From a2b091914f749b61c0a7cca1860042feb6039f9f Mon Sep 17 00:00:00 2001 From: "Rodrigo Rodriguez (Pragmatismo)" Date: Tue, 9 Dec 2025 08:56:58 -0300 Subject: [PATCH] fix(bootstrap): start_all() must re-bootstrap when Vault unseal fails When start_all() detects Vault init.json is missing (unseal fails), it now: 1. Kills all stack processes 2. Cleans the stack directory 3. Runs full bootstrap() 4. Returns (bootstrap starts all services) Also made SecretsManager init failure in start_all() a hard error instead of a warning - if Vault is supposed to be working but SecretsManager can't connect, that's a fatal error. --- src/core/bootstrap/mod.rs | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/core/bootstrap/mod.rs b/src/core/bootstrap/mod.rs index ffe6c1bf..38dffcc9 100644 --- a/src/core/bootstrap/mod.rs +++ b/src/core/bootstrap/mod.rs @@ -155,9 +155,22 @@ impl BootstrapManager { } } - // Try to unseal Vault + // Try to unseal Vault - if this fails, we need to re-bootstrap if let Err(e) = self.ensure_vault_unsealed().await { - warn!("Vault unseal check: {}", e); + warn!("Vault unseal failed: {} - running re-bootstrap", e); + + // Kill all processes and run fresh bootstrap + Self::kill_stack_processes(); + if let Err(e) = Self::clean_stack_directory() { + error!("Failed to clean stack directory: {}", e); + } + + // Run bootstrap from scratch + self.bootstrap().await?; + + // After bootstrap, services are already running + info!("Re-bootstrap complete from start_all"); + return Ok(()); } // Initialize SecretsManager so other code can use Vault @@ -165,7 +178,11 @@ impl BootstrapManager { match init_secrets_manager().await { Ok(_) => info!("SecretsManager initialized successfully"), Err(e) => { - warn!("Failed to initialize SecretsManager: {}", e); + error!("Failed to initialize SecretsManager: {}", e); + return Err(anyhow::anyhow!( + "SecretsManager initialization failed: {}", + e + )); } } }