Build Instructions for Vault with UI support?

704 views
Skip to first unread message

Tim Meusel

unread,
Apr 21, 2018, 10:35:25 AM4/21/18
to Vault
Hi everybody,
Archlinux would like to create a package for vault for the distribution. We currently do a 'go build -o vault-binary' to create the binary which will be packaged. However, this doesn't bundle the new FOSS UI in 0.10.0.  We now tried to build it with:

make bootstrap
make static-assets
go build -tags 'vault ui' -o vault-binary

This has two issues:
* If I understand the output correctly, this will fetch content from the internet instead of using only vendored stuff? Is this true and required? We would highly preferr it if the build only depends on vendored dependencies that are bound to a git commtit id
* the built binary starts but fails as soon as I try to access the UI:

Started Vault server.
==> Vault server configuration:
             Api Address: https://[ip]:8200
                     Cgo: enabled
         Cluster Address: https://[ip]:8201
              Listener 1: tcp (addr: "[::]:8200", cluster address: "[::]:8201", tls: "enabled")
               Log Level: info
                   Mlock: supported: true, enabled: true
                 Storage: consul (HA available)
                 Version: Vault v0.10.0
panic: unreachable
goroutine 1 [running]:
        /build/vault/src/src/github.com/hashicorp/vault/http/bindata_assetfs.go:220 +0x184
        /build/vault/src/src/github.com/hashicorp/vault/http/handler.go:92 +0x785
        /build/vault/src/src/github.com/hashicorp/vault/command/server.go:779 +0x2c7b
github.com/hashicorp/vault/command.RunCustom(0xc4200a8070, 0x2, 0x2, 0xc420086280, 0xc420534db0)
        /build/vault/src/src/github.com/hashicorp/vault/command/main.go:172 +0x780
        /build/vault/src/src/github.com/hashicorp/vault/command/main.go:82 +0x4a
main.main()
        /build/vault/src/src/github.com/hashicorp/vault/main.go:10 +0x65

I tried to debug this in the gitter channel but had no luck with it. Any feedback is appreciated.

Cheers, Tim

Jeff Mitchell

unread,
Apr 21, 2018, 11:01:36 AM4/21/18
to Vault
Hi Tim,

Sorry about that...we're sorting out the "normal" method over time, as before we were nearly always building in Docker. (That said, you can check out the Dockerfile in scripts/cross -- it's how we build releases and you can simply set the XC_OSARCH variable appropriately to stick to a single platform).

Instead of `make static-assets` use `make static-dist`. The latter will run static-assets but first it runs ember-dist, which is also necessary. Also rather than use 'go build' directly you could use 'make dev-ui' which will build for the platform you're on using our normal scripts.

Best,
Jeff

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/0a00fc7b-3269-445c-915c-86ee32a98777%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Tim Meusel

unread,
Apr 22, 2018, 5:13:57 PM4/22/18
to Vault
Hey,

After some hours we found a way to compile without errors:

  export GOPATH="${srcdir}"
  export PATH="$PATH:$GOPATH/bin"
  mkdir -p src/github.com/hashicorp/
  mv "${pkgname}" src/github.com/hashicorp/
  go get github.com/kardianos/govendor
  export PACKAGE_ROOT="${GOPATH}/src/github.com/hashicorp/${pkgname}"
  cd $PACKAGE_ROOT

  govendor fetch github.com/mitchellh/gox
  govendor fetch github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs

  cd $PACKAGE_ROOT/vendor/github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs
  go build
  go install

  cd $PACKAGE_ROOT/vendor/github.com/mitchellh/gox
  go build
  go install
  cd $PACKAGE_ROOT
  XC_OSARCH='linux/amd64' make static-dist bin

The setup was a bit complicated. There is current'y no gox and no go-bindata-assetfs binary in the arch repos. Those two are vendored into vault, which confused me a bit. It took some time to realize that the vendored versions don't ship the binary. Also I'm still really new to go which makes this even more complicated :D. However, the code above creates a binary without any errors/warnings during the built. Sadly the UI isn't working. Accessing the localhost:8200/ui shows:



<pre>
<a href="/">/</a>
</pre>

Vault is running with -log-level=debug but doesn't print anything. Do you have any ideas?

Cheers, Tim
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.

Jim Kalafut

unread,
Apr 22, 2018, 7:51:41 PM4/22/18
to vault...@googlegroups.com
Hi Tim,

Have you enabled the ui per 

Regards,
Jim

Tim Meusel

unread,
Apr 23, 2018, 5:06:25 AM4/23/18
to Vault
Hi,

I enabled the UI in the config:

{
  "listener": {
    "tcp": {
      "address": "[::]:8200",
      "tls_cert_file": "/etc/puppetlabs/puppet/ssl/certs/vault01.pem",
      "tls_cipher_suites": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
      "tls_client_ca_file": "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
      "tls_disable": false,
      "tls_key_file": "/etc/vault/vault01pem",
      "tls_min_version": "tls12",
      "tls_prefer_server_cipher_suites": true,
      "tls_require_and_verify_client_cert": true
    }
  },
  "storage": {
    "consul": {
      "address": "127.0.0.1:8500",
      "path": "vault",
      "tls_ca_file": "/etc/puppetlabs/puppet/ssl/certs/ca.pem",
      "tls_cert_file": "/etc/puppetlabs/puppet/ssl/certs/vault01.pem",
      "tls_key_file": "/etc/vault/vault01.pem"
    }
  },
  "ui": true
}


I also started a dev server with:
./vault server -dev -log-level=debug

Both show the same html result as in my last post.

Cheers, Tim

Jeff Mitchell

unread,
Apr 23, 2018, 10:04:25 AM4/23/18
to Vault
Are you sure there were no errors? You do also need github.com/hashicorp/go-bindata. Please understand that what's in vendor is not the full package, it's only what's necessary for the code to compile, which might be different from what's necessary to package with all assets.

Considering GOPATH is set to a disposable root, I'd recommend just running 'make bootstrap' first, rather than installing into GOPATH from what's in vendor/. If you're still having trouble, perhaps you can share build logs?

Best,
Jeff

To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/f1a4ecd5-87c8-44f0-85c2-c3a7a52a34ef%40googlegroups.com.

Christian Rebischke

unread,
Apr 23, 2018, 10:48:11 AM4/23/18
to Vault
Hello,
I am working with Tim on the build of Vault. Here is our Build Log: https://paste.xinu.at/zA68x/

Jeff Mitchell

unread,
Apr 23, 2018, 1:40:29 PM4/23/18
to Vault
Hi there,

A few things:

* I wonder what those errors are all about saying that runtime cannot find internal/cgo. It makes me think that despite compilation working there is something suspect in your Go installation. Also can you verify it's Go 1.10.1 (not 1.10)?

* We haven't tested with Node 9.x AFAIK -- we currently build with 8.x.

* Can you verify before 'make bin' but after 'make static-dist' that you have a file http/bindata_assetfs.go which should be around 2MB?

Best,
Jeff


--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/2d6f3510-b946-42a3-81e1-d7bbb8226df0%40googlegroups.com.

Tim Meusel

unread,
Apr 27, 2018, 9:21:21 AM4/27/18
to Vault
Hi people,
we figured out how to build this properly:

  export GOPATH="${srcdir}"
  export PATH="$PATH:$GOPATH/bin"
  mkdir -p src/github.com/hashicorp/
  mv "${pkgname}" src/github.com/hashicorp/
  export PACKAGE_ROOT="${GOPATH}/src/github.com/hashicorp/${pkgname}"
  cd $PACKAGE_ROOT

  govendor fetch github.com/mitchellh/gox

  go build
  go install

  cd $PACKAGE_ROOT/vendor/github.com/mitchellh/gox
  go build
  go install

  cd $PACKAGE_ROOT
  make bootstrap
  BUILD_TAGS='vault ui' XC_OSARCH='linux/amd64' make static-dist bin

We had multiple issues during the past builds, all related to the fact that go-bindata-assetfs and gox aren't currently available on archlinux, the binaries were simply missing. Installing them via govendor fixed our issues. We can now successfully built vault 0.10.1 with UI support. We're going to move the package soon into the official archlinux repositories. Thanks for all the help here!

Cheers, Tim
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages