Closed samarved closed 3 years ago
HridoyRoy
commented
3 years ago Hi @samarved , thanks for raising this issue! Wanted to follow up with a couple questions on this:
vault plugin list and vault plugin list database what is the output? Thanks so much!
ctharp
commented
3 years ago HI @HridoyRoy, I have similar issue working in a namespace. Any suggestions would be appreciated!
vault write -ns=ctdemo database/config/vault_test_db\ plugin_name=vault-plugin-database-oracle \ connection_url="jdbc:oracle:thin:@ldap://xxx:389/xxx,cn=OracleContext,dc=xxx,dc=com" \ allowed_roles="*" \ username="sxxx" \ password="xxx"
URL: PUT $VAULT_ADDR/v1/database/config/vault_test_db Code: 400. Errors:
ctharp
commented
3 years ago Output of vault plugin list database
cassandra-database-plugin couchbase-database-plugin elasticsearch-database-plugin hana-database-plugin influxdb-database-plugin mongodb-database-plugin mongodbatlas-database-plugin mssql-database-plugin mysql-aurora-database-plugin mysql-database-plugin mysql-legacy-database-plugin mysql-rds-database-plugin postgresql-database-plugin redshift-database-plugin vault-plugin-database-oracle
ctharp
commented
3 years ago I tried the putting the prebuild binary from https://releases.hashicorp.com/vault-plugin-database-oracle/. Tried 0.2.1 and 0.1.6 in the plugins_directory set in our vault configuration file.
same commands produce 3 different errors:
error creating database object: invalid database version: 2 errors occurred:
Unrecognized remote plugin message:
This usually means that the plugin is either invalid or simply needs to be recompiled to support the latest protocol.
error creating database object: invalid database version: 2 errors occurred:
error creating database object: invalid database version: 2 errors occurred:
pcman312
commented
3 years ago Hi @samarved & @ctharp ! The issue you are seeing is due to a miscommunication between the plugin registration & the database configuration.
With this command:
vault write sys/plugins/catalog/database/oracle-database-plugin command=vault-plugin-database-oracle ...Note the endpoint sys/plugins/catalog/database/oracle-database-plugin has the name oracle-database-plugin.
Later, when trying to configure the database this command is used:
vault write -ns=ctdemo database/config/vault_test_db plugin_name=vault-plugin-database-oracle ...The name of the plugin is vault-plugin-database-oracle, which does not match the name of the plugin specified when registering the plugin. These two names need to match to be found in the registry.
vishalnayak
commented
3 years ago Issues that are not reproducible and/or not had any interaction for a long time are stale issues. Sometimes even the valid issues remain stale lacking traction either by the maintainers or the community. In order to provide faster responses and better engagement with the community, we strive to keep the issue tracker clean and the issue count low. In this regard, our current policy is to close stale issues after 30 days. Closed issues will still be indexed and available for future viewers. If users feel that the issue is still relevant but is wrongly closed, we encourage reopening them.
Please refer to our contributing guidelines for details on issue lifecycle.
samarved
commented
3 years ago I followed everything whatever mentioned in the documentation my problem was basically a spelling mistake which I fixed it on my own but I got the exact answer from the developer saying there seems to issue with your spelling mistake.
On Wed, 23 Jun, 2021, 9:57 pm Vishal Nayak, @.***> wrote:
Issues that are not reproducible and/or not had any interaction for a long time are stale issues. Sometimes even the valid issues remain stale lacking traction either by the maintainers or the community. In order to provide faster responses and better engagement with the community, we strive to keep the issue tracker clean and the issue count low. In this regard, our current policy is to close stale issues after 30 days. Closed issues will still be indexed and available for future viewers. If users feel that the issue is still relevant but is wrongly closed, we encourage reopening them.
Please refer to our contributing guidelines https://github.com/hashicorp/vault/blob/main/CONTRIBUTING.md for details on issue lifecycle.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hashicorp/vault/issues/10661#issuecomment-866985088, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJNIHODS22VKWI4J27MWIB3TUIDOTANCNFSM4VXPKIBQ .
vishalnayak
commented
3 years ago Glad to hear that this was resolved!
Environment:
Vault Config File:
storage "raft" { path = "/opt/vault/data" node_id = "node1" }
listener "tcp" { address = "0.0.0.0:8200" tls_disable = 1 }
plugin_directory = "/opt/vault" api_addr = "http://192.168.43.141:8200" cluster_addr = "https://192.168.43.141:8201" ui = true log_level = "Trace"
Startup Log Output: [root@node1 vault]# vault server -config=config.hcl ==> Vault server configuration:
==> Vault server started! Log data will stream in below: 2021-01-06T17:17:21.228+0530 [INFO] proxy environment: http_proxy= https_proxy= no_proxy= 2021-01-06T17:17:21.233+0530 [DEBUG] core: set config: sanitized config={"api_addr":"http://192.168.43.141:8200","cache_size":0,"cluster_addr":"https://192.168.43.141:8201","cluster_cipher_suites":"","cluster_name":"","default_lease_ttl":0,"default_max_request_duration":0,"disable_cache":false,"disable_clustering":false,"disable_indexing":false,"disable_mlock":false,"disable_performance_standby":false,"disable_printable_check":false,"disable_sealwrap":false,"disable_sentinel_trace":false,"enable_ui":true,"listeners":[{"config":{"address":"0.0.0.0:8200","tls_disable":1},"type":"tcp"}],"log_format":"unspecified","log_level":"Trace","max_lease_ttl":0,"pid_file":"","plugin_directory":"/opt/vault","raw_storage_endpoint":false,"seals":[{"disabled":false,"type":"shamir"}],"storage":{"cluster_addr":"https://192.168.43.141:8201","disable_clustering":false,"redirect_addr":"http://192.168.43.141:8200","type":"raft"}}
Expected Behavior: vault write database/config/database/oracle-database-plugin \ plugin_name='vault-plugin-database-oracle' \ connection_url='vaultadmin/Hind1234@//oradb19c:1521/orclpdb.localdomain' \ allowed_roles='oracle-vault-admin-role'
This command must complete without any errors but getting the below error
Actual Behavior: [root@node1 vault]# vault write database/config/oracle-database-plugin plugin_name='vault-plugin-database-oracle' connection_url='vaultadmin/Hind1234@//oradb19c:1521/orclpdb.localdomain' allowed_roles='oracle-vault-admin-role' Error writing data to database/config/oracle-database-plugin: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/database/config/oracle-database-plugin Code: 400. Errors:
Steps to Reproduce: 1: Download the latest oracle database plugin vault-plugin-database-oracle_0.2.1 for Linux 64bit 2: Unzip the downloaded plugin zipfile and place the plugin binary under the plugins_directory for me its /opt/vault as defined in the above config.hcl file 3: Register the plugin in Vault’s plugin catalog with below command vault write sys/plugins/catalog/database/oracle-database-plugin sha_256=963d50d72de0ea7512bfde01426b0d4296b726d7b2e097d8918430fec37b12a4 command=vault-plugin-database- oracle (hash value was obtained by running sha256sum against the downloaded plugin)
Important Factoids: OS : Centos 8.2 Oracle database Version : 19.3
References: