Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-5059

JGroups subsystem doesn't support Vault

    XMLWordPrintable

Details

    Description

      JGroups subsystem doesn't support passwords encrypted in Vault. E.g. when running EncryptProtocolIT with following configuration:

      <protocol type="ENCRYPT">
                    <property name="key_store_name">${jboss.server.config.dir}/server_jceks.keystore</property>
                    <property name="store_password">${VAULT::keystore::password::1}</property>
                    <property name="alias">memcached</property>
                </protocol>

      i.e. it uses Vault-encrypted password for keystore, it fails with:

      groups.channel.clustered: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect
        at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:74)
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
        at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
Caused by: java.lang.Exception: Unable to load keystore infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore: java.io.IOException: Keystore was tampered with, or password was incorrect
        at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:309)
        at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:250)
        at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860)
        at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481)
        at org.jgroups.JChannel.init(JChannel.java:848)
        at org.jgroups.JChannel.<init>(JChannel.java:159)
        at org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:87)
        at org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:69)

      Vault record for keystore::password exists:

      Task: Verify whether a secured attribute exists
Enter Vault Block:keystore
Enter Attribute Name:password
A value exists for (keystore, password)

      Attachments

        Activity

          People

            ttarrant@redhat.com Tristan Tarrant
            vjuranek@redhat.com Vojtech Juranek
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: