Container packages.
# libcap: For the setcap executable.
# - - - - - - - - - - - - - - - - - - - - - - - -
RUN apk update \
    && apk --no-cache add -u vault \
    && apk add --update libcap \
    && rm -rf /var/cache/apk/*


# - - - - - - - - - - - - - - - - - - - - - - - -
# Execution configuration.
# - - - - - - - - - - - - - - - - - - - - - - - -
# We won't run as root.
RUN mv /usr/sbin/vault /usr/bin
RUN chown vault /usr/bin/vault

# Make sure the vault executable can run mlock to prevent swapping to disk. We
# also have to run the container with --cap-add=IPC_LOCK.
RUN setcap cap_ipc_lock=+ep $(readlink -f /usr/bin/vault)

# - - - - - - - - - - - - - - - - - - - - - - - -
# Create and set ownership of /var/vault.
# Only needed if we're putting a file storage back end here.
# - - - - - - - - - - - - - - - - - - - - - - - -
RUN mkdir /var/vault
RUN chown -R vault:vault /var/vault

# - - - - - - - - - - - - - - - - - - - - - - - -
# Create, populate and set ownership of /etc/vault.
# - - - - - - - - - - - - - - - - - - - - - - - -
RUN mkdir /etc/vault

COPY vault-dev-config.hcl /etc/vault/vault-dev-config.hcl
RUN chmod 600 /etc/vault/vault-dev-config.hcl

RUN chown -R vault:vault /etc/vault

# - - - - - - - - - - - - - - - - - - - - - - - -
# Prepare for launch.
# - - - - - - - - - - - - - - - - - - - - - - - -
USER vault
#Error initializing Dev mode: open /dev/null/.vault: not a directory

ENTRYPOINT vault server \
    -dev \
    -log-level trace \
    -dev-listen-address 0.0.0.0:8200 \
    -config /etc/vault/vault-dev-config.hcl

喜欢 Vault google 小组的答案。在开发模式下,Vault 将根密钥写入 $HOME/.vault。在我的容器中,保险库用户没有登录或 $HOME,因此 $HOME 默认为 /dev/null。将 $HOME 设置为 /var/vault 解决了问题。