碼上快樂

相關內容    簡體    繁體

vault問題記錄

本文轉載自   查看原文   2019-10-17 13:39   332 

vault報錯

1設置VAULT_ADDR路徑時報錯

 failed to create client: parse 'http://127.0.0.1:8200': first path segment in URL cannot contain colon

 解決方式:set VAULT_ADDR=http://127.0.0.1:8200  設置路徑時不需要引號

2 vault status
Error checking seal status: Get https://127.0.0.1:8200/v1/sys/seal-status: http: server gave HTTP response to HTTPS client

解決方式:沒有指定VAULT_ADDR,可以通過指定-address來查看vault status -address='http://*.*.*.*:8200'

3  vault policy write app1 app1.hcl

Error uploading policy: Error making API request.
URL: PUT http://*.*.*.*:8200/v1/sys/policies/acl/app1
Code: 403. Errors:
* permission denied
解決方式:用解封時產生的token登陸后,進行寫策略操作
4 vault中遇到解封錯誤,解封到第三個時報錯key invalid,是因為主機和虛擬機用了同一個數據庫,主機中的vault解封后,虛擬機中再解封就不能成功了
5 vault中unseal key和token丟失后,如果是用的mysql database,將數據庫中的vault相關信息刪除后,可以重新初始化vault,獲取新的token和unseal key。
6 啟動vault :vault server -config=vault.hcl報錯

Error initializing storage of type mysql: failed to check mysql schema exist: dial tcp *.*.*.46:3306: connect: connection timed out

Error initializing storage of type mysql: failed to check mysql schema exist: dial tcp 10.0.1.6:3306: connect: connection refused

數據庫連接問題,不能訪問

 
spring boot中報錯
1 Caused by: org.springframework.vault.VaultException: Status 403 Forbidden [secret/test-login]: 1 error occurred:
 * permission denied
解決方式:將路徑權限加入到vault對應的app策略中,重新寫入更新后的策略文件vault policy write app1 app1.hcl,不用重新生成token
也可以通過vualt ui界面操作,需要用最初的token登陸后,才能看到policy項,對相應的策略進行更新,更新后直接生效。
 
 2 Caused by: java.lang.NullPointerException
 at com.example.logindemo.LogindemoApplication.initIt(LogindemoApplication.java:32)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:363)
 at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:307)
 at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:136)

 問題和解決方式:

登陸獲取用戶名密碼時失敗,需要在vault中允許使用vault  secrets enable database

3 Caused by: org.springframework.vault.VaultException: Status 400 Bad Request [database/creds/app1]: unknown role: app1; nested exception is org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request

問題和解決方式:

需要在vault中創建數據庫連接和用戶角色:

vault write database/config/my-mysql-database plugin_name=mysql-database-plugin connection_url="{{username}}:{{password}}@tcp(*.*.*.*:3306)/" allowed_roles="app1" username="test" password="123456"

vault write database/roles/app1  db_name=my-mysql-database creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT,INSERT,UPDATE ON *.* TO '{{name}}'@'%';" default_ttl="1h" max_ttl="24h"

4 org.springframework.vault.VaultException: Status 404 Not Found [transit/encrypt/order]: no handler for route 'transit/encrypt/order'; nested exception is org.springframework.web.client.HttpClientErrorException$NotFound: 404 Not Found
 at org.springframework.vault.client.VaultResponses.buildException(VaultResponses.java:85)
 at org.springframework.vault.core.VaultTemplate.write(VaultTemplate.java:322)
 at org.springframework.vault.core.VaultTransitTemplate.encrypt(VaultTransitTemplate.java:209)
 at org.springframework.vault.core.VaultTransitTemplate.encrypt(VaultTransitTemplate.java:188)
 at com.example.logindemo.handler.EncryptHandler.setNonNullParameter(EncryptHandler.java:35)
 at com.example.logindemo.handler.EncryptHandler.setNonNullParameter(EncryptHandler.java:19)
 at org.apache.ibatis.type.BaseTypeHandler.setParameter(BaseTypeHandler.java:69)
 at org.apache.ibatis.scripting.defaults.DefaultParameterHandler.setParameters(DefaultParameterHandler.java:87)
 at org.apache.ibatis.executor.statement.PreparedStatementHandler.parameterize(PreparedStatementHandler.java:94)
 at org.apache.ibatis.executor.statement.RoutingStatementHandler.parameterize(RoutingStatementHandler.java:64)
 at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:87)
 at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:49)
 at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117)
 at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:76)
 at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197)
 at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:184)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:433)
 at com.sun.proxy.$Proxy79.insert(Unknown Source)
 at org.mybatis.spring.SqlSessionTemplate.insert(SqlSessionTemplate.java:278)
 at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:62)
 at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:58)
 at com.sun.proxy.$Proxy80.insert(Unknown Source)

解決方法:transit沒有開啟,vault中開啟vault secrets enable transit

5 Caused by: org.springframework.vault.VaultException: Status 500 Internal Server Error [database/creds/app1]: 1 error occurred:
 * Error 1045: Access denied for user 'test'@'*.*.*.*' (using password: YES)

問題和解決方式:

數據庫權限問題,test賬號和root賬號權限不同,比較show grants for test的權限和show grants for root權限,test少了一個WITH GRANT OPTION

用root用戶登陸后給test用戶授權grant all on *.* to 'test'@'%' with grant option;

在vault中重新創建數據庫連接和role

vault write database/config/my-mysql-database plugin_name=mysql-database-plugin connection_url="{{username}}:{{password}}@tcp(*.*.*.*:3306)/" allowed_roles="app1" username="test" password="123456"

vault write database/roles/app1  db_name=my-mysql-database creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT,INSERT,UPDATE ON *.* TO '{{name}}'@'%';" default_ttl="1h" max_ttl="24h"

 

6 報錯mysql secrets- is too long for user name (should be no longer than 16)       

解決辦法:改mysql插件為plugin_name=mysql-legacy-database-plugin,參見https://github.com/hashicorp/vault/issues/4602

vault write database/config/my-mysql-database plugin_name=mysql-legacy-database-plugin connection_url="{{username}}:{{password}}@tcp(*.*.*.*:3306)/" allowed_roles="app1" username="test" password="123456"

vault write database/roles/app1  db_name=my-mysql-database creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT,INSERT,UPDATE ON *.* TO '{{name}}'@'%';" default_ttl="1h" max_ttl="24h"

 

7 報錯Error 1227: Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation

解決方法:給賬戶授權創建用戶的權限。

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 ESLint問題記錄 TensorFlow各種問題記錄 zabbix問題記錄 Tomcat的問題記錄 微信問題記錄 spark 運行問題記錄 conda環境問題記錄 Torch 報錯問題記錄 安裝 go 版 TensorFlow的問題記錄 Glide加載圖片問題記錄
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM