GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions

Revert "fix: Disable mTLS for Vault (temporary until new binary compiled)"

Browse source 
This reverts commit efb458ba66588de090fe6df76cdf04515eacce52.
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo) 2026-01-09 11:19:36 -03:00
parent 460d39f399
commit 63aee6f6bc
2 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/core/bootstrap/mod.rs
View file

@ -227,7 +227,7 @@ impl BootstrapManager {
let pm = PackageManager::new(self.install_mode.clone(), self.tenant.clone())?;
if pm.is_installed("vault") {
let vault_already_running = safe_sh_command("curl -f -sk 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1")
let vault_already_running = safe_sh_command("curl -f -sk --cert ./botserver-stack/conf/system/certificates/botserver/client.crt --key ./botserver-stack/conf/system/certificates/botserver/client.key 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1")
.map(|o| o.status.success())
.unwrap_or(false);
@ -245,7 +245,7 @@ impl BootstrapManager {
}
for i in 0..10 {
let vault_ready = safe_sh_command("curl -f -sk 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1")
let vault_ready = safe_sh_command("curl -f -sk --cert ./botserver-stack/conf/system/certificates/botserver/client.crt --key ./botserver-stack/conf/system/certificates/botserver/client.key 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1")
.map(|o| o.status.success())
.unwrap_or(false);
@ -436,7 +436,7 @@ impl BootstrapManager {
}
if installer.is_installed("vault") {
let vault_running = safe_sh_command("curl -f -sk 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1")
let vault_running = safe_sh_command("curl -f -sk --cert ./botserver-stack/conf/system/certificates/botserver/client.crt --key ./botserver-stack/conf/system/certificates/botserver/client.key 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1")
.map(|o| o.status.success())
.unwrap_or(false);
@ -1403,7 +1403,7 @@ meet IN A 127.0.0.1
}
}
let health_check = safe_curl(&["-f", "-sk", "https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200"]);
let health_check = safe_curl(&["-f", "-sk", "--cert", "./botserver-stack/conf/system/certificates/botserver/client.crt", "--key", "./botserver-stack/conf/system/certificates/botserver/client.key", "https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200"]);
if let Some(output) = health_check {
if output.status.success() {
@ -2098,6 +2098,7 @@ listener "tcp" {
tls_disable = false
tls_cert_file = "../../conf/system/certificates/vault/server.crt"
tls_key_file = "../../conf/system/certificates/vault/server.key"
tls_client_ca_file = "../../conf/system/certificates/ca/ca.crt"
}
# API settings - use HTTPS

4
src/core/package_manager/installer.rs
View file

@ -912,6 +912,7 @@ listener "tcp" {
tls_disable = false
tls_cert_file = "{{CONF_PATH}}/system/certificates/vault/server.crt"
tls_key_file = "{{CONF_PATH}}/system/certificates/vault/server.key"
tls_client_ca_file = "{{CONF_PATH}}/system/certificates/ca/ca.crt"
}
api_addr = "https://localhost:8200"
@ -937,6 +938,7 @@ listener "tcp" {
tls_disable = false
tls_cert_file = "{{CONF_PATH}}/system/certificates/vault/server.crt"
tls_key_file = "{{CONF_PATH}}/system/certificates/vault/server.key"
tls_client_ca_file = "{{CONF_PATH}}/system/certificates/ca/ca.crt"
}
api_addr = "https://localhost:8200"
@ -963,7 +965,7 @@ EOF"#.to_string(),
data_download_list: Vec::new(),
exec_cmd: "nohup {{BIN_PATH}}/vault server -config={{CONF_PATH}}/vault/config.hcl > {{LOGS_PATH}}/vault.log 2>&1 &"
.to_string(),
check_cmd: "curl -f -sk --connect-timeout 2 -m 5 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1"
check_cmd: "curl -f -sk --connect-timeout 2 -m 5 --cert {{CONF_PATH}}/system/certificates/botserver/client.crt --key {{CONF_PATH}}/system/certificates/botserver/client.key 'https://localhost:8200/v1/sys/health?standbyok=true&uninitcode=200&sealedcode=200' >/dev/null 2>&1"
.to_string(),
},
);