Re: [vault] server gave HTTP response to HTTPS client
7,480 views
Skip to first unread message
Message has been deleted
Nick Cabatoff
Aug 20, 2019, 8:55:39 AM8/20/19
to vault...@googlegroups.com
Hi Patrick,
You should have VAULT_ADDR=http://127.0.0.1:8200 - note the "http://". Also, are you sure you exported the variable, e.g.
export VAULT_ADDR
?
As to the second case, I think you need to ensure that options which aren't meant to be passed as options to the vault server itself are given earlier in the command line, note the help:
Usage: vault policy write [options] NAME PATH
On Tue, Aug 20, 2019 at 5:48 AM Patrick <CraN...@gmail.com> wrote:
--Hi dear vault community,I got an issue setting up the hashicorp vault.My config.hcl looks like:
path = "/<some_path>/hashivault/fault"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
ui = trueI've exported the env var VAULT_ADDR='127.0.0.1:8200' in my shell_profile as well.When I do the following:$ vault policy write admin0 admin-policy.aclError uploading policy: Put https://127.0.0.1:8200/v1/sys/policies/acl/admin0: http: server gave HTTP response to HTTPS client.doing:I got the error:
Thanks & best regards
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/88ac38e8-7457-49e4-b5ee-392aac250592%40googlegroups.com.
Patrick
Aug 20, 2019, 10:36:16 AM8/20/19
to Vault
Hi Nick,
sorry forgot it in the description, but yes I have the schema in place
I browsed the github issued before, that's why I know about it.
So the issue stays the same for the CLI client.
best,
Patrick
To unsubscribe from this group and stop receiving emails from it, send an email to vault...@googlegroups.com.
Patrick
Aug 20, 2019, 10:40:30 AM8/20/19
to Vault
I've tried to pass the option after "policy write" and it works like a charm.
vault policy write -address=http://127.0.0.1:8200 admin0 admin-policy.acl
Success! Uploaded policy: admin0
So it seems that the client ignores the env var VAULT_ADDR somehow
and still tries connect via https.
Nick Cabatoff
Aug 20, 2019, 10:44:20 AM8/20/19
to vault...@googlegroups.com
Note that echo doesn't tell you whether the variable is exported or not. To check that, try
env |grep VAULT_ADDR
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b62c0e68-1280-4d73-afb1-ceded6a42a32%40googlegroups.com.
Patrick
Aug 20, 2019, 10:53:22 AM8/20/19
to Vault
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b62c0e68-1280-4d73-afb1-ceded6a42a32%40googlegroups.com.
Patrick hshs
Aug 26, 2019, 3:17:44 AM8/26/19
to Vault
Any news on this or should I open an issue @ github?
thanks & best regards,
Am Dienstag, 20. August 2019 16:44:20 UTC+2 schrieb Nick Cabatoff:
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b62c0e68-1280-4d73-afb1-ceded6a42a32%40googlegroups.com.
Nick Cabatoff
Aug 26, 2019, 8:44:52 AM8/26/19
to vault...@googlegroups.com
Can you try again to reproduce please, and show the full steps including setting and exporting the variable? That symptom is pretty reliably associated with an unset or unexported VAULT_ADDR.
$ unset VAULT_ADDR
$ vault secrets list
Error listing secrets engines: Get https://127.0.0.1:8200/v1/sys/mounts: http: server gave HTTP response to HTTPS client
$ export VAULT_ADDR=http://localhost:8200
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_05ee9427 per-token private secret storage
identity/ identity identity_d0baa21a identity store
secret/ kv kv_51369252 key/value secret storage
sys/ system system_7122a8a3 system endpoints used for control, policy and debugging
$ vault secrets list
Error listing secrets engines: Get https://127.0.0.1:8200/v1/sys/mounts: http: server gave HTTP response to HTTPS client
$ export VAULT_ADDR=http://localhost:8200
$ vault secrets list
Path Type Accessor Description
---- ---- -------- -----------
cubbyhole/ cubbyhole cubbyhole_05ee9427 per-token private secret storage
identity/ identity identity_d0baa21a identity store
secret/ kv kv_51369252 key/value secret storage
sys/ system system_7122a8a3 system endpoints used for control, policy and debugging
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/c5a00c72-4864-4111-9866-6a2415c81cee%40googlegroups.com.
Patrick hshs
Aug 26, 2019, 9:37:55 AM8/26/19
to Vault
I set it up from scratch again,
had the same errors, almost finished the reproducing guide,
tried again and it worked.
Don't know why this happens, can't reproduce 100%.
It works unpredictably.
I don't want to dig deeper, because vault won't be used in our infrastructure.
Thanks for your help and effort anyway.
Have a nice day!
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/c5a00c72-4864-4111-9866-6a2415c81cee%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages