Details
-
Bug
-
Resolution: Done
-
Major
-
7.0.2.Final
-
None
Description
JGroups subsystem doesn't support passwords encrypted in Vault. E.g. when running EncryptProtocolIT with following configuration:
<protocol type="ENCRYPT"> <property name="key_store_name">${jboss.server.config.dir}/server_jceks.keystore</property> <property name="store_password">${VAULT::keystore::password::1}</property> <property name="alias">memcached</property> </protocol>
i.e. it uses Vault-encrypted password for keystore, it fails with:
groups.channel.clustered: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:74) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55] Caused by: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:309) at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:250) at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860) at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481) at org.jgroups.JChannel.init(JChannel.java:848) at org.jgroups.JChannel.<init>(JChannel.java:159) at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:87) at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:69)
Vault record for keystore::password exists:
Task: Verify whether a secured attribute exists Enter Vault Block:keystore Enter Attribute Name:password A value exists for (keystore, password)