Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-10524

Failed to parse jboss-cli.xml

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 10.0.0.CR2, 9.4.17.Final
    • 9.4.16.Final, 10.0.0.CR1
    • None
    • None
    • Hide

      If I use the below options on my server, after setting up a Keystore with details to connect to my server I receive a parsing error different from JBoss EAP 7.2 CP 3.

      <jboss-cli xmlns="urn:jboss:cli:3.3">
    <default-protocol use-legacy-override="true">remote+http</default-protocol>
<ssl>
      <vault>
        <vault-option name="KEYSTORE_URL" value="/home/user/Documents/installers/eap/7.2/jboss-eap-7.2/vault/vault.keystore"/>
        <vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>
        <vault-option name="KEYSTORE_ALIAS" value="vault"/>
        <vault-option name="SALT" value="1234abcd"/>
        <vault-option name="ITERATION_COUNT" value="120"/>
        <vault-option name="ENC_FILE_DIR" value="/home/user/Documents/installers/eap/7.2/jboss-eap-7.2/vault/"/>
      </vault>
      <alias>vault2</alias>
      <key-store>/home/user/vault/vault.keystore</key-store>
      <key-store-password>VAULT::vb::keypass::1</key-store-password>
      <key-password>VAULT::vb::keypass::1</key-password>
      <modify-trust-store>true</modify-trust-store>
    </ssl>

      Results:

      SSL configuration in Data Grid 7.3.2:

      It is not possible to parse the jboss-cli.xml file:

      $ ./cli.sh
      Failed to parse /home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/bin/jboss-cli.xml: org/jboss/security/vault/SecurityVaultException: org.jboss.security.vault.SecurityVaultException from [Module "org.jboss.as.cli" from local module loader @6ea6d14e (finder: local module finder @6ad5c04e (roots: /home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/layers/base/.overlays/layer-base-jboss-jdg-7.3.2.CP,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/layers/base,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/add-ons/jdg/.overlays/layer-jdg-jboss-jdg-7.3.2.CP,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/add-ons/jdg))]

      The same is not seen in JBoss EAP 7.2. Even if you have a misconfigured keystore, you'll receive the following:

      $ ./jboss-cli.sh -c
      Failed to connect to the controller: Failed to resolve host 'localhost': Failed to obtain SSLContext: java.io.IOException: Invalid keystore format: Invalid keystore format

      Show
      If I use the below options on my server, after setting up a Keystore with details to connect to my server I receive a parsing error different from JBoss EAP 7.2 CP 3. <jboss-cli xmlns= "urn:jboss:cli:3.3" > <default-protocol use-legacy-override= "true" > remote+http </default-protocol> <ssl> <vault> <vault-option name= "KEYSTORE_URL" value= "/home/user/Documents/installers/eap/7.2/jboss-eap-7.2/vault/vault.keystore" /> <vault-option name= "KEYSTORE_PASSWORD" value= "MASK-5dOaAVafCSd" /> <vault-option name= "KEYSTORE_ALIAS" value= "vault" /> <vault-option name= "SALT" value= "1234abcd" /> <vault-option name= "ITERATION_COUNT" value= "120" /> <vault-option name= "ENC_FILE_DIR" value= "/home/user/Documents/installers/eap/7.2/jboss-eap-7.2/vault/" /> </vault> <alias> vault2 </alias> <key-store> /home/user/vault/vault.keystore </key-store> <key-store-password> VAULT::vb::keypass::1 </key-store-password> <key-password> VAULT::vb::keypass::1 </key-password> <modify-trust-store> true </modify-trust-store> </ssl> Results: SSL configuration in Data Grid 7.3.2: It is not possible to parse the jboss-cli.xml file: $ ./cli.sh Failed to parse /home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/bin/jboss-cli.xml: org/jboss/security/vault/SecurityVaultException: org.jboss.security.vault.SecurityVaultException from [Module "org.jboss.as.cli" from local module loader @6ea6d14e (finder: local module finder @6ad5c04e (roots: /home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/layers/base/.overlays/layer-base-jboss-jdg-7.3.2.CP,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/layers/base,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/add-ons/jdg/.overlays/layer-jdg-jboss-jdg-7.3.2.CP,/home/user/Documents/installers/datagrid/jboss-datagrid-7.3.1-server/modules/system/add-ons/jdg))] The same is not seen in JBoss EAP 7.2. Even if you have a misconfigured keystore, you'll receive the following: $ ./jboss-cli.sh -c Failed to connect to the controller: Failed to resolve host 'localhost': Failed to obtain SSLContext: java.io.IOException: Invalid keystore format: Invalid keystore format

    Description

      Can't use ssl + vault

      In order to avoid manually interaction of accepting certificates, it is better to configure a truststore at the clientside and then store the server's certificate in it, so using the following approach doesn't work with JBoss CLI.

      Note that both RHDG and EAP, in this case, have the same VaultTool version.

      Attachments

        Activity

          People

            ttarrant@redhat.com Tristan Tarrant
            rhn-support-pdelbell Patrick Del Bello
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: