From 04a1dbba5536be41a7e8b33298457eed6399df89 Mon Sep 17 00:00:00 2001 From: Jameson Grieve <37882431+JamesonRGrieve@users.noreply.github.com> Date: Mon, 27 Oct 2025 13:13:13 -0600 Subject: [PATCH 01/11] Align OpenBao assets with project templates --- ct/openbao.sh | 92 ++++++++++++++++++++ frontend/public/json/openbao.json | 48 ++++++++++ install/openbao-install.sh | 140 ++++++++++++++++++++++++++++++ 3 files changed, 280 insertions(+) create mode 100644 ct/openbao.sh create mode 100644 frontend/public/json/openbao.json create mode 100644 install/openbao-install.sh diff --git a/ct/openbao.sh b/ct/openbao.sh new file mode 100644 index 0000000000..82004d47d6 --- /dev/null +++ b/ct/openbao.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash +source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) +# Copyright (c) 2021-2025 community-scripts ORG +# Author: gpt-5-codex +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://github.com/openbao/openbao + +# App Default Values +APP="OpenBao" +# Name of the app (e.g. Google, Adventurelog, Apache-Guacamole") +var_tags="secrets;vault" +# Tags for Proxmox VE, maximum 2 pcs., no spaces allowed, separated by a semicolon ; (e.g. database | adblock;dhcp) +var_cpu="2" +# Number of cores (1-X) (e.g. 4) - default are 2 +var_ram="2048" +# Amount of used RAM in MB (e.g. 2048 or 4096) +var_disk="10" +# Amount of used disk space in GB (e.g. 4 or 10) +var_os="debian" +# Default OS (e.g. debian, ubuntu, alpine) +var_version="13" +# Default OS version (e.g. 12 for debian, 24.04 for ubuntu, 3.20 for alpine) +var_unprivileged="1" +# 1 = unprivileged container, 0 = privileged container + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + if [[ ! -f /usr/local/bin/openbao ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') + if [[ -z "${RELEASE}" ]]; then + msg_error "Unable to determine the latest release version." + exit 1 + fi + + CURRENT_VERSION="$(cat /opt/${APP}_version.txt 2>/dev/null || echo '')" + + if [[ ! -f /opt/${APP}_version.txt ]] || [[ "${RELEASE}" != "${CURRENT_VERSION}" ]]; then + msg_info "Updating ${APP} to v${RELEASE}" + + msg_info "Stopping $APP" + systemctl stop openbao + msg_ok "Stopped $APP" + + TMP_DIR="$(mktemp -d)" + + msg_info "Creating Backup" + tar -czf "/opt/${APP}_backup_$(date +%F).tar.gz" \ + /etc/openbao /var/lib/openbao /var/log/openbao + msg_ok "Backup Created" + + curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" \ + -o "${TMP_DIR}/openbao.zip" + unzip -qo "${TMP_DIR}/openbao.zip" -d "${TMP_DIR}" + install -m 0755 "${TMP_DIR}/openbao" /usr/local/bin/openbao + setcap cap_ipc_lock=+ep /usr/local/bin/openbao + + msg_info "Starting $APP" + systemctl start openbao + msg_ok "Started $APP" + + msg_info "Cleaning Up" + rm -rf "${TMP_DIR}" + msg_ok "Cleanup Completed" + + echo "${RELEASE}" >/opt/${APP}_version.txt + msg_ok "Update Successful" + else + msg_ok "No update required. ${APP} is already at v${RELEASE}" + fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8200${CL}" diff --git a/frontend/public/json/openbao.json b/frontend/public/json/openbao.json new file mode 100644 index 0000000000..a4d3ce40db --- /dev/null +++ b/frontend/public/json/openbao.json @@ -0,0 +1,48 @@ +{ + "name": "OpenBao", + "slug": "openbao", + "categories": [ + 6 + ], + "date_created": "2025-10-27", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 8200, + "documentation": "https://openbao.org/docs", + "website": "https://openbao.org/", + "logo": "https://avatars.githubusercontent.com/u/149122427?s=200&v=4", + "config_path": "/etc/openbao/config.hcl", + "description": "OpenBao is an open-source secret management platform that stores, protects, and controls access to sensitive credentials, tokens, and encryption keys with fine-grained policy controls.", + "install_methods": [ + { + "type": "default", + "script": "ct/openbao.sh", + "resources": { + "cpu": 2, + "ram": 2048, + "hdd": 10, + "os": "debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [ + { + "text": "Initialization details, including the unseal key and root token, are written to `~/openbao.creds`. Secure this file immediately after installation.", + "type": "warning" + }, + { + "text": "OpenBao listens on port `8200` without TLS by default. Enable TLS before exposing the service outside trusted networks.", + "type": "warning" + }, + { + "text": "The file storage backend is configured at `/var/lib/openbao/data`. Back up this directory regularly to retain secrets.", + "type": "info" + } + ] +} diff --git a/install/openbao-install.sh b/install/openbao-install.sh new file mode 100644 index 0000000000..d7c15db125 --- /dev/null +++ b/install/openbao-install.sh @@ -0,0 +1,140 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: gpt-5-codex +# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE +# Source: https://github.com/openbao/openbao + +# Import Functions und Setup +APPLICATION="openbao" +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Installing Dependencies with the 3 core dependencies (curl;sudo;mc) +msg_info "Installing Dependencies" +$STD apt-get install -y \ + curl \ + sudo \ + mc \ + jq \ + unzip \ + libcap2-bin \ + openssl +msg_ok "Installed Dependencies" + +msg_info "Creating OpenBao user and directories" +if ! id -u openbao >/dev/null 2>&1; then + useradd --system --home /var/lib/openbao --shell /usr/sbin/nologin openbao +fi +install -d -m 0750 -o openbao -g openbao /var/lib/openbao/data +install -d -m 0750 -o openbao -g openbao /etc/openbao +install -d -m 0750 -o openbao -g openbao /var/log/openbao +msg_ok "Prepared OpenBao user and directories" + +msg_info "Downloading OpenBao" +RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') +if [[ -z "${RELEASE}" ]]; then + msg_error "Unable to determine latest OpenBao release" + exit 1 +fi +TMP_DIR="$(mktemp -d)" +curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" -o "${TMP_DIR}/openbao.zip" +unzip -qo "${TMP_DIR}/openbao.zip" -d "${TMP_DIR}" +install -m 0755 "${TMP_DIR}/openbao" /usr/local/bin/openbao +setcap cap_ipc_lock=+ep /usr/local/bin/openbao +rm -rf "${TMP_DIR}" +msg_ok "Installed OpenBao ${RELEASE}" + +echo "${RELEASE}" >/opt/OpenBao_version.txt + +msg_info "Configuring OpenBao" +cat <<'EOF_CONF' >/etc/openbao/config.hcl +storage "file" { + path = "/var/lib/openbao/data" +} + +listener "tcp" { + address = "0.0.0.0:8200" + tls_disable = 1 +} + +cluster_addr = "http://127.0.0.1:8201" +api_addr = "http://0.0.0.0:8200" +ui = true + +disable_mlock = false +log_level = "info" +EOF_CONF +chown openbao:openbao /etc/openbao/config.hcl +chmod 640 /etc/openbao/config.hcl +msg_ok "Configured OpenBao" + +msg_info "Creating Service" +cat <<'EOF_SERVICE' >/etc/systemd/system/openbao.service +[Unit] +Description=OpenBao Secrets Management Server +After=network-online.target +Wants=network-online.target +Documentation=https://openbao.org/docs + +[Service] +User=openbao +Group=openbao +ExecStart=/usr/local/bin/openbao server -config=/etc/openbao/config.hcl +ExecReload=/bin/kill --signal HUP $MAINPID +CapabilityBoundingSet=CAP_IPC_LOCK +AmbientCapabilities=CAP_IPC_LOCK +LimitMEMLOCK=infinity +Restart=on-failure +RestartSec=5s +StartLimitInterval=60 +StartLimitBurst=3 +LogsDirectory=openbao +StandardOutput=journal +StandardError=inherit + +[Install] +WantedBy=multi-user.target +EOF_SERVICE +systemctl daemon-reload +systemctl enable -q --now openbao.service +msg_ok "Created Service" + +msg_info "Initializing OpenBao" +export OPENBAO_ADDR="http://127.0.0.1:8200" +for _ in {1..30}; do + if curl -fsS http://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then + break + fi + sleep 2 +done +if ! openbao operator init -status >/dev/null 2>&1; then + INIT_OUTPUT=$(openbao operator init -key-shares=1 -key-threshold=1) + UNSEAL_KEY=$(echo "$INIT_OUTPUT" | awk '/Unseal Key 1/ {print $4}') + ROOT_TOKEN=$(echo "$INIT_OUTPUT" | awk '/Initial Root Token/ {print $4}') + openbao operator unseal "$UNSEAL_KEY" + { + echo "OpenBao Credentials" + echo "$INIT_OUTPUT" + echo "Root Token: $ROOT_TOKEN" + echo "Unseal Key: $UNSEAL_KEY" + } >>~/$APPLICATION.creds + chmod 600 ~/$APPLICATION.creds + msg_ok "Initialized OpenBao" +else + msg_ok "OpenBao already initialized" +fi + +motd_ssh +customize + +# Cleanup +msg_info "Cleaning up" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" From 945ffa3029eadbfdde4ee5682eadc419e39fb7e7 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 12:18:37 -0700 Subject: [PATCH 02/11] Update script; --- install/openbao-install.sh | 121 +++++++++++++++++++++++-------------- 1 file changed, 77 insertions(+), 44 deletions(-) diff --git a/install/openbao-install.sh b/install/openbao-install.sh index d7c15db125..2c042e907a 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -5,31 +5,31 @@ # License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE # Source: https://github.com/openbao/openbao -# Import Functions und Setup -APPLICATION="openbao" source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" color verb_ip6 catch_errors -setting_up_container -network_check -update_os -# Installing Dependencies with the 3 core dependencies (curl;sudo;mc) +if [[ -z "${OPENBAO_PARENT_INITIALIZED:-}" ]]; then + setting_up_container + network_check + update_os +fi + msg_info "Installing Dependencies" $STD apt-get install -y \ - curl \ - sudo \ - mc \ - jq \ - unzip \ - libcap2-bin \ - openssl + curl \ + sudo \ + mc \ + jq \ + unzip \ + libcap2-bin \ + openssl msg_ok "Installed Dependencies" msg_info "Creating OpenBao user and directories" if ! id -u openbao >/dev/null 2>&1; then - useradd --system --home /var/lib/openbao --shell /usr/sbin/nologin openbao + useradd --system --home /var/lib/openbao --shell /usr/sbin/nologin openbao fi install -d -m 0750 -o openbao -g openbao /var/lib/openbao/data install -d -m 0750 -o openbao -g openbao /etc/openbao @@ -39,8 +39,8 @@ msg_ok "Prepared OpenBao user and directories" msg_info "Downloading OpenBao" RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') if [[ -z "${RELEASE}" ]]; then - msg_error "Unable to determine latest OpenBao release" - exit 1 + msg_error "Unable to determine latest OpenBao release" + exit 1 fi TMP_DIR="$(mktemp -d)" curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" -o "${TMP_DIR}/openbao.zip" @@ -50,10 +50,10 @@ setcap cap_ipc_lock=+ep /usr/local/bin/openbao rm -rf "${TMP_DIR}" msg_ok "Installed OpenBao ${RELEASE}" -echo "${RELEASE}" >/opt/OpenBao_version.txt +echo "${RELEASE}" >/opt/openbao_version.txt msg_info "Configuring OpenBao" -cat <<'EOF_CONF' >/etc/openbao/config.hcl +cat >/etc/openbao/config.hcl <<'EOF_CONF' storage "file" { path = "/var/lib/openbao/data" } @@ -74,9 +74,15 @@ chown openbao:openbao /etc/openbao/config.hcl chmod 640 /etc/openbao/config.hcl msg_ok "Configured OpenBao" -msg_info "Creating Service" -cat <<'EOF_SERVICE' >/etc/systemd/system/openbao.service -[Unit] +create_service() { + local service_name="$1" + local service_content="$2" + printf '%s' "$service_content" >/etc/systemd/system/"${service_name}".service +} + +msg_info "Creating systemd service" + +create_service "openbao" "[Unit] Description=OpenBao Secrets Management Server After=network-online.target Wants=network-online.target @@ -86,7 +92,7 @@ Documentation=https://openbao.org/docs User=openbao Group=openbao ExecStart=/usr/local/bin/openbao server -config=/etc/openbao/config.hcl -ExecReload=/bin/kill --signal HUP $MAINPID +ExecReload=/bin/kill --signal HUP \$MAINPID CapabilityBoundingSet=CAP_IPC_LOCK AmbientCapabilities=CAP_IPC_LOCK LimitMEMLOCK=infinity @@ -100,41 +106,68 @@ StandardError=inherit [Install] WantedBy=multi-user.target -EOF_SERVICE +" + +msg_ok "Systemd service created" + +msg_info "Enabling service" systemctl daemon-reload -systemctl enable -q --now openbao.service -msg_ok "Created Service" +if ! systemctl enable -q --now openbao.service; then + msg_error "Failed to enable service. Checking logs..." + echo "=== Status for openbao ===" + systemctl status openbao --no-pager || true + echo "=== Journal for openbao ===" + journalctl -u openbao -n 50 --no-pager || true + exit 1 +fi +msg_ok "Service enabled" msg_info "Initializing OpenBao" export OPENBAO_ADDR="http://127.0.0.1:8200" -for _ in {1..30}; do - if curl -fsS http://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then - break - fi - sleep 2 + +# Wait for OpenBao to be ready +for i in {1..30}; do + if curl -fsS http://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then + break + fi + sleep 2 done + +# Verify OpenBao is actually listening +if ! ss -tlnp | grep -q ':8200'; then + msg_error "OpenBao is running but not listening on port 8200" + ss -tlnp | grep openbao || true + journalctl -u openbao -n 50 --no-pager || true + exit 1 +fi + if ! openbao operator init -status >/dev/null 2>&1; then - INIT_OUTPUT=$(openbao operator init -key-shares=1 -key-threshold=1) - UNSEAL_KEY=$(echo "$INIT_OUTPUT" | awk '/Unseal Key 1/ {print $4}') - ROOT_TOKEN=$(echo "$INIT_OUTPUT" | awk '/Initial Root Token/ {print $4}') - openbao operator unseal "$UNSEAL_KEY" - { - echo "OpenBao Credentials" - echo "$INIT_OUTPUT" - echo "Root Token: $ROOT_TOKEN" - echo "Unseal Key: $UNSEAL_KEY" - } >>~/$APPLICATION.creds - chmod 600 ~/$APPLICATION.creds - msg_ok "Initialized OpenBao" + INIT_OUTPUT=$(openbao operator init -key-shares=1 -key-threshold=1) + UNSEAL_KEY=$(echo "$INIT_OUTPUT" | awk '/Unseal Key 1/ {print $4}') + ROOT_TOKEN=$(echo "$INIT_OUTPUT" | awk '/Initial Root Token/ {print $4}') + + openbao operator unseal "$UNSEAL_KEY" + + msg_info "Storing administrator credentials" + { + echo "OpenBao Administrator" + echo "Root Token: ${ROOT_TOKEN}" + echo "Unseal Key: ${UNSEAL_KEY}" + echo "" + echo "Full initialization output:" + echo "$INIT_OUTPUT" + } >~/openbao.creds + chmod 600 ~/openbao.creds + msg_ok "Administrator credentials stored in ~/openbao.creds" else - msg_ok "OpenBao already initialized" + msg_ok "OpenBao already initialized" fi motd_ssh customize -# Cleanup msg_info "Cleaning up" $STD apt-get -y autoremove $STD apt-get -y autoclean +$STD apt-get -y clean msg_ok "Cleaned" From cc63aaee7e7370a07847abbeb5c929070389c6d7 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 12:19:49 -0700 Subject: [PATCH 03/11] Update script; --- ct/openbao.sh | 125 +++++++++++++++++++++++--------------------------- 1 file changed, 58 insertions(+), 67 deletions(-) diff --git a/ct/openbao.sh b/ct/openbao.sh index 82004d47d6..7abda8cbe1 100644 --- a/ct/openbao.sh +++ b/ct/openbao.sh @@ -1,27 +1,18 @@ #!