Uploaded image for project: 'Application Server 7'
  1. Application Server 7
  2. AS7-3526

Unable to initialize Vault in domain mode

    XMLWordPrintable

Details

    • Hide

      1) Create a Java Keystore (keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore vault.keystore)
      2) Use the Vault Tool scripts to store a password in the vault
      3) Configure the vault in host.xml
      4) Reference the datasource password at domain.xml
      <security>
      <user-name>my_user</user-name> <password>${VAULT::dbpd03DS::password::YWU2NTAxZmYtMGEyZi00ZjI2LWI5MmMtNDk5OGYxZjJlYzVkTElORV9CUkVBS3ZhdWx0;}</password>
      </security>

      The configuration conforms to the XSD, but JBoss in domain mode seems to ignore that. The problem is that Jboss does not figure out that the <password>${VAULT::dbpd03DS::password::YWU2NTAxZmYtMGEyZi00ZjI2LWI5MmMtNDk5OGYxZjJlYzVkTElORV9CUkVBS3ZhdWx0;}</password> in domain.xml (datasource subsystem) references an entry of the vault declared at host.xml. Looks like when the Host Controller starts up the server, it isn't setting up the vault services correctly.

      Show
      1) Create a Java Keystore (keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore vault.keystore) 2) Use the Vault Tool scripts to store a password in the vault 3) Configure the vault in host.xml 4) Reference the datasource password at domain.xml <security> <user-name>my_user</user-name> <password>${VAULT::dbpd03DS::password::YWU2NTAxZmYtMGEyZi00ZjI2LWI5MmMtNDk5OGYxZjJlYzVkTElORV9CUkVBS3ZhdWx0;}</password> </security> The configuration conforms to the XSD, but JBoss in domain mode seems to ignore that. The problem is that Jboss does not figure out that the <password>${VAULT::dbpd03DS::password::YWU2NTAxZmYtMGEyZi00ZjI2LWI5MmMtNDk5OGYxZjJlYzVkTElORV9CUkVBS3ZhdWx0;}</password> in domain.xml (datasource subsystem) references an entry of the vault declared at host.xml. Looks like when the Host Controller starts up the server, it isn't setting up the vault services correctly.

    Description

      It is possible to encrypt datasource's password when running JBoss in standalone mode. But when trying to run JBoss in domain mode got an exception claiming that "Vault is not initialized". Situation is detailed at https://community.jboss.org/message/649556#649556.

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            diegossilveira_jira Diego Silveira (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: