Hi!
Trying to manually rotate a database credencial bind with Oracle Plugin, but it fails through GUI with:
[TRACE] secrets.database.database_75e43cc7.oracle-database-plugin: update user: transport="" status=started
[TRACE] secrets.database.database_75e43cc7.oracle-database-plugin: update user: transport="" status=finished err="unable to update user: rpc error: code = Canceled desc = context canceled" took=59.998112372s
[WARN] secrets.database.database_75e43cc7: unable to rotate credentials in rotate-role: error="error setting credentials: unable to update user: rpc error: code = Canceled desc = context canceled"
Automatic rotation is working, I have a rotation period of 1 day and it is generating new passwords.
aram
August 10, 2022, 6:50am
2
I haven’t seen this exact error before but my guess is that it’s timing out at 60seconds trying to either connect or asking the system to rotate it’s password and the system not responding within the allotted time.
I don’t think the “GUI”/browser adds anything but try it from command line to see if there is a difference – it wouldn’t surprise me if it works through the CLI and some weird browser thing is causing the issue.
Thanks aram.
Tried with cli:
vault write -f database/rotate-role/rolename
Error writing data to database/rotate-role/rolename: context deadline exceeded
In logs:
13:13:43.186-0300 [TRACE] secrets.database.database_75e43cc7.oracle-database-plugin: update user: transport="" status=started
...
13:14:43.186-0300 [TRACE] secrets.database.database_75e43cc7.oracle-database-plugin: update user: transport="" status=finished err="unable to update user: rpc error: code = Canceled desc = context canceled" took=1m0.000022036s
13:14:43.187-0300 [WARN] secrets.database.database_75e43cc7: unable to rotate credentials in rotate-role: error="error setting credentials: unable to update user: rpc error: code = Canceled desc = context canceled"
Same error inside 60s, but directly on vault’s shell with cli.
I think this is the log entries for the periodic rotation:
09:53:49.620-0300 [DEBUG] secrets.database.database_75e43cc7: writing WAL: role=rolename WAL ID=f17cf78f-0ff9-d6c3-28dd-83b65a79db22
09:53:49.620-0300 [TRACE] secrets.database.database_75e43cc7.oracle-database-plugin: update user: transport="" status=started
...
10:09:34.481-0300 [TRACE] secrets.database.database_75e43cc7.oracle-database-plugin: update user: transport="" status=finished err=<nil> took=15m44.860524251s
10:09:34.481-0300 [DEBUG] secrets.database.database_75e43cc7: deleted WAL: WAL ID=f17cf78f-0ff9-d6c3-28dd-83b65a79db22
Wow… Almost 16 minutes!