[infinispan-issues] [JBoss JIRA] (ISPN-5059) JGroups subsystem doesn't support Vault
RH Bugzilla Integration (JIRA)
issues at jboss.org
Wed Dec 17 05:25:29 EST 2014
[ https://issues.jboss.org/browse/ISPN-5059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028222#comment-13028222 ]
RH Bugzilla Integration commented on ISPN-5059:
-----------------------------------------------
Tristan Tarrant <ttarrant at redhat.com> changed the Status of [bug 1172038|https://bugzilla.redhat.com/show_bug.cgi?id=1172038] from ASSIGNED to POST
> JGroups subsystem doesn't support Vault
> ---------------------------------------
>
> Key: ISPN-5059
> URL: https://issues.jboss.org/browse/ISPN-5059
> Project: Infinispan
> Issue Type: Bug
> Components: Security, Server
> Affects Versions: 7.0.2.Final
> Reporter: Vojtech Juranek
> Assignee: Tristan Tarrant
> Fix For: 7.1.0.Beta1, 7.1.0.Final
>
>
> JGroups subsystem doesn't support passwords encrypted in Vault. E.g. when running [EncryptProtocolIT|https://github.com/infinispan/infinispan/blob/master/server/integration/testsuite/src/test/java/org/infinispan/server/test/security/jgroups/encrypt/EncryptProtocolIT.java] with following configuration:
> {noformat}
> <protocol type="ENCRYPT">
> <property name="key_store_name">${jboss.server.config.dir}/server_jceks.keystore</property>
> <property name="store_password">${VAULT::keystore::password::1}</property>
> <property name="alias">memcached</property>
> </protocol>
> {noformat}
> i.e. it uses Vault-encrypted password for keystore, it fails with:
> {noformat}
> groups.channel.clustered: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect
> at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:74)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
> Caused by: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect
> at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:309)
> at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:250)
> at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860)
> at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481)
> at org.jgroups.JChannel.init(JChannel.java:848)
> at org.jgroups.JChannel.<init>(JChannel.java:159)
> at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:87)
> at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:69)
> {noformat}
> Vault record for {{keystore::password}} exists:
> {noformat}
> Task: Verify whether a secured attribute exists
> Enter Vault Block:keystore
> Enter Attribute Name:password
> A value exists for (keystore, password)
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the infinispan-issues
mailing list