如何解决 "Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK" 和 "Cluster address must be set when using raft storage" 错误?
How to solve "Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK" and "Cluster address must be set when using raft storage" errors?
我使用以下堆栈文件在 docker 集群模式下部署保险库服务。
堆栈文件:
version: '3.8'
services:
faume-vault:
image: vault:1.6.0
environment:
TZ: UTC
VAULT_ADDR: 'http://0.0.0.0:8200'
VAULT_LOCAL_CONFIG: |-
{
"disable_cache": true,
"disable_mlock": true,
"ui": true,
"backend": {
"raft": {
"node_id": "vault",
"path": "/vault"
}
},
"default_lease_ttl": "168h",
"max_lease_ttl": "720h",
"seal": {
"awskms": {
"access_key": "xxxxxxxxxxxxxxxxxxxxxxx"
"secret_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
"kms_key_id": "xxxxxxxxxxxxxxxxxxxxxxx"
}
},
"listener": {
"tcp": {
"address": "0.0.0.0:8200",
"cluster_address": "0.0.0.0:8201",
"tls_disable": true
}
},
"cluster_addr": "http://vault.faume.local:8201",
"api_addr": "http://vault.faume.local:8200"
}
command: server
volumes:
- 'faume-vault:/vault'
ports:
- '8200:8200'
networks:
faume:
aliases:
- vault.faume.local
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.role==manager
volumes:
faume-vault:
networks:
faume:
部署堆栈文件时,服务创建没有错误,但服务没有运行。
服务日志如下:
faume-vault_faume-vault.1.xztddsvjaa2c@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.xkh8abjlzyel@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.xkh8abjlzyel@DevOps-Dhanushka | 2021-07-26T08:20:15.705Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
faume-vault_faume-vault.1.xztddsvjaa2c@DevOps-Dhanushka | 2021-07-26T08:20:31.553Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
faume-vault_faume-vault.1.xkh8abjlzyel@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.xztddsvjaa2c@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.5g7wzqm7fn0f@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.5g7wzqm7fn0f@DevOps-Dhanushka | 2021-07-26T08:20:23.070Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
faume-vault_faume-vault.1.5g7wzqm7fn0f@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.kf0k9eoou749@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.kf0k9eoou749@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.kf0k9eoou749@DevOps-Dhanushka | 2021-07-26T08:20:39.894Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
似乎错误是“mlock”。但是我已经成功配置了“mlock”变量。能否请您提出一些建议?
您需要 运行 您的 faume-vault 容器处于特权模式。
只需添加 privileged: true 选项。
docker swarm 仅在最近的版本中支持此功能(请参阅 privileged mode in docker compose in a swarm)请确保您 运行 的版本足够新。
请确保您了解 运行ning 特权 pods 所涉及的 security concerns。
我使用以下堆栈文件在 docker 集群模式下部署保险库服务。
堆栈文件:
version: '3.8'
services:
faume-vault:
image: vault:1.6.0
environment:
TZ: UTC
VAULT_ADDR: 'http://0.0.0.0:8200'
VAULT_LOCAL_CONFIG: |-
{
"disable_cache": true,
"disable_mlock": true,
"ui": true,
"backend": {
"raft": {
"node_id": "vault",
"path": "/vault"
}
},
"default_lease_ttl": "168h",
"max_lease_ttl": "720h",
"seal": {
"awskms": {
"access_key": "xxxxxxxxxxxxxxxxxxxxxxx"
"secret_key": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
"kms_key_id": "xxxxxxxxxxxxxxxxxxxxxxx"
}
},
"listener": {
"tcp": {
"address": "0.0.0.0:8200",
"cluster_address": "0.0.0.0:8201",
"tls_disable": true
}
},
"cluster_addr": "http://vault.faume.local:8201",
"api_addr": "http://vault.faume.local:8200"
}
command: server
volumes:
- 'faume-vault:/vault'
ports:
- '8200:8200'
networks:
faume:
aliases:
- vault.faume.local
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.role==manager
volumes:
faume-vault:
networks:
faume:
部署堆栈文件时,服务创建没有错误,但服务没有运行。
服务日志如下:
faume-vault_faume-vault.1.xztddsvjaa2c@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.xkh8abjlzyel@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.xkh8abjlzyel@DevOps-Dhanushka | 2021-07-26T08:20:15.705Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
faume-vault_faume-vault.1.xztddsvjaa2c@DevOps-Dhanushka | 2021-07-26T08:20:31.553Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
faume-vault_faume-vault.1.xkh8abjlzyel@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.xztddsvjaa2c@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.5g7wzqm7fn0f@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.5g7wzqm7fn0f@DevOps-Dhanushka | 2021-07-26T08:20:23.070Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
faume-vault_faume-vault.1.5g7wzqm7fn0f@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.kf0k9eoou749@DevOps-Dhanushka | Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --privileged or --cap-add IPC_LOCK
faume-vault_faume-vault.1.kf0k9eoou749@DevOps-Dhanushka | Cluster address must be set when using raft storage
faume-vault_faume-vault.1.kf0k9eoou749@DevOps-Dhanushka | 2021-07-26T08:20:39.894Z [INFO] proxy environment: http_proxy= https_proxy= no_proxy=
似乎错误是“mlock”。但是我已经成功配置了“mlock”变量。能否请您提出一些建议?
您需要 运行 您的 faume-vault 容器处于特权模式。
只需添加 privileged: true 选项。
docker swarm 仅在最近的版本中支持此功能(请参阅 privileged mode in docker compose in a swarm)请确保您 运行 的版本足够新。
请确保您了解 运行ning 特权 pods 所涉及的 security concerns。