vault-storage icon indicating copy to clipboard operation
vault-storage copied to clipboard
verified publisher icon rundeck-plugins

Vault plugin

Open sliabat opened this issue 5 years ago • 3 comments

Rundeck as docker container. In my container, rundeck-config.properties

rundeck.storage.provider.1.type=vault-storage
rundeck.storage.provider.1.path=keys
rundeck.storage.provider.1.removePathPrefix=true

rundeck.storage.provider.1.config.prefix=infra
rundeck.storage.provider.1.config.address=xxxxxxx
rundeck.storage.provider.1.config.token=xxxxxxx
rundeck.storage.provider.1.config.storageBehaviour=vault
rundeck.storage.provider.1.config.secretBackend=kv

rundeck.storage.provider.1.config.maxRetries=3
rundeck.storage.provider.1.config.retryIntervalMilliseconds=100
rundeck.storage.provider.1.config.openTimeout=3
rundeck.storage.provider.1.config.readTimeout=5

rundeck.storage.provider.1.config.engineVersion=1

On my Vault machine :

[root@devops02 sliabat]# vault list secret/infra
Keys
----
artifactory
awx
consul
elasticsearch
git
graphite-sitespeedio
jcr
keycloak
ldap/
prometheus
rundeck
sonar
sonarqube
ssl
supervision
teams
vmware/
wsdevops

With curl my Vault setup works too :

curl --request GET --url http://xxxxx/v1/secret/infra/awx --header 'X-Vault-Token: xxxxxx'
{"request_id":"14b49c9c-577c-7e53-1864-951578c43310","lease_id":"","renewable":false,"lease_duration":630720000,"data":{"oidc-azure-key":"xxxxxx","oidc-azure-secret":"xxxx","oidc-callback":"xxxxxx":null,"auth":null}

But in Rundeck, ther is nothing in key storage. And nothing to help in docker logs.


[2021-03-05T17:56:35,741] INFO  web.requests "GET /storage/access/keys" 10.17.70.1 http sliabat form 324 ? [] (Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0)


[2021-03-05T17:56:39,802] INFO  web.requests "GET /storage/access/keys" 10.17.70.1 http sliabat form 324 ? [] (Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0)

sliabat avatar Mar 05 '21 18:03 sliabat

here is my docker conf :

"RUNDECK_STORAGE_PROVIDER_1_TYPE": "vault-storage"
      "RUNDECK_STORAGE_PROVIDER_1_PATH": "keys"
      "RUNDECK_STORAGE_PROVIDER_1_REMOVEPATHPREFIX": "true"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX": "infra"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_ADDRESS": "{{ lookup('env', 'VAULT_ADDR') }}"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_TOKEN": "{{ lookup('env', 'VAULT_TOKEN') }}"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_BEHAVIOUR": "vault"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_ENGINEVERSION": "1"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND": "secret"
      "RUNDECK_STORAGE_PROVIDER_1_CONFIG_AUTHBACKEND": "token"

image image

sliabat avatar Mar 09 '21 09:03 sliabat

Do you know how say to docker conf to log in debug ?

sliabat avatar Mar 09 '21 09:03 sliabat

https://github.com/rundeck/rundeck/pull/6990 This might help provide some guidance, or possibly a fix when it gets merged.

fdevans avatar Apr 20 '21 23:04 fdevans