mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(devops): bypass OpenBao base entrypoint to prevent dev-mode flags
Some checks failed
ci/woodpecker/push/infra Pipeline failed
Details

Browse Source 
The base openbao image's docker-entrypoint.sh injects -dev-root-token-id
and -dev-listen-address flags when it sees 'server' as $1, causing the
server to exit immediately (code 0). Override entrypoint with dumb-init
and call bao directly to avoid the dev-mode flag injection.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-15 00:13:57 -06:00
parent b6d272992a
commit f4e759c07a
6 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docker-compose.openbao.yml
View File

@@ -15,7 +15,8 @@ services:
# ====================== # ======================
openbao: openbao:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev} image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev}
command: server -config=/openbao/config/config.hcl entrypoint: ["dumb-init", "--"]
command: ["bao", "server", "-config=/openbao/config/config.hcl"]
environment: environment:
OPENBAO_ADDR: http://0.0.0.0:8200 OPENBAO_ADDR: http://0.0.0.0:8200
volumes: volumes:

3
docker-compose.portainer.yml
View File

@@ -27,7 +27,8 @@ services:
openbao: openbao:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev} image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-dev}
container_name: mosaic-openbao container_name: mosaic-openbao
command: server -config=/openbao/config/config.hcl entrypoint: ["dumb-init", "--"]
command: ["bao", "server", "-config=/openbao/config/config.hcl"]
environment: environment:
OPENBAO_ADDR: http://0.0.0.0:8200 OPENBAO_ADDR: http://0.0.0.0:8200
ports: ports:

3
docker-compose.swarm.yml
View File

@@ -84,7 +84,8 @@ services:
# ====================== # ======================
openbao: openbao:
image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest} image: git.mosaicstack.dev/mosaic/stack-openbao:${IMAGE_TAG:-latest}
command: server -config=/openbao/config/config.hcl entrypoint: ["dumb-init", "--"]
command: ["bao", "server", "-config=/openbao/config/config.hcl"]
env_file: .env env_file: .env
environment: environment:
OPENBAO_ADDR: http://0.0.0.0:8200 OPENBAO_ADDR: http://0.0.0.0:8200

1
docker-compose.yml
View File

@@ -269,6 +269,7 @@ services:
environment: environment:
VAULT_ADDR: http://0.0.0.0:8200 VAULT_ADDR: http://0.0.0.0:8200
SKIP_SETCAP: "true" SKIP_SETCAP: "true"
entrypoint: ["dumb-init", "--"]
command: ["bao", "server", "-config=/openbao/config/config.hcl"] command: ["bao", "server", "-config=/openbao/config/config.hcl"]
cap_add: cap_add:
- IPC_LOCK - IPC_LOCK

1
docker/docker-compose.build.yml
View File

@@ -273,6 +273,7 @@ services:
environment: environment:
VAULT_ADDR: http://0.0.0.0:8200 VAULT_ADDR: http://0.0.0.0:8200
SKIP_SETCAP: "true" SKIP_SETCAP: "true"
entrypoint: ["dumb-init", "--"]
command: ["bao", "server", "-config=/openbao/config/config.hcl"] command: ["bao", "server", "-config=/openbao/config/config.hcl"]
cap_add: cap_add:
- IPC_LOCK - IPC_LOCK

4
docker/docker-compose.yml
View File

@@ -82,8 +82,8 @@ services:
environment: environment:
VAULT_ADDR: http://0.0.0.0:8200 VAULT_ADDR: http://0.0.0.0:8200
SKIP_SETCAP: "true" SKIP_SETCAP: "true"
entrypoint: ["/bin/sh", "-c"] entrypoint: ["dumb-init", "--"]
command: ["bao server -config=/openbao/config/config.hcl"] command: ["bao", "server", "-config=/openbao/config/config.hcl"]
cap_add: cap_add:
- IPC_LOCK - IPC_LOCK
healthcheck: healthcheck: