Fix Vault re-init to preserve other services + simplify shutdown message

- When Vault unseal fails, only restart Vault - NOT full bootstrap - Preserve PostgreSQL, Redis, MinIO, etc. when Vault needs re-init - Simplify shutdown message to 3 lines with pragmatismo.com.br - Never kill all stack processes just for Vault issues
2025-12-10 18:41:45 -03:00 · 2025-12-10 18:41:45 -03:00 · 49304a70b5
commit 49304a70b5
parent 0bbaaf4878
2 changed files with 36 additions and 33 deletions
--- a/src/core/bootstrap/mod.rs
+++ b/src/core/bootstrap/mod.rs
@ -377,34 +377,49 @@ impl BootstrapManager {
            }

            // Always try to unseal Vault (it may have restarted)
-            // If unseal fails, Vault may need re-initialization (data deleted)
+            // If unseal fails, try to restart Vault process only - NEVER delete other services
            if let Err(e) = self.ensure_vault_unsealed().await {
-                warn!("Vault unseal failed: {} - re-initializing Vault only", e);
+                warn!("Vault unseal failed: {} - attempting Vault restart only", e);

-                // Kill only Vault process - NEVER delete user data
+                // Kill ONLY Vault process - preserve all other services
                let _ = Command::new("pkill")
                    .args(["-9", "-f", "botserver-stack/bin/vault"])
                    .output();

-                // Reset only Vault credentials, preserve everything else
-                Self::reset_vault_only()?;
+                tokio::time::sleep(tokio::time::Duration::from_secs(1)).await;

-                // Run bootstrap to re-initialize Vault
-                self.bootstrap().await?;
-
-                // After bootstrap, services are already running
-                info!("Vault re-initialization complete, verifying...");
-                tokio::time::sleep(tokio::time::Duration::from_secs(2)).await;
-
-                if let Err(e) = self.ensure_vault_unsealed().await {
-                    return Err(anyhow::anyhow!(
-                        "Failed to configure Vault after re-initialization: {}",
-                        e
-                    ));
+                // Try to restart Vault without full bootstrap
+                let pm = PackageManager::new(self.install_mode.clone(), self.tenant.clone())?;
+                if let Err(e) = pm.start("vault") {
+                    warn!("Failed to restart Vault: {}", e);
                }

-                // Services were started by bootstrap, no need to restart them
-                return Ok(());
+                tokio::time::sleep(tokio::time::Duration::from_secs(3)).await;
+
+                // Try unseal again
+                if let Err(e) = self.ensure_vault_unsealed().await {
+                    warn!("Vault still not responding after restart: {}", e);
+
+                    // Only now reset Vault credentials and re-initialize ONLY Vault
+                    Self::reset_vault_only()?;
+
+                    // Install/configure ONLY Vault - NOT full bootstrap
+                    info!("Re-initializing Vault only (preserving other services)...");
+                    if let Err(e) = pm.install("vault").await {
+                        return Err(anyhow::anyhow!("Failed to re-initialize Vault: {}", e));
+                    }
+
+                    tokio::time::sleep(tokio::time::Duration::from_secs(3)).await;
+
+                    if let Err(e) = self.ensure_vault_unsealed().await {
+                        return Err(anyhow::anyhow!(
+                            "Failed to configure Vault after re-initialization: {}",
+                            e
+                        ));
+                    }
+                }
+
+                info!("Vault re-initialization complete");
            }

            // Initialize SecretsManager so other code can use Vault
--- a/src/main.rs
+++ b/src/main.rs
@ -135,21 +135,9 @@ async fn health_check_simple() -> (StatusCode, Json<serde_json::Value>) {

 /// Print beautiful shutdown message
 fn print_shutdown_message() {
-    let version = env!("CARGO_PKG_VERSION");
    println!();
-    println!("\x1b[36m╔════════════════════════════════════════════════════════════════╗\x1b[0m");
-    println!("\x1b[36m║\x1b[0m                                                                \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m   \x1b[33m✨ Thank you for using General Bots! ✨\x1b[0m                      \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m                                                                \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m   \x1b[37mVersion: {:<10}\x1b[0m                                        \x1b[36m║\x1b[0m", version);
-    println!("\x1b[36m║\x1b[0m   \x1b[37mGraceful shutdown completed.\x1b[0m                                \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m                                                                \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m   \x1b[34m🌐 https://github.com/GeneralBots\x1b[0m                          \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m   \x1b[34m📧 contato@pragmatismo.cloud\x1b[0m                               \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m                                                                \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m   \x1b[32mSee you next time! 👋\x1b[0m                                      \x1b[36m║\x1b[0m");
-    println!("\x1b[36m║\x1b[0m                                                                \x1b[36m║\x1b[0m");
-    println!("\x1b[36m╚════════════════════════════════════════════════════════════════╝\x1b[0m");
+    println!("\x1b[33m✨ Thank you for using General Bots!\x1b[0m");
+    println!("\x1b[36m   pragmatismo.com.br\x1b[0m");
    println!();
 }