Jboss EAP 6.3 data source password encryption - vault mechanism
josephsekar Dec 11, 2014 1:46 PMI have created vault and trying to start the server but getting error. Why this error comes and how can i resolve this? If there is any reference please let me know. Thanks in advance
My requirement is to encrypt & protect data source password. For this purpose I am trying to use vault. Is there any better mechanism available?
reference
keytool -genkey -alias vault -keystore vault.keystore -keyalg RSA -keysize 1024 -storepass jboss12# -keypass jboss12# -dname "CN=Picketbox vault,OU=picketbox,O=att,L=alpharetta,ST=ga,C=us"
./vault.sh -k vault.keystore -p jboss12# -e /home/jp295m/migration/jboss-eap-6.3/vault -i 50 -s 12345678 -v vault -b ds_ExampleDS -a password -x jboss12#
WARNING JBOSS_HOME may be pointing to a different installation - unpredictable results may occur.
=========================================================================
JBoss Vault
JBOSS_HOME: /home/jp295m/migration/jboss-eap-6.3
JAVA: /opt/app/posbea/jdk-1.6.0_41/bin/java
=========================================================================
Dec 10, 2014 2:08:58 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
Secured attribute value has been stored in vault.
Please make note of the following:
********************************************
Vault Block:ds_ExampleDS
Attribute Name:password
Configuration should be done as follows:
VAULT::ds_ExampleDS::password::1
********************************************
Vault Configuration in AS7 config file:
********************************************
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-152B1JTrNga41zUwNiaFjZ"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR" value="/home/jp295m/migration/jboss-eap-6.3/vault/"/>
</vault><management> ...
********************************************
---------------------------------------------------------------------------------------------------
used the below CLI script to add and initialize vault and it says initialized successfully
/host=master/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "vault.keystore"), ("KEYSTORE_PASSWORD" => "MASK-152B1JTrNga41zUwNiaFjZ"), ("KEYSTORE_ALIAS" => "vault"), ("SALT" => "12345678"),("ITERATION_COUNT" => "50"), ("ENC_FILE_DIR" => "/home/jp295m/migration/jboss-eap-6.3/vault/")])
If I re-start server after adding <vault>...</vault> (either manually or using CLI) in host.xml it is showing the below error
[Host Controller] 12:34:37,783 INFO [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010922: Starting server server-two
[Host Controller] 12:34:37,823 INFO [org.jboss.as.host.controller] (server-registration-threads - 1) JBAS010919: Registering server server-one
12:34:37,830 INFO [org.jboss.as.process.Server:server-two.status] (ProcessController-threads - 3) JBAS012017: Starting process 'Server:server-two'
[Server:server-two] 12:34:38,767 INFO [org.jboss.modules] (main) JBoss Modules version 1.3.3.Final-redhat-1
[Server:server-one] 12:34:38,888 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
[Server:server-one] at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:89) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:611) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:489) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:290) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:285) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1132) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:322) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:292) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.server.ServerService.boot(ServerService.java:346) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.server.ServerService.boot(ServerService.java:321) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:254) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_41]
[Server:server-one] Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
[Server:server-one] at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:95) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:87) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] ... 12 more
[Server:server-one] Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)
[Server:server-one] at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-one] at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:93) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-one] ... 13 more
[Server:server-one] Caused by: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)
[Server:server-one] at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:646) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-one] at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:187) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-one] ... 14 more
[Server:server-one] Caused by: java.io.FileNotFoundException: vault.keystore (No such file or directory)
[Server:server-one] at java.io.FileInputStream.open(Native Method) [rt.jar:1.6.0_41]
[Server:server-one] at java.io.FileInputStream.<init>(FileInputStream.java:120) [rt.jar:1.6.0_41]
[Server:server-one] at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:150) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-one] at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:643) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-one] ... 15 more
[Server:server-one]
[Server:server-one] 12:34:38,902 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
[Server:server-one] 12:34:38,949 ERROR [stderr] (main) org.jboss.msc.service.ServiceNotFoundException: Service service jboss.host.controller.client not found
[Server:server-one] 12:34:38,948 INFO [org.jboss.as] (MSC service thread 1-20) JBAS015950: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) stopped in 36ms
[Server:server-one] 12:34:38,949 ERROR [stderr] (main) at org.jboss.msc.service.ServiceContainerImpl.getRequiredService(ServiceContainerImpl.java:625)
[Server:server-one] 12:34:38,950 ERROR [stderr] (main) at org.jboss.as.server.DomainServerMain.getRequiredService(DomainServerMain.java:158)
[Server:server-one] 12:34:38,950 ERROR [stderr] (main) at org.jboss.as.server.DomainServerMain.main(DomainServerMain.java:137)
[Server:server-one] 12:34:38,951 ERROR [stderr] (main) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[Server:server-one] 12:34:38,951 ERROR [stderr] (main) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[Server:server-one] 12:34:38,951 ERROR [stderr] (main) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[Server:server-one] 12:34:38,952 ERROR [stderr] (main) at java.lang.reflect.Method.invoke(Method.java:597)
[Server:server-one] 12:34:38,952 ERROR [stderr] (main) at org.jboss.modules.Module.run(Module.java:312)
[Server:server-one] 12:34:38,952 ERROR [stderr] (main) at org.jboss.modules.Main.main(Main.java:460)
[Server:server-one]
12:34:38,986 INFO [org.jboss.as.process.Server:server-one.status] (reaper for Server:server-one) JBAS012010: Process 'Server:server-one' finished with an exit status of 1
[Host Controller] 12:34:39,029 INFO [org.jboss.as.host.controller] (ProcessControllerConnection-thread - 2) JBAS010926: Unregistering server server-one
[Server:server-two] 12:34:39,325 INFO [org.jboss.msc] (main) JBoss MSC version 1.1.5.Final-redhat-1
[Server:server-two] 12:34:39,574 INFO [org.jboss.as] (MSC service thread 1-7) JBAS015899: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) starting
[Server:server-two] 12:34:39,775 INFO [org.xnio] (MSC service thread 1-13) XNIO Version 3.0.10.GA-redhat-1
[Server:server-two] 12:34:39,790 INFO [org.xnio.nio] (MSC service thread 1-13) XNIO NIO Implementation Version 3.0.10.GA-redhat-1
[Server:server-two] 12:34:39,847 INFO [org.jboss.remoting] (MSC service thread 1-13) JBoss Remoting version (unknown)
[Host Controller] 12:34:41,214 INFO [org.jboss.as.domain.controller.mgmt] (Remoting "zldv4175:MANAGEMENT" task-10) JBAS010920: Server [Server:server-two] registered using connection [Channel ID 1e00cf5c (inbound) of Remoting connection 00876d42 to /130.5.125.2:24755]
[Host Controller] 12:34:41,321 INFO [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://130.5.125.2:9990/management
[Host Controller] 12:34:41,323 INFO [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://130.5.125.2:9990
[Host Controller] 12:34:41,324 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) (Host Controller) started in 11037ms - Started 39 of 41 services (12 services are lazy, passive or on-demand)
[Host Controller] 12:34:41,337 INFO [org.jboss.as.host.controller] (server-registration-threads - 1) JBAS010919: Registering server server-two
[Server:server-two] 12:34:42,370 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: JBAS015804: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
[Server:server-two] at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:89) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:611) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:489) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:290) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:285) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1132) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:322) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:292) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.server.ServerService.boot(ServerService.java:346) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.server.ServerService.boot(ServerService.java:321) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:254) [jboss-as-controller-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_41]
[Server:server-two] Caused by: org.jboss.as.server.services.security.VaultReaderException: JBAS013313: Vault Reader Exception:
[Server:server-two] at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:95) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:87) [jboss-as-server-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] ... 12 more
[Server:server-two] Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)
[Server:server-two] at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:192) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-two] at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:93) [jboss-as-security-7.4.0.Final-redhat-19.jar:7.4.0.Final-redhat-19]
[Server:server-two] ... 13 more
[Server:server-two] Caused by: java.lang.RuntimeException: PBOX000140: Unable to get keystore (vault.keystore)
[Server:server-two] at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:646) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-two] at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:187) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-two] ... 14 more
[Server:server-two] Caused by: java.io.FileNotFoundException: vault.keystore (No such file or directory)
[Server:server-two] at java.io.FileInputStream.open(Native Method) [rt.jar:1.6.0_41]
[Server:server-two] at java.io.FileInputStream.<init>(FileInputStream.java:120) [rt.jar:1.6.0_41]
[Server:server-two] at org.picketbox.util.KeyStoreUtil.getKeyStore(KeyStoreUtil.java:150) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-two] at org.picketbox.plugins.vault.PicketBoxSecurityVault.getKeyStore(PicketBoxSecurityVault.java:643) [picketbox-4.0.19.SP8-redhat-1.jar:4.0.19.SP8-redhat-1]
[Server:server-two] ... 15 more
[Server:server-two]
[Server:server-two] 12:34:42,384 FATAL [org.jboss.as.server] (Controller Boot Thread) JBAS015957: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
[Server:server-two] 12:34:42,427 ERROR [stderr] (main) java.lang.IllegalStateException
[Server:server-two] 12:34:42,429 ERROR [stderr] (main) at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.getValue(HostControllerConnectionService.java:140)
[Server:server-two] 12:34:42,429 ERROR [stderr] (main) at org.jboss.as.server.mgmt.domain.HostControllerConnectionService.getValue(HostControllerConnectionService.java:60)
[Server:server-two] 12:34:42,433 ERROR [stderr] (main) at org.jboss.msc.service.ServiceControllerImpl.getValue(ServiceControllerImpl.java:1161)
[Server:server-two] 12:34:42,434 ERROR [stderr] (main) at org.jboss.as.server.DomainServerMain.getRequiredService(DomainServerMain.java:159)
[Server:server-two] 12:34:42,435 ERROR [stderr] (main) at org.jboss.as.server.DomainServerMain.main(DomainServerMain.java:137)
[Server:server-two] 12:34:42,436 ERROR [stderr] (main) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[Server:server-two] 12:34:42,436 ERROR [stderr] (main) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[Server:server-two] 12:34:42,437 ERROR [stderr] (main) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[Server:server-two] 12:34:42,436 INFO [org.jboss.as] (MSC service thread 1-20) JBAS015950: JBoss EAP 6.3.0.GA (AS 7.4.0.Final-redhat-19) stopped in 38ms
[Server:server-two] 12:34:42,437 ERROR [stderr] (main) at java.lang.reflect.Method.invoke(Method.java:597)
[Server:server-two] 12:34:42,438 ERROR [stderr] (main) at org.jboss.modules.Module.run(Module.java:312)
[Server:server-two] 12:34:42,439 ERROR [stderr] (main) at org.jboss.modules.Main.main(Main.java:460)
[Server:server-two]
12:34:42,471 INFO [org.jboss.as.process.Server:server-two.status] (reaper for Server:server-two) JBAS012010: Process 'Server:server-two' finished with an exit status of 1
-
host.xml 58.5 KB