/usr/bin/env bash -source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) +source <(curl -fsSL "${BASE_URL-https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main}"/misc/build.func) # Copyright (c) 2021-2025 community-scripts ORG # Author: gpt-5-codex # License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE # Source: https://github.com/openbao/openbao -# App Default Values APP="OpenBao" -# Name of the app (e.g. Google, Adventurelog, Apache-Guacamole") -var_tags="secrets;vault" -# Tags for Proxmox VE, maximum 2 pcs., no spaces allowed, separated by a semicolon ; (e.g. database | adblock;dhcp) -var_cpu="2" -# Number of cores (1-X) (e.g. 4) - default are 2 -var_ram="2048" -# Amount of used RAM in MB (e.g. 2048 or 4096) -var_disk="10" -# Amount of used disk space in GB (e.g. 4 or 10) -var_os="debian" -# Default OS (e.g. debian, ubuntu, alpine) -var_version="13" -# Default OS version (e.g. 12 for debian, 24.04 for ubuntu, 3.20 for alpine) -var_unprivileged="1" -# 1 = unprivileged container, 0 = privileged container +var_tags="${var_tags:-secrets;vault}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-2048}" +var_disk="${var_disk:-10}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" header_info "$APP" variables @@ -29,57 +20,57 @@ color catch_errors function update_script() { - header_info - check_container_storage - check_container_resources - - if [[ ! -f /usr/local/bin/openbao ]]; then - msg_error "No ${APP} Installation Found!" - exit - fi - - RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') - if [[ -z "${RELEASE}" ]]; then - msg_error "Unable to determine the latest release version." - exit 1 - fi - - CURRENT_VERSION="$(cat /opt/${APP}_version.txt 2>/dev/null || echo '')" - - if [[ ! -f /opt/${APP}_version.txt ]] || [[ "${RELEASE}" != "${CURRENT_VERSION}" ]]; then - msg_info "Updating ${APP} to v${RELEASE}" - - msg_info "Stopping $APP" - systemctl stop openbao - msg_ok "Stopped $APP" - - TMP_DIR="$(mktemp -d)" - - msg_info "Creating Backup" - tar -czf "/opt/${APP}_backup_$(date +%F).tar.gz" \ - /etc/openbao /var/lib/openbao /var/log/openbao - msg_ok "Backup Created" - - curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" \ - -o "${TMP_DIR}/openbao.zip" - unzip -qo "${TMP_DIR}/openbao.zip" -d "${TMP_DIR}" - install -m 0755 "${TMP_DIR}/openbao" /usr/local/bin/openbao - setcap cap_ipc_lock=+ep /usr/local/bin/openbao - - msg_info "Starting $APP" - systemctl start openbao - msg_ok "Started $APP" - - msg_info "Cleaning Up" - rm -rf "${TMP_DIR}" - msg_ok "Cleanup Completed" - - echo "${RELEASE}" >/opt/${APP}_version.txt - msg_ok "Update Successful" - else - msg_ok "No update required. ${APP} is already at v${RELEASE}" - fi + header_info + check_container_storage + check_container_resources + + if [[ ! -f /usr/local/bin/openbao ]]; then + msg_error "No ${APP} Installation Found!" exit + fi + + RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') + if [[ -z "${RELEASE}" ]]; then + msg_error "Unable to determine the latest release version." + exit 1 + fi + + CURRENT_VERSION="$(cat /opt/openbao_version.txt 2>/dev/null || echo '')" + + if [[ ! -f /opt/openbao_version.txt ]] || [[ "${RELEASE}" != "${CURRENT_VERSION}" ]]; then + msg_info "Updating ${APP} to v${RELEASE}" + + msg_info "Stopping ${APP}" + systemctl stop openbao + msg_ok "Stopped ${APP}" + + TMP_DIR="$(mktemp -d)" + + msg_info "Creating Backup" + tar -czf "/opt/openbao_backup_$(date +%F).tar.gz" \ + /etc/openbao /var/lib/openbao /var/log/openbao + msg_ok "Backup Created" + + curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" \ + -o "${TMP_DIR}/openbao.zip" + unzip -qo "${TMP_DIR}/openbao.zip" -d "${TMP_DIR}" + install -m 0755 "${TMP_DIR}/openbao" /usr/local/bin/openbao + setcap cap_ipc_lock=+ep /usr/local/bin/openbao + + msg_info "Starting ${APP}" + systemctl start openbao + msg_ok "Started ${APP}" + + msg_info "Cleaning Up" + rm -rf "${TMP_DIR}" + msg_ok "Cleanup Completed" + + echo "${RELEASE}" >/opt/openbao_version.txt + msg_ok "Update Successful" + else + msg_ok "No update required. ${APP} is already at v${RELEASE}" + fi + exit } start From f67c235cd919240e3ae60f7be2b22826cec3ed4d Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 12:32:34 -0700 Subject: [PATCH 04/11] Update installer; --- install/openbao-install.sh | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/install/openbao-install.sh b/install/openbao-install.sh index 2c042e907a..2b5c2af1a2 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -22,7 +22,6 @@ $STD apt-get install -y \ sudo \ mc \ jq \ - unzip \ libcap2-bin \ openssl msg_ok "Installed Dependencies" @@ -36,20 +35,11 @@ install -d -m 0750 -o openbao -g openbao /etc/openbao install -d -m 0750 -o openbao -g openbao /var/log/openbao msg_ok "Prepared OpenBao user and directories" -msg_info "Downloading OpenBao" -RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') -if [[ -z "${RELEASE}" ]]; then - msg_error "Unable to determine latest OpenBao release" - exit 1 -fi -TMP_DIR="$(mktemp -d)" -curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" -o "${TMP_DIR}/openbao.zip" -unzip -qo "${TMP_DIR}/openbao.zip" -d "${TMP_DIR}" -install -m 0755 "${TMP_DIR}/openbao" /usr/local/bin/openbao +fetch_and_deploy_gh_release "openbao" "openbao/openbao" + setcap cap_ipc_lock=+ep /usr/local/bin/openbao -rm -rf "${TMP_DIR}" -msg_ok "Installed OpenBao ${RELEASE}" +RELEASE=$(openbao version | grep -oP 'Bao v\K[0-9.]