How to config Vault values in WildFly 10?
cqm_cris Jul 14, 2016 8:34 PMAfter reading some blogs I understood how to generate keystore and vault vaules. But, when I paste the vault xml fragment into the standalone-full.xml, the server does not start.
What I did is:
1) Create the keystore
a) keytool -genseckey -alias busa -storetype jceks -keyalg AES -keysize 256 -storepass union1234 -keypass union1234 -keystore vault.store
b) Copied vault.store to %WILDFLY10%/bin/vault/ in this folder there is a file called VAULT.dat
2) Use the keystore to create vault value
In this point I generated three values as follow:
a) vault.sh -k ./vault/vault.store -p union1234 -v busa -b JKS_PWD -a CACERTS -x qwerty1 -e ./vault -i 33 -s 17932486
b) vault.sh -k ./vault/vault.store -p union1234 -v busa -b JKS_PWD -a WUSERVER -x qwerty1234 -e ./vault -i 33 -s 17932486
c) vault.sh -k ./vault/vault.store -p union1234 -v busa -b PK_PWD -a WUPROXY -x union1234 -e ./vault -i 33 -s 17932486
After executing each command, I got someting like this:
Please make note of the following:
********************************************
Vault Block:JKS_PWD
Attribute Name:CACERTS
Configuration should be done as follows:
VAULT::JKS_PWD::CACERTS::1
********************************************
WFLYSEC0048: Vault Configuration in WildFly configuration file:
********************************************
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="./vault/vault.store"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-0cv6awHhb2SC.olzNEHJWH"/>
<vault-option name="KEYSTORE_ALIAS" value="busa"/>
<vault-option name="SALT" value="17932486"/>
<vault-option name="ITERATION_COUNT" value="33"/>
<vault-option name="ENC_FILE_DIR" value="./vault\"/>
</vault><management> ...
********************************************
In total I got three values:
${VAULT::JKS_PWD::WUSERVER::1}
${VAULT::PK_PWD::WUPROXY::1}
${VAULT::JKS_PWD::CACERTS::1}
3) Paste the xml fragment generated by vault.sh to standalone-full.xml
... <extension module="org.wildfly.extension.security.manager"/>
<extension module="org.wildfly.extension.undertow"/>
<extension module="org.wildfly.iiop-openjdk"/>
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="./vault/vault.store"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-0cv6awHhb2SC.olzNEHJWH"/>
<vault-option name="KEYSTORE_ALIAS" value="busa"/>
<vault-option name="SALT" value="17932486"/>
<vault-option name="ITERATION_COUNT" value="33"/>
<vault-option name="ENC_FILE_DIR" value="./vault\"/>
</vault>
<system-properties>
<property name="bo.com.bancounion.wuproxy.CONNECTION_TESTING_ENABLE" value="false"/>
<property name="bo.com.bancounion.reporting.PRIVATEKEY_ALIAS" value="cquizo"/>
</system-properties>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication> ...
...
</authorization>
</security-realm>
<security-realm name="httpsRealm">
<server-identities>
<ssl>
<keystore path="jks\wuserver.jks" relative-to="jboss.server.config.dir" keystore-password="${VAULT::JKS_PWD::WUSERVER::1}" alias="wuproxy" key-password="${VAULT::PK_PWD::WUPROXY::1}"/>
</ssl>
</server-identities>
<authentication>
<truststore path="jks\cacerts.jks" relative-to="jboss.server.config.dir" keystore-password="${VAULT::JKS_PWD::CACERTS::1}"/>
</authentication>
</security-realm>
</security-realms> ...
4) Try to start the app server
The log error is:
===============================================================================
20:26:46,738 INFO [org.jboss.modules] (main) JBoss Modules version 1.5.1.Final
20:26:47,117 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
20:26:47,197 INFO [org.jboss.as] (MSC service thread 1-7) WFLYSRV0049: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting
20:26:48,254 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:131)
at org.jboss.as.server.ServerService.boot(ServerService.java:356)
at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:299)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[46,5]
Message: WFLYCTL0198: Unexpected element '{urn:jboss:domain:4.0}system-properties' encountered
at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:89)
at org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.java:268)
at org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:141)
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:103)
at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:49)
at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110)
at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69)
at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:123)
... 3 more
20:26:48,255 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
20:26:48,256 INFO [org.jboss.as.server] (Thread-2) WFLYSRV0220: Server shutdown has been requested.
20:26:48,316 INFO [org.jboss.as] (MSC service thread 1-6) WFLYSRV0050: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) stopped in 9ms
Disconnected from server