fix(bootstrap): start_all() must re-bootstrap when Vault unseal fails
When start_all() detects Vault init.json is missing (unseal fails), it now: 1. Kills all stack processes 2. Cleans the stack directory 3. Runs full bootstrap() 4. Returns (bootstrap starts all services) Also made SecretsManager init failure in start_all() a hard error instead of a warning - if Vault is supposed to be working but SecretsManager can't connect, that's a fatal error.
This commit is contained in:
parent
1e98083d13
commit
a2b091914f
1 changed files with 20 additions and 3 deletions
|
|
@ -155,9 +155,22 @@ impl BootstrapManager {
|
|||
}
|
||||
}
|
||||
|
||||
// Try to unseal Vault
|
||||
// Try to unseal Vault - if this fails, we need to re-bootstrap
|
||||
if let Err(e) = self.ensure_vault_unsealed().await {
|
||||
warn!("Vault unseal check: {}", e);
|
||||
warn!("Vault unseal failed: {} - running re-bootstrap", e);
|
||||
|
||||
// Kill all processes and run fresh bootstrap
|
||||
Self::kill_stack_processes();
|
||||
if let Err(e) = Self::clean_stack_directory() {
|
||||
error!("Failed to clean stack directory: {}", e);
|
||||
}
|
||||
|
||||
// Run bootstrap from scratch
|
||||
self.bootstrap().await?;
|
||||
|
||||
// After bootstrap, services are already running
|
||||
info!("Re-bootstrap complete from start_all");
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
// Initialize SecretsManager so other code can use Vault
|
||||
|
|
@ -165,7 +178,11 @@ impl BootstrapManager {
|
|||
match init_secrets_manager().await {
|
||||
Ok(_) => info!("SecretsManager initialized successfully"),
|
||||
Err(e) => {
|
||||
warn!("Failed to initialize SecretsManager: {}", e);
|
||||
error!("Failed to initialize SecretsManager: {}", e);
|
||||
return Err(anyhow::anyhow!(
|
||||
"SecretsManager initialization failed: {}",
|
||||
e
|
||||
));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue