Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-5480

Cannot set 'console.sslEnabled: true' when creating or upgrading broker definition

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Done
    • AMQ 7.8.2.GA
    • None
    • broker-core, operator
    • None
    • Hide
      • Install Operator 7.8.2 using CLI

      You can reproduce it two ways from here

      1. Creating the instance without the attribute and upgrading

      • Create a ActivemqArtemis instance, with the yaml below
      • Once created successfully, add the attribute
        spec:
        console:
        sslEnabled: true

      2. Creating the instance with the attribute

      • Add the attribute to yaml below
        spec:
        console:
        sslEnabled: true
      • Try creating the instance

      activemqartemis yaml
      ---------------------------------
      apiVersion: broker.amq.io/v2alpha4
      kind: ActiveMQArtemis
      metadata:
      name: amq7-critical-dev-aao
      namespace: amq7-critical-dev
      spec:
      acceptors:

      • anycastPrefix: queue://
        connectionsAllowed: 2000
        enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        enabledProtocols: TLSv1.2
        expose: true
        multicastPrefix: topic://
        name: amqp
        port: 61616
        protocols: amqp,core,openwire
        sslProvider: JDK
        adminPassword: GZHcqz0KtAH6Fzjz8lmkNNnpEF8q1G0
        adminUser: EeCFJJgvojWVAF2g1cvLOQxnpGeRPM
        connectors:
      • enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        enabledProtocols: TLSv1.2
        host: localhost
        name: connector0
        port: 22222
        sslProvider: JDK
        console:
        expose: true
        deploymentPlan:
        image: registry.redhat.io/amq7/amq-broker:7.8
        journalType: nio
        messageMigration: true
        persistenceEnabled: true
        size: 1
        upgrades:
        enabled: true
        minor: true
        version: 7.8.2
      Show
      Install Operator 7.8.2 using CLI You can reproduce it two ways from here 1. Creating the instance without the attribute and upgrading Create a ActivemqArtemis instance, with the yaml below Once created successfully, add the attribute spec: console: sslEnabled: true 2. Creating the instance with the attribute Add the attribute to yaml below spec: console: sslEnabled: true Try creating the instance activemqartemis yaml --------------------------------- apiVersion: broker.amq.io/v2alpha4 kind: ActiveMQArtemis metadata: name: amq7-critical-dev-aao namespace: amq7-critical-dev spec: acceptors: anycastPrefix: queue:// connectionsAllowed: 2000 enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 enabledProtocols: TLSv1.2 expose: true multicastPrefix: topic:// name: amqp port: 61616 protocols: amqp,core,openwire sslProvider: JDK adminPassword: GZHcqz0KtAH6Fzjz8lmkNNnpEF8q1G0 adminUser: EeCFJJgvojWVAF2g1cvLOQxnpGeRPM connectors: enabledCipherSuites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 enabledProtocols: TLSv1.2 host: localhost name: connector0 port: 22222 sslProvider: JDK console: expose: true deploymentPlan: image: registry.redhat.io/amq7/amq-broker:7.8 journalType: nio messageMigration: true persistenceEnabled: true size: 1 upgrades: enabled: true minor: true version: 7.8.2
    • Hide

      No identified workaround, but customer would like to know if there is one, as he cannot create broker from scratch

      Show
      No identified workaround, but customer would like to know if there is one, as he cannot create broker from scratch

    Description

      I cannot use the field 'console.sslEnabled' on true when creating or upgrading the Artemis instance on YAML definition, because I get some exceptions: (below)

      Some notes:

      Exception:
      --------------
      java.lang.IllegalStateException: /etc/[broker-instance]-console-secret-volume/broker.ks is not a valid keystore
      at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:50)
      at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1197)
      at org.eclipse.jetty.util.ssl.SslContextFactory.load(SslContextFactory.java:321)
      at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:243)
      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
      at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
      at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
      at org.eclipse.jetty.server.SslConnectionFactory.doStart(SslConnectionFactory.java:97)
      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
      at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
      at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
      at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:321)
      at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:81)
      at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:234)
      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
      at org.eclipse.jetty.server.Server.doStart(Server.java:401)
      at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
      at org.apache.activemq.artemis.component.WebServerComponent.start(WebServerComponent.java:263)
      at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.addExternalComponent(ActiveMQServerImpl.java:913)
      at org.apache.activemq.artemis.cli.commands.Run.execute(Run.java:126)
      at org.apache.activemq.artemis.cli.Artemis.internalExecute(Artemis.java:153)
      at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:101)
      at org.apache.activemq.artemis.cli.Artemis.execute(Artemis.java:128)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.apache.activemq.artemis.boot.Artemis.execute(Artemis.java:134)
      at org.apache.activemq.artemis.boot.Artemis.main(Artemis.java:50)

      Attachments

        1. broker_cert.pem
          0.9 kB
        2. broker.ks
          2 kB
        3. client.ts
          0.9 kB

        Issue Links

          Activity

            People

              gaohoward Howard Gao
              rhn-support-anarvaez Alfredo Narvaez
              Mikhail Krutov Mikhail Krutov
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: