search

hashicorp / vault-service-broker

The official HashiCorp Vault broker integration to the Open Service Broker API. This service broker provides support for secure secret storage and encryption-as-a-service to HashiCorp Vault.
https://www.vaultproject.io/
Mozilla Public License 2.0
84 stars 38 forks source link

failed to start broker failed to create mounts: x509: certificate signed by unknown authority #45

Closed kumarganesh2814 closed 5 years ago

kumarganesh2814 commented 5 years ago

Hi Team,

While Deploying cloud-foundry-vault-service-broker as below https://www.hashicorp.com/blog/cloud-foundry-vault-service-broker

Whenever we do cf start vault-broker

I have tried putting but no use. Please guide


cf set-env vault-broker VAULT_TOKEN "*************"
cf set-env vault-broker SECURITY_USER_NAME "vadmin"
cf set-env vault-broker SECURITY_USER_PASSWORD "*********"
cf set-env vault-broker TRUST_CERTS "10.119.69.204:8200"
cf set-env vault-broker VAULT_SKIP_VERIFY "true"
kumarganesh2814 commented 5 years ago

Errors:


2019-03-20T03:30:53.95-0700 [APP/PROC/WEB/0]OUT [INFO] starting broker
2019-03-20T03:30:53.95-0700 [APP/PROC/WEB/0]OUT [DEBUG] creating mounts cf/broker=generic
2019-03-20T03:30:57.92-0700 [APP/PROC/WEB/0]OUT [ERR] failed to start broker: failed to create mounts: Get https://10.119.69.204:8200/v1/sys/mounts: x509: certificate signed by unknown authority
2019-03-20T03:30:57.94-0700 [APP/PROC/WEB/0]OUT Exit status 1
2019-03-20T03:30:57.94-0700 [CELL/SSHD/0]OUT Exit status 0
2019-03-20T03:30:57.97-0700 [API/0]      OUT Process has crashed with type: "web"
2019-03-20T03:30:57.97-0700 [CELL/0]     OUT Stopping instance 2ba34cf6-548a-41ed-4040-ffc9
2019-03-20T03:30:57.97-0700 [CELL/0]     OUT Destroying container
2019-03-20T03:30:57.97-0700 [API/0]      OUT App instance exited with guid 249fd857-2b41-43a2-aa5e-581c0dc5e9e3 payload: {"instance"=>"2ba34cf6-548a-41ed-4040-ffc9", "index"=>0, "reason"=>"CRASHED", "exit_description"=>"APP/PROC/WEB: Exited with status 1", "crash_count"=>1, "crash_timestamp"=>1553077857955191766, "version"=>"558c6c3b-9948-4fa5-819f-b80ab8a86355"}
tyrannosaurus-becks commented 5 years ago

Hi @kumarganesh2814 , thanks for opening this issue!

In looking at the variables you're setting above, I notice that some of them like VAULT_SKIP_VERIFY aren't currently supported in the service broker, nor are they mentioned in the README or blog post. The most recent instructions are probably in the README.

I'd try giving that a go and seeing if you still have issues.

tyrannosaurus-becks commented 5 years ago

Closing this issue as the cause seems to be identified. If you're interested in requesting support for additional configuration, feel free to open a separate issue explaining your request and use case. Thank you!

kumarganesh2814 commented 5 years ago

@tyrannosaurus-becks Hi, I tried removing cf set-env vault-broker VAULT_SKIP_VERIFY "true" but issue is still same. Please advise.

Best Regards Ganesh Kumar