+' || echo "unknown") echo "${RELEASE}" >/opt/openbao_version.txt msg_info "Configuring OpenBao" From 0ab9047b69c1ba4c9c5f2cba748161786353e999 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 12:39:39 -0700 Subject: [PATCH 05/11] Update install; --- install/openbao-install.sh | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/install/openbao-install.sh b/install/openbao-install.sh index 2b5c2af1a2..bc721078a4 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -22,6 +22,7 @@ $STD apt-get install -y \ sudo \ mc \ jq \ + unzip \ libcap2-bin \ openssl msg_ok "Installed Dependencies" @@ -35,11 +36,25 @@ install -d -m 0750 -o openbao -g openbao /etc/openbao install -d -m 0750 -o openbao -g openbao /var/log/openbao msg_ok "Prepared OpenBao user and directories" -fetch_and_deploy_gh_release "openbao" "openbao/openbao" +msg_info "Downloading OpenBao" +TMP_EXTRACT="/tmp/openbao-extract" +mkdir -p "$TMP_EXTRACT" -setcap cap_ipc_lock=+ep /usr/local/bin/openbao +fetch_and_deploy_gh_release "openbao" "openbao/openbao" "prebuild" "latest" "$TMP_EXTRACT" "openbao_*_linux_amd64.zip" + +# Move binary to system location +if [[ -f "$TMP_EXTRACT/openbao" ]]; then + install -m 0755 "$TMP_EXTRACT/openbao" /usr/local/bin/openbao + setcap cap_ipc_lock=+ep /usr/local/bin/openbao + RELEASE=$(openbao version | grep -oP 'Bao v\K[0-9.]+' || cat "$HOME/.openbao" 2>/dev/null || echo "unknown") + rm -rf "$TMP_EXTRACT" + msg_ok "Installed OpenBao ${RELEASE}" +else + msg_error "OpenBao binary not found in extracted archive" + rm -rf "$TMP_EXTRACT" + exit 1 +fi -RELEASE=$(openbao version | grep -oP 'Bao v\K[0-9.]+' || echo "unknown") echo "${RELEASE}" >/opt/openbao_version.txt msg_info "Configuring OpenBao" From 91d2dec1cc9b10ca12b18ff78f8aba6da5525045 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 13:07:08 -0700 Subject: [PATCH 06/11] Update install; --- ct/openbao.sh | 46 ++++++++++++++++++++++---------------- install/openbao-install.sh | 20 ++++++----------- 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/ct/openbao.sh b/ct/openbao.sh index 7abda8cbe1..65be66d55a 100644 --- a/ct/openbao.sh +++ b/ct/openbao.sh @@ -29,46 +29,54 @@ function update_script() { exit fi - RELEASE=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest | jq -r '.tag_name' | sed 's/^v//') - if [[ -z "${RELEASE}" ]]; then + CURRENT_VERSION="$(cat /opt/openbao_version.txt 2>/dev/null || echo '')" + LATEST_VERSION="$(cat "$HOME/.bao" 2>/dev/null || echo '')" + + # If we don't have latest version cached, fetch it + if [[ -z "$LATEST_VERSION" ]]; then + LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest 2>/dev/null | jq -r '.tag_name' | sed 's/^v//') + fi + + if [[ -z "${LATEST_VERSION}" ]]; then msg_error "Unable to determine the latest release version." exit 1 fi - CURRENT_VERSION="$(cat /opt/openbao_version.txt 2>/dev/null || echo '')" - - if [[ ! -f /opt/openbao_version.txt ]] || [[ "${RELEASE}" != "${CURRENT_VERSION}" ]]; then - msg_info "Updating ${APP} to v${RELEASE}" + if [[ ! -f /opt/openbao_version.txt ]] || [[ "${LATEST_VERSION}" != "${CURRENT_VERSION}" ]]; then + msg_info "Updating ${APP} to v${LATEST_VERSION}" msg_info "Stopping ${APP}" systemctl stop openbao msg_ok "Stopped ${APP}" - TMP_DIR="$(mktemp -d)" - msg_info "Creating Backup" tar -czf "/opt/openbao_backup_$(date +%F).tar.gz" \ /etc/openbao /var/lib/openbao /var/log/openbao msg_ok "Backup Created" - curl -fsSL "https://github.com/openbao/openbao/releases/download/v${RELEASE}/openbao_${RELEASE}_linux_amd64.zip" \ - -o "${TMP_DIR}/openbao.zip" - unzip -qo "${TMP_DIR}/openbao.zip" -d "${TMP_DIR}" - install -m 0755 "${TMP_DIR}/openbao" /usr/local/bin/openbao - setcap cap_ipc_lock=+ep /usr/local/bin/openbao + msg_info "Downloading and installing new version" + + fetch_and_deploy_gh_release "bao" "openbao/openbao" "binary" "latest" "" "bao_*_linux_amd64.deb" + + # Ensure symlink exists + if [[ -f /usr/bin/bao ]]; then + ln -sf /usr/bin/bao /usr/local/bin/openbao + else + msg_error "OpenBao binary not found after installation" + systemctl start openbao + exit 1 + fi + msg_ok "Installed new version" msg_info "Starting ${APP}" systemctl start openbao msg_ok "Started ${APP}" - msg_info "Cleaning Up" - rm -rf "${TMP_DIR}" - msg_ok "Cleanup Completed" - + RELEASE=$(bao version | grep -oP 'Bao v\K[0-9.]+' || echo "${LATEST_VERSION}") echo "${RELEASE}" >/opt/openbao_version.txt - msg_ok "Update Successful" + msg_ok "Updated to v${RELEASE}" else - msg_ok "No update required. ${APP} is already at v${RELEASE}" + msg_ok "No update required. ${APP} is already at v${CURRENT_VERSION}" fi exit } diff --git a/install/openbao-install.sh b/install/openbao-install.sh index bc721078a4..0da22c2cc5 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -22,7 +22,6 @@ $STD apt-get install -y \ sudo \ mc \ jq \ - unzip \ libcap2-bin \ openssl msg_ok "Installed Dependencies" @@ -36,22 +35,17 @@ install -d -m 0750 -o openbao -g openbao /etc/openbao install -d -m 0750 -o openbao -g openbao /var/log/openbao msg_ok "Prepared OpenBao user and directories" -msg_info "Downloading OpenBao" -TMP_EXTRACT="/tmp/openbao-extract" -mkdir -p "$TMP_EXTRACT" +msg_info "Downloading and installing OpenBao" -fetch_and_deploy_gh_release "openbao" "openbao/openbao" "prebuild" "latest" "$TMP_EXTRACT" "openbao_*_linux_amd64.zip" +fetch_and_deploy_gh_release "bao" "openbao/openbao" "binary" "latest" "" "bao_*_linux_amd64.deb" -# Move binary to system location -if [[ -f "$TMP_EXTRACT/openbao" ]]; then - install -m 0755 "$TMP_EXTRACT/openbao" /usr/local/bin/openbao - setcap cap_ipc_lock=+ep /usr/local/bin/openbao - RELEASE=$(openbao version | grep -oP 'Bao v\K[0-9.]+' || cat "$HOME/.openbao" 2>/dev/null || echo "unknown") - rm -rf "$TMP_EXTRACT" +# Create symlink from bao to openbao for consistency +if [[ -f /usr/bin/bao ]]; then + ln -sf /usr/bin/bao /usr/local/bin/openbao + RELEASE=$(bao version | grep -oP 'Bao v\K[0-9.]+' || cat "$HOME/.bao" 2>/dev/null || echo "unknown") msg_ok "Installed OpenBao ${RELEASE}" else - msg_error "OpenBao binary not found in extracted archive" - rm -rf "$TMP_EXTRACT" + msg_error "OpenBao binary not found after installation" exit 1 fi From cb484ca79b2abed873fe162d49a8351cbd754cd6 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 13:13:54 -0700 Subject: [PATCH 07/11] Update install; --- ct/openbao.sh | 52 ++------------------------------------ install/openbao-install.sh | 35 ++++++++++++++++++++++--- 2 files changed, 33 insertions(+), 54 deletions(-) diff --git a/ct/openbao.sh b/ct/openbao.sh index 65be66d55a..9e4c34666e 100644 --- a/ct/openbao.sh +++ b/ct/openbao.sh @@ -24,60 +24,12 @@ function update_script() { check_container_storage check_container_resources - if [[ ! -f /usr/local/bin/openbao ]]; then + if [[ ! -f /usr/local/bin/openbao ]] && [[ ! -f /usr/bin/bao ]]; then msg_error "No ${APP} Installation Found!" exit fi - CURRENT_VERSION="$(cat /opt/openbao_version.txt 2>/dev/null || echo '')" - LATEST_VERSION="$(cat "$HOME/.bao" 2>/dev/null || echo '')" - - # If we don't have latest version cached, fetch it - if [[ -z "$LATEST_VERSION" ]]; then - LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/openbao/openbao/releases/latest 2>/dev/null | jq -r '.tag_name' | sed 's/^v//') - fi - - if [[ -z "${LATEST_VERSION}" ]]; then - msg_error "Unable to determine the latest release version." - exit 1 - fi - - if [[ ! -f /opt/openbao_version.txt ]] || [[ "${LATEST_VERSION}" != "${CURRENT_VERSION}" ]]; then - msg_info "Updating ${APP} to v${LATEST_VERSION}" - - msg_info "Stopping ${APP}" - systemctl stop openbao - msg_ok "Stopped ${APP}" - - msg_info "Creating Backup" - tar -czf "/opt/openbao_backup_$(date +%F).tar.gz" \ - /etc/openbao /var/lib/openbao /var/log/openbao - msg_ok "Backup Created" - - msg_info "Downloading and installing new version" - - fetch_and_deploy_gh_release "bao" "openbao/openbao" "binary" "latest" "" "bao_*_linux_amd64.deb" - - # Ensure symlink exists - if [[ -f /usr/bin/bao ]]; then - ln -sf /usr/bin/bao /usr/local/bin/openbao - else - msg_error "OpenBao binary not found after installation" - systemctl start openbao - exit 1 - fi - msg_ok "Installed new version" - - msg_info "Starting ${APP}" - systemctl start openbao - msg_ok "Started ${APP}" - - RELEASE=$(bao version | grep -oP 'Bao v\K[0-9.]+' || echo "${LATEST_VERSION}") - echo "${RELEASE}" >/opt/openbao_version.txt - msg_ok "Updated to v${RELEASE}" - else - msg_ok "No update required. ${APP} is already at v${CURRENT_VERSION}" - fi + msg_error "Currently we don't provide an update function for this ${APP}." exit } diff --git a/install/openbao-install.sh b/install/openbao-install.sh index 0da22c2cc5..315ebf20c0 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -21,7 +21,6 @@ $STD apt-get install -y \ curl \ sudo \ mc \ - jq \ libcap2-bin \ openssl msg_ok "Installed Dependencies" @@ -37,12 +36,40 @@ msg_ok "Prepared OpenBao user and directories" msg_info "Downloading and installing OpenBao" -fetch_and_deploy_gh_release "bao" "openbao/openbao" "binary" "latest" "" "bao_*_linux_amd64.deb" +# Get latest version from HTML (avoids API rate limit) +RELEASE=$(curl -fsSL https://github.com/openbao/openbao/releases/latest 2>&1 | grep -oP 'openbao/openbao/releases/tag/v\K[0-9.]+' | head -1) -# Create symlink from bao to openbao for consistency +if [[ -z "$RELEASE" ]]; then + # Fallback: use a known stable version + RELEASE="2.4.3" + msg_info "Could not determine latest version, using v${RELEASE}" +fi + +msg_info "Installing OpenBao v${RELEASE}" + +# Download .deb package directly (no API needed) +DEB_URL="https://github.com/openbao/openbao/releases/download/v${RELEASE}/bao_${RELEASE}_linux_amd64.deb" +TMP_DEB="/tmp/openbao.deb" + +if ! curl -fsSL "$DEB_URL" -o "$TMP_DEB"; then + msg_error "Failed to download from ${DEB_URL}" + exit 1 +fi + +# Install the package +if ! $STD apt install -y "$TMP_DEB"; then + if ! $STD dpkg -i "$TMP_DEB"; then + msg_error "Failed to install OpenBao package" + rm -f "$TMP_DEB" + exit 1 + fi +fi + +rm -f "$TMP_DEB" + +# Create symlink for consistency if [[ -f /usr/bin/bao ]]; then ln -sf /usr/bin/bao /usr/local/bin/openbao - RELEASE=$(bao version | grep -oP 'Bao v\K[0-9.]+' || cat "$HOME/.bao" 2>/dev/null || echo "unknown") msg_ok "Installed OpenBao ${RELEASE}" else msg_error "OpenBao binary not found after installation" From ab07c875aa9cd5eec2360c922fac951ef89d4c8e Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 13:42:51 -0700 Subject: [PATCH 08/11] [REVERT WHEN READY] Set paths; --- misc/build.func | 29 ++++++++++++++--------------- misc/install.func | 10 +++++----- 2 files changed, 19 insertions(+), 20 deletions(-) diff --git a/misc/build.func b/misc/build.func index b776fdb4bf..be2d6429c9 100644 --- a/misc/build.func +++ b/misc/build.func @@ -129,22 +129,21 @@ variables() { # - Initialize error traps after loading # ------------------------------------------------------------------------------ -source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/api.func) +source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/api.func") if command -v curl >/dev/null 2>&1; then - source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/core.func) - source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/error_handler.func) + source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/core.func") + source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/error_handler.func") load_functions catch_errors #echo "(build.func) Loaded core.func via curl" elif command -v wget >/dev/null 2>&1; then - source <(wget -qO- https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/core.func) - source <(wget -qO- https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/error_handler.func) + source <(wget -qO- "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/core.func") + source <(wget -qO- "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/error_handler.func") load_functions catch_errors #echo "(build.func) Loaded core.func via wget" fi - # ------------------------------------------------------------------------------ # maxkeys_check() # @@ -1267,7 +1266,7 @@ _build_vars_diff() { # Build a temporary .vars file from current advanced settings _build_current_app_vars_tmp() { - tmpf="$(mktemp /tmp/${NSAPP:-app}.vars.new.XXXXXX)" + tmpf="$(mktemp /tmp/"${NSAPP:-app}".vars.new.XXXXXX)" # NET/GW _net="${NET:-}" @@ -1964,7 +1963,7 @@ configure_ssh_settings() { # - Otherwise: shows update/setting menu # ------------------------------------------------------------------------------ start() { - source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/tools.func) + source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/tools.func") if command -v pveversion >/dev/null 2>&1; then install_script || return 0 return 0 @@ -2069,11 +2068,11 @@ build_container() { fi TEMP_DIR=$(mktemp -d) - pushd "$TEMP_DIR" >/dev/null - if [ "$var_os" == "alpine" ]; then - export FUNCTIONS_FILE_PATH="$(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/alpine-install.func)" + pushd "$TEMP_DIR" >/dev/null || exit +if [ "$var_os" == "alpine" ]; then + export FUNCTIONS_FILE_PATH="$(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/alpine-install.func")" else - export FUNCTIONS_FILE_PATH="$(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/install.func)" + export FUNCTIONS_FILE_PATH="$(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/install.func")" fi export DIAGNOSTICS="$DIAGNOSTICS" export RANDOM_UUID="$RANDOM_UUID" @@ -2514,7 +2513,7 @@ EOF' install_ssh_keys_into_ct # Run application installer - if ! lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/install/${var_install}.sh)"; then + if ! lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL "${BASE_URL:-https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main}/install/${var_install}.sh")"; then exit $? fi } @@ -3109,7 +3108,7 @@ create_lxc_container() { #echo "[DEBUG] Selected TEMPLATE='$TEMPLATE' SOURCE='$TEMPLATE_SOURCE'" #msg_debug "Selected TEMPLATE='$TEMPLATE' SOURCE='$TEMPLATE_SOURCE'" - TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)" + TEMPLATE_PATH="$(pvesm path "$TEMPLATE_STORAGE":vztmpl/"$TEMPLATE" 2>/dev/null || true)" if [[ -z "$TEMPLATE_PATH" ]]; then TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg) [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE" @@ -3174,7 +3173,7 @@ create_lxc_container() { TEMPLATE_SOURCE="online" fi - TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)" + TEMPLATE_PATH="$(pvesm path "$TEMPLATE_STORAGE":vztmpl/"$TEMPLATE" 2>/dev/null || true)" if [[ -z "$TEMPLATE_PATH" ]]; then TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg) [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE" diff --git a/misc/install.func b/misc/install.func index f741b921d4..b8e6f26178 100644 --- a/misc/install.func +++ b/misc/install.func @@ -9,8 +9,8 @@ if ! command -v curl >/dev/null 2>&1; then apt-get update >/dev/null 2>&1 apt-get install -y curl >/dev/null 2>&1 fi -source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/core.func) -source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/error_handler.func) +source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/core.func") +source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/error_handler.func") load_functions catch_errors @@ -54,7 +54,7 @@ setting_up_container() { break fi echo 1>&2 -en "${CROSS}${RD} No Network! " - sleep $RETRY_EVERY + sleep "$RETRY_EVERY" done if [ "$(hostname -I)" = "" ]; then echo 1>&2 -e "\n${CROSS}${RD} No Network After $RETRY_NUM Tries${CL}" @@ -147,7 +147,7 @@ EOF $STD apt-get -o Dpkg::Options::="--force-confold" -y dist-upgrade rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED msg_ok "Updated Container OS" - source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/tools.func) + source <(curl -fsSL "${BASE_URL:-https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main}/misc/tools.func") } # This function modifies the message of the day (motd) and SSH settings @@ -195,7 +195,7 @@ EOF systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//') msg_ok "Customized Container" fi - echo "bash -c \"\$(curl -fsSL https://github.com/community-scripts/ProxmoxVED/raw/main/ct/${app}.sh)\"" >/usr/bin/update + echo "bash -c \"\$(curl -fsSL ${BASE_URL:-https://github.com/community-scripts/ProxmoxVED/raw/main}/ct/${app}.sh)\"" >/usr/bin/update chmod +x /usr/bin/update if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then mkdir -p /root/.ssh From efe57ec8408b48d61d39dd05d4a6b014931332c6 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 13:49:50 -0700 Subject: [PATCH 09/11] Remove mlock; --- install/openbao-install.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/install/openbao-install.sh b/install/openbao-install.sh index 315ebf20c0..461cbc325a 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -93,7 +93,6 @@ cluster_addr = "http://127.0.0.1:8201" api_addr = "http://0.0.0.0:8200" ui = true -disable_mlock = false log_level = "info" EOF_CONF chown openbao:openbao /etc/openbao/config.hcl From 732c24da0ee1d28c56db2a02c49637475b6760a2 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 14:01:53 -0700 Subject: [PATCH 10/11] https; --- install/openbao-install.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/install/openbao-install.sh b/install/openbao-install.sh index 461cbc325a..387598c9c7 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -89,8 +89,8 @@ listener "tcp" { tls_disable = 1 } -cluster_addr = "http://127.0.0.1:8201" -api_addr = "http://0.0.0.0:8200" +cluster_addr = "https://127.0.0.1:8201" +api_addr = "https://0.0.0.0:8200" ui = true log_level = "info" @@ -148,11 +148,10 @@ fi msg_ok "Service enabled" msg_info "Initializing OpenBao" -export OPENBAO_ADDR="http://127.0.0.1:8200" # Wait for OpenBao to be ready for i in {1..30}; do - if curl -fsS http://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then + if curl -fsS https://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then break fi sleep 2 From 7a99ce8d0e5aaf3f95ba12bd21e3e3d95db68205 Mon Sep 17 00:00:00 2001 From: James Grieve Date: Fri, 21 Nov 2025 14:09:57 -0700 Subject: [PATCH 11/11] Remove https; --- install/openbao-install.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/install/openbao-install.sh b/install/openbao-install.sh index 387598c9c7..e0221f7311 100644 --- a/install/openbao-install.sh +++ b/install/openbao-install.sh @@ -89,8 +89,8 @@ listener "tcp" { tls_disable = 1 } -cluster_addr = "https://127.0.0.1:8201" -api_addr = "https://0.0.0.0:8200" +cluster_addr = "http://127.0.0.1:8201" +api_addr = "http://0.0.0.0:8200" ui = true log_level = "info" @@ -151,7 +151,7 @@ msg_info "Initializing OpenBao" # Wait for OpenBao to be ready for i in {1..30}; do - if curl -fsS https://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then + if curl -fsS http://127.0.0.1:8200/v1/sys/health >/dev/null 2>&1; then break fi sleep 2 @@ -165,6 +165,8 @@ if ! ss -tlnp | grep -q ':8200'; then exit 1 fi +export VAULT_ADDR="http://127.0.0.1:8200" + if ! openbao operator init -status >/dev/null 2>&1; then INIT_OUTPUT=$(openbao operator init -key-shares=1 -key-threshold=1) UNSEAL_KEY=$(echo "$INIT_OUTPUT" | awk '/Unseal Key 1/ {print $4}')