Still getting 500 error
XerockXMG opened this issue · 1 comments
Since the other issue has been closed for awhile, I figured I'd just open a new one instead of posting in the closed one.
I'm still seeing this issue in my setup. I've updated vault to 1.1.1 and using plugin version 0.2.
I can enable the plugin to any path that I want, but if I try to write to it, I get a 500 error and the logs say there is a tls error.
I can enable the secrets-gen secrets engine at multiple mount points, but I can never remove them.
Success! Enabled the secrets-gen secrets engine at: gen4/
vault write gen4/passphrase words=4
Error writing data to gen4/passphrase: Error making API request.
URL: PUT https://REDACTED:REDACTED/v1/gen4/passphrase
Code: 500. Errors:
* 1 error occurred:
* internal error
vault secrets disable gen4
Error disabling secrets engine at gen4/: Error making API request.
URL: DELETE https://REDACTED:REDACTED/v1/sys/mounts/gen4
Code: 400. Errors:
* plugin exited before we could connect
Vault config.json
{
"storage": {
"consul": {
"path": "vault",
"address": "REDACTED:REDACTED",
"scheme": "https",
"tls_ca_file": "/etc/vault/ssl/ca.pem",
"tls_cert_file": "/etc/vault/ssl/cert.pem",
"tls_key_file": "/etc/vault/ssl/key.pem"
}
},
"listener": [
{
"tcp": {
"address": "0.0.0.0:8200",
"tls_cert_file": "/etc/vault/ssl/REDACTED.crt",
"tls_key_file": "/etc/vault/ssl/REDACTED.key"
}
},
{
"tcp": {
"address": "0.0.0.0:8203",
"tls_cert_file": "/etc/vault/ssl/cert.pem",
"tls_key_file": "/etc/vault/ssl/key.pem"
}
}
],
"log_level": "trace",
"api_addr": "https://REDACTED:REDACTED",
"ui": true,
"plugin_directory": "/etc/vault/plugins"
}
The ca/cert/key being presented are Puppet certs.
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.810-0400 [DEBUG] secrets.secrets-gen.secrets-gen_7691b075.secrets-gen: starting plugin: path=/etc/vault/plugins/vault-secrets-gen args=[/etc/vault/plugins/vault-secrets-gen]
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.812-0400 [DEBUG] secrets.secrets-gen.secrets-gen_7691b075.secrets-gen: plugin started: path=/etc/vault/plugins/vault-secrets-gen pid=28081
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.812-0400 [DEBUG] secrets.secrets-gen.secrets-gen_7691b075.secrets-gen: waiting for RPC address: path=/etc/vault/plugins/vault-secrets-gen
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.862-0400 [INFO] http: TLS handshake error from REDACTED:54622: remote error: tls: bad certificate
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.862-0400 [ERROR] secrets.secrets-gen.secrets-gen_7691b075.secrets-gen.vault-secrets-gen: plugin tls init: error="error during token unwrap request: secret is nil" timestamp=2019-04-22T11:07:11.862-0400
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.865-0400 [DEBUG] secrets.secrets-gen.secrets-gen_7691b075.secrets-gen: plugin process exited: path=/etc/vault/plugins/vault-secrets-gen pid=28081
Apr 22 11:07:11 REDACTED vault: 2019-04-22T11:07:11.865-0400 [ERROR] core: failed to run existence check: error="plugin exited before we could connect"
I have env variables set to handle the certs and vault addr
VAULT_ADDR=https://REDACTED:REDACTED
VAULT_CAPATH=/etc/vault/ssl/
VAULT_CACERT=/etc/vault/ssl/ca.pem
VAULT_TOKEN=REDACTED
Any insight would be greatly appreciated. Been running into this issue for about a week and have tried many things to get it to work.
This is a problem with your Vault setup. I just verified 0.2.0 work with Vault 1.1.1 and 1.1.2. Those errors are coming from Vault's plugin interface, not this plugin. I recommend opening an issue on the Vault repo to see if they can help you debug.