1. keystore/vault 파일을 저장할 디렉터리 생성
web1]$ mkdir -p $JBOSS_HOME/vault
2. keystore.sh 실행하여 keystore 생성
- 스크립트1. keysotre.sh 확인(맨아래)
web1]$ ./keystore.sh [aliasname] [storepass] [keypass] [validity(in day)]
3. vault.sh 실행하여 vault 생성
- 스크립트2. vault.sh 확인(맨아래)
web1]$ ./vault.sh [aliasname] [sotrepass] [password]
4. 출력된 결과를 standalone.xml / host-slave.xml / domain.xml에 등록
Please make note of the following:
********************************************
Vault Block:vb
Attribute Name:password
Configuration should be done as follows:
VAULT::vb::password::1
********************************************
WFLYSEC0048: Vault Configuration in WildFly configuration file:
********************************************
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="$JBOSS_HOME/vault/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="1234abcd"/>
<vault-option name="ITERATION_COUNT" value="120"/>
<vault-option name="ENC_FILE_DIR" value="$JBOSS_HOME/vault/"/>
</vault>
<management>
...
********************************************
4.1. standalone 모드
web1]$ vi standalone.xml
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="$JBOSS_HOME/vault/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="1234abcd"/>
<vault-option name="ITERATION_COUNT" value="120"/>
<vault-option name="ENC_FILE_DIR" value="$JBOSS_HOME/vault/"/>
</vault>
<management>
...
<datasource pool-name="OracleDS" ...>
<security>
<user-name>jboss</user-name>
<password>${VAULT::vb::password::1}</password>
</security>
</datasource>
4.2. domain 모드
web1]$ vi host-slave.xml
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="$JBOSS_HOME/vault/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-5dOaAVafCSd"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="1234abcd"/>
<vault-option name="ITERATION_COUNT" value="120"/>
<vault-option name="ENC_FILE_DIR" value="$JBOSS_HOME/vault/"/>
</vault>
<management>
...
web1]$ vi domain.xml
<datasource pool-name="OracleDS" ...>
<security>
<user-name>jboss</user-name>
<password>${VAULT::vb::password::1}</password>
</security>
</datasource>
5. 재기동
# 스크립트1. keystore.sh
#!/bin/sh
. ./env.sh
if[ \( -n "$1" \) -a \( -n "$2" \) -a \( -n "$3" \) -a \( -n "$4" \) ]
then
$JAVA_HOME/bin/keytool -genseckey -alias $1 -storetype jceks -keyalg AES -keysize 128 -storepass $2 -keypass $3 -validity $4 -keystore $JBOSS_HOME/vault/vault.keystore
echo "Check: $JBOSS_HOME/vault/vault.keystore"
exit;
fi
echo "./keystore.sh [aliasname] [storepass] [keypass] [validity(in day)]"
exit;
# 스크립트2. vault.sh
#!/bin/sh
. ./env.sh
if[ \( -n "$1" \) -a \( -n "$2" \) -a \( -n "$3" \) ]
then
$JBOSS_HOME/bin/vault.sh --keystore $JBOSS_HOME/vault/vault.keystore --alias $1 --keystore-password $2 --vault-block vb --attribute password --sec-attr $3 --enc-dir $EAP_HOME/vault/ --iteration 120 --salt 1234abcd
echo "Check: $JBOSS_HOME/vault/VAULT.dat"
exit;
fi
echo "./vault.sh [aliasname] [storepass] [password]"
exit;
# 참고 URL : https://access.redhat.com/solutions/2790371
'일 > WAS' 카테고리의 다른 글
| JBoss EAP 6 Native 설정 (0) | 2022.06.30 |
|---|---|
| JBoss EAP 6 Native 설정 (0) | 2022.06.30 |
| JBoss EAP 6 - StuckThread 감지 설정 (0) | 2022.06.30 |
| JBoss EAP 7 - StuckThread 감지 설정 (0) | 2022.06.30 |
| SocketException: Error in poll (0) | 2019.11.29 |