Issue deploying Vault through Convox

Hi, the Vault docker image is set to listen to port 8200, are there any special considerations I need to take into account? I tried to deploy my app, based on Hachi Corps official image and the deployment(through convox deploy) is stuck updating.

The convox logs command is continually outputting the following lines:

2019-02-08T20:38:16Z system/aws/ecs (service dev3-vault-ServiceWeb-1DTTSSA4QU7EU-Service-1HZ5BP99VBXPA) deregistered 1 targets in (target-group arn:aws:elasticloadbalancing:us-east-1:322414443281:targetgroup/dev3-Balan-17DHZNI57VETM/a3dabc77c1ba8599)
2019-02-08T20:38:22Z system/aws/ecs (service dev3-vault-ServiceWeb-1DTTSSA4QU7EU-Service-1HZ5BP99VBXPA) has started 1 tasks: (task d375df5d-e862-4205-94ca-0768cd5c03e6).
2019-02-08T20:38:24Z system/aws/ecs (service dev3-vault-ServiceWeb-1DTTSSA4QU7EU-Service-1HZ5BP99VBXPA) has begun draining connections on 1 tasks.

Any hint on what’s wrong?

Also, is there anyway to the behavior of healthchecks? Because Hachicorp has an endpoint at sys/health but their status codes will return codes over the range considered “healthy” by convox depending on the state of the Vault. I’m using a random healthcheck path against the Vault UI because I noticed it was returning 200 even if it led to a 404 page.

We use the following endpoint for server HC
- convox.health.timeout=60
- convox.health.path=/v1/sys/health?standbyok=true
- convox.health.port=8200

I ran my container locally, any clue why this is happening? And thanks for the health check information, somehow missed the parameters.

08:37 $ convox start
build  | uploading source
build  | starting build
build  | Building: ./vault
build  | Sending build context to Docker daemon  8.192kB
build  | Step 1/2 : FROM vault:1.0.2
build  |  ---> ae4f5e18452b
build  | Step 2/2 : RUN apk --no-cache add       bash       jq
build  |  ---> Using cache
build  |  ---> 82c23d59c2e5
build  | Successfully built 82c23d59c2e5
build  | Successfully tagged e4c5d50bc6ddc2ca244534c55a6a6931b7defe7b:latest
build  | Running: docker tag e4c5d50bc6ddc2ca244534c55a6a6931b7defe7b convox/vault:web.BOWJLLQKYPC
build  | Injecting: convox-env
convox | starting health check for web on path /v1/sys/health?standbyok=true with 60s interval, 120s grace
web    | sh: server: not found
web    | sh: server: not found
web    | sh: server: not found
web    | sh: server: not found
web    | sh: server: not found
web    | sh: server: not found
web    | sh: server: not found

Nevermind, I realize that this means that the command in the convox.yml file wasn’t found. I’m still going to use this thread for other issues if they arise.

How did you manage the IPC_Lock flag? Did you disable m_lock in your Vault configuration file? Docker allows you to set:

cap_add:
     - IPC_LOCK                                    

In the docker-compose file, but I’m not exactly sure how I would handle this with Convox.