Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-8505

AMQ 7 on Openshift JAAS config: Status out of sync - missing status entry for keys

XMLWordPrintable

    • False
    • None
    • False

      If a broker defines a custom jaas config:

      ---
      apiVersion: broker.amq.io/v1beta1
      kind: ActiveMQArtemis
      metadata:
        name: example
      spec:
        deploymentPlan:
          extraMounts:
            secrets:
              - custom-jaas-config
          size: 1
      

      and a login.config contains multiple realms, the following is observed for the ActiveMQArtemis kind:

      Message:               Status out of sync - missing status entry for keys: [new-roles.properties new-users.properties]
          Reason:                OutOfSync
          Status:                Unknown
          Type:                  JaasPropertiesApplied
      

      Example login.config:

      myrealm {
         org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
            reload=true
            org.apache.activemq.jaas.properties.user="new-users.properties"
            org.apache.activemq.jaas.properties.role="new-roles.properties";
      };
      
      activemq {
      
         org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
            reload=false
            org.apache.activemq.jaas.properties.user="artemis-users.properties"
            org.apache.activemq.jaas.properties.role="artemis-roles.properties"
            baseDir="/home/jboss/amq-broker/etc";
      };
      

      (note the issue occurs with our without the presence of a baseDir in the first login module). Finally, this issue can also be observed if a baseDir is specified in the following configuration:

      activemq {
      
         org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
            reload=true
            org.apache.activemq.jaas.properties.user="new-users.properties"
            org.apache.activemq.jaas.properties.role="new-roles.properties"
            baseDir="/amq/extra/secrets/demo-jaas-config";
      
         org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
            reload=false
            org.apache.activemq.jaas.properties.user="artemis-users.properties"
            org.apache.activemq.jaas.properties.role="artemis-roles.properties"
            baseDir="/home/jboss/amq-broker/etc";
      };
      

      The operator reports:

      Status out of sync - missing status entry for keys: [new-roles.properties new-users.properties]	{"ActiveMQArtemis Name": "example", "status": {"configuration":{"properties":{"broker.properties":{"alder32":"1","reloadTime":"","errors":null},"system-brokerconfig.":{"alder32":"1","reloadTime":"","errors":null}}},"server":{"jaas":{"properties":{"artemis-roles.properties":{"alder32":"673187181","reloadTime":"1697230665795","errors":null},"artemis-users.properties":{"alder32":"1456878048","reloadTime":"1697230665795","errors":null}}}}}, "tracked": {"Name":"custom-jaas-config","ResourceVersion":"118551","Generation":0,"Files":{"login.config":{"Alder32":"678151227"},"new-roles.properties":{"Alder32":"524682476"},"new-users.properties":{"Alder32":"640943452"}},"Ordinals":null}}
      

              gtully@redhat.com Gary Tully
              rhn-support-shiggs Stephen Higgs
              Mikhail Krutov Mikhail Krutov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: