Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault plugin #30

Open
sliabat opened this issue Mar 5, 2021 · 3 comments
Open

Vault plugin #30

sliabat opened this issue Mar 5, 2021 · 3 comments

Comments

@sliabat
Copy link

sliabat commented Mar 5, 2021

Rundeck as docker container.
In my container, rundeck-config.properties

rundeck.storage.provider.1.type=vault-storage
rundeck.storage.provider.1.path=keys
rundeck.storage.provider.1.removePathPrefix=true

rundeck.storage.provider.1.config.prefix=infra
rundeck.storage.provider.1.config.address=xxxxxxx
rundeck.storage.provider.1.config.token=xxxxxxx
rundeck.storage.provider.1.config.storageBehaviour=vault
rundeck.storage.provider.1.config.secretBackend=kv

rundeck.storage.provider.1.config.maxRetries=3
rundeck.storage.provider.1.config.retryIntervalMilliseconds=100
rundeck.storage.provider.1.config.openTimeout=3
rundeck.storage.provider.1.config.readTimeout=5

rundeck.storage.provider.1.config.engineVersion=1

On my Vault machine :

[root@devops02 sliabat]# vault list secret/infra
Keys
----
artifactory
awx
consul
elasticsearch
git
graphite-sitespeedio
jcr
keycloak
ldap/
prometheus
rundeck
sonar
sonarqube
ssl
supervision
teams
vmware/
wsdevops

With curl my Vault setup works too :

curl --request GET --url http://xxxxx/v1/secret/infra/awx --header 'X-Vault-Token: xxxxxx'
{"request_id":"14b49c9c-577c-7e53-1864-951578c43310","lease_id":"","renewable":false,"lease_duration":630720000,"data":{"oidc-azure-key":"xxxxxx","oidc-azure-secret":"xxxx","oidc-callback":"xxxxxx":null,"auth":null}

But in Rundeck, ther is nothing in key storage. And nothing to help in docker logs.

[2021-03-05T17:56:35,741] INFO  web.requests "GET /storage/access/keys" 10.17.70.1 http sliabat form 324 ? [] (Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0)


[2021-03-05T17:56:39,802] INFO  web.requests "GET /storage/access/keys" 10.17.70.1 http sliabat form 324 ? [] (Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0)
@sliabat
Copy link
Author

sliabat commented Mar 9, 2021

here is my docker conf :

"RUNDECK_STORAGE_PROVIDER_1_TYPE": "vault-storage"
      "RUNDECK_STORAGE_PROVIDER_1_PATH": "keys"
      "RUNDECK_STORAGE_PROVIDER_1_REMOVEPATHPREFIX": "true"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX": "infra"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_ADDRESS": "{{ lookup('env', 'VAULT_ADDR') }}"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_TOKEN": "{{ lookup('env', 'VAULT_TOKEN') }}"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_BEHAVIOUR": "vault"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_ENGINEVERSION": "1"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND": "secret"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_AUTHBACKEND": "token"

image
image

@sliabat
Copy link
Author

sliabat commented Mar 9, 2021

Do you know how say to docker conf to log in debug ?

@fdevans
Copy link

fdevans commented Apr 20, 2021

rundeck/rundeck#6990
This might help provide some guidance, or possibly a fix when it gets merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fdevans @sliabat