Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-8505

AMQ 7 on Openshift JAAS config: Status out of sync - missing status entry for keys

XMLWordPrintable

    • False
    • None
    • False

      If a broker defines a custom jaas config:

      ---
apiVersion: broker.amq.io/v1beta1
kind: ActiveMQArtemis
metadata:
  name: example
spec:
  deploymentPlan:
    extraMounts:
      secrets:
        - custom-jaas-config
    size: 1

      and a login.config contains multiple realms, the following is observed for the ActiveMQArtemis kind:

      Message:               Status out of sync - missing status entry for keys: [new-roles.properties new-users.properties]
    Reason:                OutOfSync
    Status:                Unknown
    Type:                  JaasPropertiesApplied

      Example login.config:

      myrealm {
   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
      reload=true
      org.apache.activemq.jaas.properties.user="new-users.properties"
      org.apache.activemq.jaas.properties.role="new-roles.properties";
};

activemq {

   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
      reload=false
      org.apache.activemq.jaas.properties.user="artemis-users.properties"
      org.apache.activemq.jaas.properties.role="artemis-roles.properties"
      baseDir="/home/jboss/amq-broker/etc";
};

      (note the issue occurs with our without the presence of a baseDir in the first login module). Finally, this issue can also be observed if a baseDir is specified in the following configuration:

      activemq {

   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
      reload=true
      org.apache.activemq.jaas.properties.user="new-users.properties"
      org.apache.activemq.jaas.properties.role="new-roles.properties"
      baseDir="/amq/extra/secrets/demo-jaas-config";

   org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
      reload=false
      org.apache.activemq.jaas.properties.user="artemis-users.properties"
      org.apache.activemq.jaas.properties.role="artemis-roles.properties"
      baseDir="/home/jboss/amq-broker/etc";
};

      The operator reports:

      Status out of sync - missing status entry for keys: [new-roles.properties new-users.properties]	{"ActiveMQArtemis Name": "example", "status": {"configuration":{"properties":{"broker.properties":{"alder32":"1","reloadTime":"","errors":null},"system-brokerconfig.":{"alder32":"1","reloadTime":"","errors":null}}},"server":{"jaas":{"properties":{"artemis-roles.properties":{"alder32":"673187181","reloadTime":"1697230665795","errors":null},"artemis-users.properties":{"alder32":"1456878048","reloadTime":"1697230665795","errors":null}}}}}, "tracked": {"Name":"custom-jaas-config","ResourceVersion":"118551","Generation":0,"Files":{"login.config":{"Alder32":"678151227"},"new-roles.properties":{"Alder32":"524682476"},"new-users.properties":{"Alder32":"640943452"}},"Ordinals":null}}

        1. reproducer.tar.gz
          0.5 kB

              gtully@redhat.com Gary Tully
              rhn-support-shiggs Stephen Higgs
              Mikhail Krutov Mikhail Krutov
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: