Dear teams,
I build boundary enterpise ( seft-managed ) demo but have issue kms :" Error parsing KMS configuration: error fetching kms plugin rpc client: fork/exec /tmp/3469086231/boundary-plugin-kms-transit-bhkZe: permission denied"
version : Boundary Enterprise. 15
After confgi Vault transit,
and see issue : boundary[34499]: Error parsing KMS configuration: error fetching kms plugin rpc client: fork/exec /tmp/3469086231/boundary-plugin-kms-transit-bhkZe: permission denied
config file controller.hcl :
kms “transit” {http://x.x.x.x:8200 ”
disable_renewal = “false”
// Key configuration
// TLS Configuration
Please help me recommend follow config fix it, I think misconfiguration.
Many thanks for your teams support.
jeff
March 7, 2024, 4:46pm
2
The issue is that it is trying to spin out plugin binaries to execute them but it is unable to. You should specify a custom directory via Plugins - configuration | Boundary | HashiCorp Developer where the files Boundary writes in are able to be executed.
Hi Mr. Jeft.
Thank for your support, I config Plugins add to file controller.hcl
But have error:
Error parsing KMS configuration: error writing out plugin for execution: open /var/run/boundary/plugin-exec/boundary-plugin-kms-transit-kQd45: permission deni>
Many thanks,
jeff
March 12, 2024, 5:31pm
4
It looks like /var/run may be a symlink to /tmp (which is not uncommon), and you still don’t have permission to execute binaries in that space, which may be due to how tmpfs is mounted. Try using a different directory outside tmpfs and see if that helps.
Hi Mr. Jeft,
Thank for your support. Error fix but have new error
Mar 13 07:58:58 server-boundary boundary[22270]: Error parsing KMS configuration: error setting configuration on the kms plugin: rpc error: code = Unknown desc = Error making API request.http://x …x.x.x:8200/v1/transit/encrypt/boundary
This is error config transit kms “namespace” on server vault ? Please recommend resolved misconfiguration fix it.
Many thanks,
EP
