Uploaded image for project: 'Cloud Enablement'
  1. Cloud Enablement
  2. CLOUD-2058

JBoss on Openshift does not start when the java security manager is enabled

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • EAP6, EAP7, EAP_CD
    • None

    Description

      I am working with a customer that is running into issues with JBoss on OpenShift.

      In particular, they are having issues getting JBoss to work while using the java security manager (-secmgr). Here is the error they are seeing:

      java.lang.IllegalStateException: The LogManager was not properly installed (you must set the "java.util.logging.manager" system property to "org.jboss.logmanager.LogManager")
      at org.jboss.logmanager.Logger.getLogger(Logger.java:58)
      at org.jboss.as.server.Main.main(Main.java:84)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.jboss.modules.Module.run(Module.java:317)
      at org.jboss.modules.Main.main(Main.java:473)
      ```

      I was able to recreate this issue locally (outside of Openshift). It seems to be caused by the use of the -Xbootclasspath JVM option. It looks like Openshift is setting the option to look like the following:

      -Xbootclasspath/p:/opt/eap/jboss-modules.jar:/opt/eap/modules/system/layers/base/.overlays/layer-base-jboss-eap-6.4.16.CP/org/jboss/logmanager/main/jboss-logmanager-1.5.7.Final-redhat-1.jar:/opt/eap/modules/system/layers/base/org/jboss/logmanager/ext/main/jboss-logmanager-ext-1.0.0.Alpha2-redhat-1.jar

      I was able to recreate the issue locally using the following -Xbootclasspath setting:

      -Xbootclasspath/p:jboss-modules.jar:modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-1.5.7.Final-redhat-1.jar

      In my testing, I was getting a ClassCastException in the org.jboss.logmanager.Logger.getLogger(String) method:

      main[1] print name
      name = "stdout"
      main[1] stop
      Breakpoints set:
      breakpoint org.jboss.logmanager.Logger.getLogger(java.lang.String)
      main[1]

      main[1] print e
      e = "java.lang.ClassCastException: java.util.logging.Logger cannot be cast to org.jboss.logmanager.Logger"
      main[1]

      It looks like the OpenShift start script is attempting to use a special log manager implementation (jboss-logmanager-ext-1.0.0.Alpha2-redhat-1.jar). Is that correct? If so, what is the reason for this?

      I do not see any java security manager permission failures.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. CLOUD-2073 Remove -Xbootclasspath option from JAVA_OPTS

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • New

          Activity

            People

              kwills@redhat.com Ken Wills
              rhn-support-dehort Derek Horton
              Marek Schmidt Marek Schmidt
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated: