Vault usage in a master-slave setup in EAP6
Issue
-
There is a domain spreading two hosts and created an identical vault.jks on both hosts, then stored the exact same credential with the exact same salt, iteration count, etc in both stores, but received different values for the vault expression:-
- host1:
VAULT::block::attribute::YTZkYmUzODAtMGNjYy00NmFjLTkzZGMtYTRkN2U2ODkwZmE0TElORV9CUkVBS215YWxpYXM=
- host2:
VAULT::block::attribute::ZGVlNGJjMDItNzYzZS00ZjQ1LTk3MDktMzFmNDA2MWY5MmRjTElORV9CUkVBS215YWxpYXM=
- When the first one is choosen ,The following exception on the second host takes place, since every
EAP
server instance is sharing one profile:-
2013-01-15 22:02:05,381 [ServerService Thread Pool -- 48] ERROR org.jboss.as.controller.management-operation - JBAS014612: Operation ("enable") failed - address: ([ ("subsystem" => "datasources"), ("data-source" => "java:jboss/jdbc/myDataSource") ]): java.lang.SecurityException: JBAS013311: Security Exception Caused by: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:block and attributeName:attribute
-
Getting the following exception while starting the
JBoss EAP
after addingvault
configuration using followingCLI
command :
/host=YOUR_HOST/core-service=vault:add(vault-options=[("KEYSTORE_URL" =>
"PATH_TO_KEYSTORE"), ("KEYSTORE_PASSWORD" => "MASKED_PASSWORD"),
("KEYSTORE_ALIAS" => "ALIAS"), ("SALT" => "SALT"),("ITERATION_COUNT" =>
"ITERATION_COUNT"), ("ENC_FILE_DIR" => "ENC_FILE_DIR")])
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.