1 2 Previous Next 15 Replies Latest reply on Jun 7, 2013 12:31 PM by mohammadwrk

    Storing datasource password in Vault - Domain Mode

    diegossilveira

      Hello,

       

      I'm trying to store my xa-datasources' passwords encrypted in VAULT. My JBoss is 7.1.0.CR1b and I followed the directions as explained here: https://community.jboss.org/wiki/JBossAS7SecuringPasswords

       

      The problem is that when I start JBoss in domain mode, I get the following exception:

       

       

      18:04:28,424 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool -- 51) JBAS014612: Operation ("enable") failed - address: ([
          ("subsystem" => "datasources"),
          ("xa-data-source" => "dbpd03")
      ]): java.lang.SecurityException: Vault is not initialized
              at org.jboss.as.security.vault.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:97)
              at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45)
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressions(ExpressionResolverImpl.java:40) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.ModelControllerImpl.resolveExpressions(ModelControllerImpl.java:414) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.OperationContextImpl.resolveExpressions(OperationContextImpl.java:622) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.ParallelBootOperationContext.resolveExpressions(ParallelBootOperationContext.java:263) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.connector.subsystems.datasources.DataSourceModelNodeUtil.getResolvedStringIfSetOrGetDefault(DataSourceModelNodeUtil.java:359)
              at org.jboss.as.connector.subsystems.datasources.DataSourceModelNodeUtil.xaFrom(DataSourceModelNodeUtil.java:228)
              at org.jboss.as.connector.subsystems.datasources.DataSourceEnable$1.execute(DataSourceEnable.java:101)
              at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:311) [jboss-as-controller-7.1.0.CR1b.jar:7.1.0.CR1b]
              at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_25]
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_25]
              at java.lang.Thread.run(Thread.java:662) [:1.6.0_25]
              at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.0.0.GA.jar:2.0.0.GA]
      

       

      $JBOSS_HOME/domain/configuration/host.xml

       

       

      <?xml version='1.0' encoding='UTF-8'?>
      
      
      <host name="pdmaster" xmlns="urn:jboss:domain:1.1">
           <vault>
               <vault-option name="KEYSTORE_URL" value="/usr/local/jboss/vault.keystore"/>
               <vault-option name="KEYSTORE_PASSWORD" value="MASK-XXXXXXXXXX"/>
               <vault-option name="KEYSTORE_ALIAS" value="vault"/>
               <vault-option name="SALT" value="12345678"/>
               <vault-option name="ITERATION_COUNT" value="50"/>
               <vault-option name="ENC_FILE_DIR" value="/usr/local/jboss/"/>
           </vault>
      
           ....
      
           <servers>
              <server name="pd-master-vserver01" group="pd-server-group" auto-start="true">
              </server>
              <server name="pd-master-vserver02" group="pd-server-group" auto-start="true">
                  <socket-bindings port-offset="100"/>
              </server>
              <server name="pd-master-vserver03" group="pd-server-group" auto-start="true">
                  <socket-bindings port-offset="200"/>
              </server>
          </servers>
      </host>
      
      

       

      $JBOSS_HOME/domain/configuration/domain.xml

       

      <domain  xmlns="urn:jboss:domain:1.1">
                  ...
                  <subsystem xmlns="urn:jboss:domain:datasources:1.0">
                      <datasources>
                          <!-- DBPD03 -->
                          <xa-datasource jndi-name="java:jboss/datasources/dbpd03DS" pool-name="dbpd03" enabled="true" use-ccm="false">
                              <xa-datasource-property name="URL">jdbc:mysql://pdbd-ldr-01/dbpd03?autoReconnect=true</xa-datasource-property>
                              <driver>mysql</driver>
                              <xa-pool>
                                  <min-pool-size>2</min-pool-size>
                                  <max-pool-size>10</max-pool-size>
                                  <prefill>true</prefill>
                                  <is-same-rm-override>false</is-same-rm-override>
                                  <interleaving>false</interleaving>
                                  <pad-xid>false</pad-xid>
                                  <wrap-xa-resource>false</wrap-xa-resource>
                              </xa-pool>
                              <security>
                                  <user-name>pd_api</user-name>
                                  <password>${VAULT::dbpd03DS::password::YWU2NTAxZmYtMGEyZi00ZjI2LWI5MmMtNDk5OGYxZjJlYzVkTElORV9CUkVBS3ZhdWx0;}</password>
                              </security>
                              <validation>
                                  <validate-on-match>false</validate-on-match>
                                  <background-validation>false</background-validation>
                                  <background-validation-millis>0</background-validation-millis>
                              </validation>
                              <statement>
                                  <prepared-statement-cache-size>0</prepared-statement-cache-size>
                                  <share-prepared-statements>false</share-prepared-statements>
                              </statement>
                          </xa-datasource>
                           <drivers>
                              <driver name="mysql" module="com.mysql">
                                  <driver-class>
                                      com.mysql.jdbc.Driver
                                  </driver-class>
                                  <xa-datasource-class>
                                      com.mysql.jdbc.jdbc2.optional.MysqlXADataSource
                                  </xa-datasource-class>
                              </driver>
                          </drivers>
                      </datasources>
                  </subsystem>
                  ...
      </host>
      
      

       

      It's important to say that in standalone mode, my keystore and datasources' encrypted passwords work fine. I noticed that in domain mode, even if I ommit the <vault> tag in host.xml, I got exactly the same error / exception.

       

      Is there any error in my domain configuration files?

       

      Thank you in advance!

        1 2 Previous Next