Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-5612

Can't add containers after root container secured

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • jboss-fuse-6.2.1
    • Fabric8 v1
    • None
    • % %
    • Hide

      Here are my steps:

      • Machine 1: Create root container and then fabric using fabric:create
      • Machine 2: Start root container & have it Join Fabric (using fabric:join)
      • Machine 3: Start root container & have it Join Fabric (using fabric:join)
      • Add Machine 2 & 3 to ensemble (using ensemble-add)
        Deploy "secure" profile as described in https://issues.jboss.org/browse/ENTESB-5097 to enable SSL on the management console

      For each server, generate key and adding its public key to the truststore.
      put the keystore and truststore to the same directory /home/daniel/apps/jboss-fuse-6.2.1.redhat-090-manualip/etc/identity.jks.

      keytool -genkey -v -alias server3 -keypass password -keystore server3.keystore -storepass password -keyalg RSA -keysize 2048 -dname "CN=mydomain.com, OU=organization_unit, O=organisation, ST=State, C=IN" -validity 365
      
      keytool -selfcert -export -v -alias server3 -keypass password -keystore server3.keystore -storepass password -file server3.cer
      
      keytool -import -trustcacerts -alias server3 -file server3.cer -keystore truststore.jks
      

      Wait ~10 minutes and ensure the containers are now using SSL by using container-info command

      the logs in these 3 ensemble servers indicated:

      2016-06-01 15:27:07,794 | WARN  | pool-22-thread-1 | DefaultPullPushPolicy            | 140 - io.fabric8.fabric-git - 1.2.0.redhat-621090 | Pull failed because of: org.eclipse.jgit.api.errors.TransportException: https://10.66.218.175:8443/git/fabric/: cannot open git-upload-pack
      2016-06-01 15:27:07,794 | DEBUG | tp1923621252-258 | SslSocketConnector               | 86 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.18.v20150929 | 
      javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_77]
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)[:1.8.0_77]
      	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)[:1.8.0_77]
      	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)[:1.8.0_77]
      	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)[:1.8.0_77]
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)[:1.8.0_77]
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)[:1.8.0_77]
      	at org.eclipse.jetty.server.ssl.SslSocketConnector$SslConnectorEndPoint.run(SslSocketConnector.java:665)[86:org.eclipse.jetty.aggregate.jetty-all-server:8.1.18.v20150929]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[86:org.eclipse.jetty.aggregate.jetty-all-server:8.1.18.v20150929]
      	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[86:org.eclipse.jetty.aggregate.jetty-all-server:8.1.18.v20150929]
      	at java.lang.Thread.run(Thread.java:745)[:1.8.0_77]
      

      Now try to add a 4th machine to simulate scaling up....
      Machine4: Start root container & have it Join Fabric (using fabric:join)
      Machine join but fails to ever reach 'success' provision status. After minutes the log started showing NullPointExceptions.

      15:54:30,205 | WARN  | admin-1-thread-1 | FabricConfigAdminBridge          | 141 - io.fabric8.fabric-configadmin - 1.2.0.redhat-621090 | Exception when tracking configurations. This exception will be ignored.
      java.lang.NullPointerException
      	at io.fabric8.internal.ContainerImpl.getContainerProfile(ContainerImpl.java:764)[138:io.fabric8.fabric-core:1.2.0.redhat-621090]
      	at io.fabric8.internal.ContainerImpl.getOverlayProfile(ContainerImpl.java:306)[138:io.fabric8.fabric-core:1.2.0.redhat-621090]
      	at io.fabric8.configadmin.FabricConfigAdminBridge.updateInternal(FabricConfigAdminBridge.java:125)[141:io.fabric8.fabric-configadmin:1.2.0.redhat-621090]
      	at io.fabric8.configadmin.FabricConfigAdminBridge.access$000(FabricConfigAdminBridge.java:51)[141:io.fabric8.fabric-configadmin:1.2.0.redhat-621090]
      	at io.fabric8.configadmin.FabricConfigAdminBridge$1.run(FabricConfigAdminBridge.java:105)[141:io.fabric8.fabric-configadmin:1.2.0.redhat-621090]
      	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_77]
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_77]
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_77]
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_77]
      	at java.lang.Thread.run(Thread.java:745)[:1.8.0_77]
      
      Show
      Here are my steps: Machine 1: Create root container and then fabric using fabric:create Machine 2: Start root container & have it Join Fabric (using fabric:join) Machine 3: Start root container & have it Join Fabric (using fabric:join) Add Machine 2 & 3 to ensemble (using ensemble-add) Deploy "secure" profile as described in https://issues.jboss.org/browse/ENTESB-5097 to enable SSL on the management console For each server, generate key and adding its public key to the truststore. put the keystore and truststore to the same directory /home/daniel/apps/jboss-fuse-6.2.1.redhat-090-manualip/etc/identity.jks. keytool -genkey -v -alias server3 -keypass password -keystore server3.keystore -storepass password -keyalg RSA -keysize 2048 -dname "CN=mydomain.com, OU=organization_unit, O=organisation, ST=State, C=IN" -validity 365 keytool -selfcert -export -v -alias server3 -keypass password -keystore server3.keystore -storepass password -file server3.cer keytool - import -trustcacerts -alias server3 -file server3.cer -keystore truststore.jks Wait ~10 minutes and ensure the containers are now using SSL by using container-info command the logs in these 3 ensemble servers indicated: 2016-06-01 15:27:07,794 | WARN | pool-22-thread-1 | DefaultPullPushPolicy | 140 - io.fabric8.fabric-git - 1.2.0.redhat-621090 | Pull failed because of: org.eclipse.jgit.api.errors.TransportException: https: //10.66.218.175:8443/git/fabric/: cannot open git-upload-pack 2016-06-01 15:27:07,794 | DEBUG | tp1923621252-258 | SslSocketConnector | 86 - org.eclipse.jetty.aggregate.jetty-all-server - 8.1.18.v20150929 | javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.8.0_77] at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)[:1.8.0_77] at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)[:1.8.0_77] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)[:1.8.0_77] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)[:1.8.0_77] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)[:1.8.0_77] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)[:1.8.0_77] at org.eclipse.jetty.server.ssl.SslSocketConnector$SslConnectorEndPoint.run(SslSocketConnector.java:665)[86:org.eclipse.jetty.aggregate.jetty-all-server:8.1.18.v20150929] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[86:org.eclipse.jetty.aggregate.jetty-all-server:8.1.18.v20150929] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[86:org.eclipse.jetty.aggregate.jetty-all-server:8.1.18.v20150929] at java.lang. Thread .run( Thread .java:745)[:1.8.0_77] Now try to add a 4th machine to simulate scaling up.... Machine4: Start root container & have it Join Fabric (using fabric:join) Machine join but fails to ever reach 'success' provision status. After minutes the log started showing NullPointExceptions. 15:54:30,205 | WARN | admin-1-thread-1 | FabricConfigAdminBridge | 141 - io.fabric8.fabric-configadmin - 1.2.0.redhat-621090 | Exception when tracking configurations. This exception will be ignored. java.lang.NullPointerException at io.fabric8.internal.ContainerImpl.getContainerProfile(ContainerImpl.java:764)[138:io.fabric8.fabric-core:1.2.0.redhat-621090] at io.fabric8.internal.ContainerImpl.getOverlayProfile(ContainerImpl.java:306)[138:io.fabric8.fabric-core:1.2.0.redhat-621090] at io.fabric8.configadmin.FabricConfigAdminBridge.updateInternal(FabricConfigAdminBridge.java:125)[141:io.fabric8.fabric-configadmin:1.2.0.redhat-621090] at io.fabric8.configadmin.FabricConfigAdminBridge.access$000(FabricConfigAdminBridge.java:51)[141:io.fabric8.fabric-configadmin:1.2.0.redhat-621090] at io.fabric8.configadmin.FabricConfigAdminBridge$1.run(FabricConfigAdminBridge.java:105)[141:io.fabric8.fabric-configadmin:1.2.0.redhat-621090] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)[:1.8.0_77] at java.util.concurrent.FutureTask.run(FutureTask.java:266)[:1.8.0_77] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)[:1.8.0_77] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)[:1.8.0_77] at java.lang. Thread .run( Thread .java:745)[:1.8.0_77]

      After securing my fabric, I can not add root or child containers.

        1. out-ca-certs-restart
          225 kB
        2. out-ca-cacerts
          157 kB
        3. jetty.xml
          3 kB

              ggrzybek Grzegorz Grzybek
              rhn-support-xiwu Xiaohui Wu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: