Loading...

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: AMQ 7.8.2.GA
Component/s: broker-core, operator
Labels:
None

Blocked:
False
Ready:
False
Workaround Description:

Hide

No identified workaround, but customer would like to know if there is one, as he cannot create broker from scratch

Show
No identified workaround, but customer would like to know if there is one, as he cannot create broker from scratch
Steps to Reproduce:
Hide

Install Operator 7.8.2 using CLI

You can reproduce it two ways from here

1. Creating the instance without the attribute and upgrading

Create a ActivemqArtemis instance, with the yaml below

Once created successfully, add the attribute
spec:
console:
sslEnabled: true

2. Creating the instance with the attribute

Add the attribute to yaml below
spec:
console:
sslEnabled: true

Try creating the instance

activemqartemis yaml
---------------------------------
apiVersion: broker.amq.io/v2alpha4
kind: ActiveMQArtemis
metadata:
name: amq7-critical-dev-aao
namespace: amq7-critical-dev
spec:
acceptors:

anycastPrefix: queue://
connectionsAllowed: 2000
enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
enabledProtocols: TLSv1.2
expose: true
multicastPrefix: topic://
name: amqp
port: 61616
protocols: amqp,core,openwire
sslProvider: JDK
adminPassword: GZHcqz0KtAH6Fzjz8lmkNNnpEF8q1G0
adminUser: EeCFJJgvojWVAF2g1cvLOQxnpGeRPM
connectors:

enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
enabledProtocols: TLSv1.2
host: localhost
name: connector0
port: 22222
sslProvider: JDK
console:
expose: true
deploymentPlan:
image: registry.redhat.io/amq7/amq-broker:7.8
journalType: nio
messageMigration: true
persistenceEnabled: true
size: 1
upgrades:
enabled: true
minor: true
version: 7.8.2
Show
Install Operator 7.8.2 using CLI You can reproduce it two ways from here 1. Creating the instance without the attribute and upgrading Create a ActivemqArtemis instance, with the yaml below Once created successfully, add the attribute spec: console: sslEnabled: true 2. Creating the instance with the attribute Add the attribute to yaml below spec: console: sslEnabled: true Try creating the instance activemqartemis yaml --------------------------------- apiVersion: broker.amq.io/v2alpha4 kind: ActiveMQArtemis metadata: name: amq7-critical-dev-aao namespace: amq7-critical-dev spec: acceptors: anycastPrefix: queue:// connectionsAllowed: 2000 enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 enabledProtocols: TLSv1.2 expose: true multicastPrefix: topic:// name: amqp port: 61616 protocols: amqp,core,openwire sslProvider: JDK adminPassword: GZHcqz0KtAH6Fzjz8lmkNNnpEF8q1G0 adminUser: EeCFJJgvojWVAF2g1cvLOQxnpGeRPM connectors: enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 enabledProtocols: TLSv1.2 host: localhost name: connector0 port: 22222 sslProvider: JDK console: expose: true deploymentPlan: image: registry.redhat.io/amq7/amq-broker:7.8 journalType: nio messageMigration: true persistenceEnabled: true size: 1 upgrades: enabled: true minor: true version: 7.8.2

SFDC Cases Counter:
SFDC Cases Links:

Description

I cannot use the field 'console.sslEnabled' on true when creating or upgrading the Artemis instance on YAML definition, because I get some exceptions: (below)

Some notes:

[broker-instance] is the ActivemqArtemis CRD instance name
the secret name : [broker-instance]-console-secret is created, I can list this on the project
Also tried setting console.sslSecret: [broker-instance]-console-secret and does not work
Following documentation from: https://access.redhat.com/documentation/en-us/red_hat_amq/2020.q4/html/deploying_amq_broker_on_openshift/reference-broker-ocp-broker-ocp#ref_br-custom-resource-definition-config-reference_broker-ocp

Exception:
--------------
java.lang.IllegalStateException: /etc/[broker-instance]-console-secret-volume/broker.ks is not a valid keystore
at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:50)
at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1197)
at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:321)
at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:243)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.eclipse.jetty.server.Server.doStart(Server.java:401)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
at org.apache.activemq.artemis.component.WebServerComponent.start(WebServerComponent.java:263)
at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.addExternalComponent(ActiveMQServerImpl.java:913)
at org.apache.activemq.artemis.cli.commands.Run.execute(Run.java:126)
at org.apache.activemq.artemis.cli.Artemis.internalExecute(Artemis.java:153)
at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:101)
at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:128)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.activemq.artemis.boot.Artemis.execute(Artemis.java:134)
at org.apache.activemq.artemis.boot.Artemis.main(Artemis.java:50)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

broker_cert.pem
0.9 kB
2021/10/25 9:13 PM
broker.ks
2 kB
2021/10/25 9:13 PM
client.ts
0.9 kB
2021/10/25 9:13 PM

Issue Links

relates to

ENTMQBR-5689 Operator cannot handle patching console to ssl Enabled

Closed

ENTMQBR-5690 Operator stuck in CrashLoopBackOff state blocking further reconcile

Closed

Cannot set 'console.sslEnabled: true' when creating or upgrading broker definition

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates