Loading...

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: RH-SSO-7.5.1
Affects Version/s: RH-SSO-7.5.0
Component/s: Container, RH-SSO
Labels:
- rh-sso-release-candidate

Steps to Reproduce:
Hide

How Reproducible:
Always

Steps To Reproduce:
Attempt to running the Red Hat Single Sign-On for OpenShift image in offline mode:

$ docker pull registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:7.5-6

$ hostname -i | cat -A ::1 127.0.0.1$

$ docker run --network none -it registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:7.5-6 WARN No password defined for JGroups cluster. AUTH protocol will be disabled. Please define JGROUPS_CLUSTER_PASSWORD. WARN Environment variable OPENSHIFT_KUBE_PING_NAMESPACE undefined. Clustering will be unavailable. Please refer to the documentation for configuration. INFO Configuring JGroups discovery protocol to kubernetes.KUBE_PING INFO Using PicketBox SSL configuration. INFO Configuring JGroups cluster traffic encryption protocol to SYM_ENCRYPT. WARN Detected missing JGroups encryption configuration, the communication within the cluster WILL NOT be encrypted. INFO Access log is disabled, ignoring configuration. INFO Running rh-sso-7/sso75-openshift-rhel8 image, version 7.5 ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /opt/eap JAVA: /usr/lib/jvm/java-11/bin/java JAVA_OPTS: -javaagent:"/opt/eap/jboss-modules.jar" -server -Xlog:gc*:file="/opt/eap/standalone/log/gc.log":time,uptimemillis:filecount=5,filesize=3M -Xms1303m -Xmx1303m -XX:MetaspaceSize=96m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=jdk.nashorn.api,com.sun.crypto.provider -Djava.awt.headless=true -XX:+UseParallelOldGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Djboss.modules.settings.xml.url=file:///opt/jboss/container/wildfly/s2i/galleon/settings.xml --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED ========================================================================= 11:39:55,999 INFO [org.jboss.modules] (main) JBoss Modules version 1.11.0.Final-redhat-00001 WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.jolokia.util.ClassUtil (jar:file:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar!/) to constructor sun.security.x509.X500Name(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String) WARNING: Please consider reporting this to the maintainers of org.jolokia.util.ClassUtil WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release WFLYSRV0073: Invalid option '::1' Usage: standalone.sh [args...] where args include: --admin-only Set the server's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --start-mode. Deprecated; use --start-mode=admin-only instead. -b <value>, -b=<value> Set system property jboss.bind.address to the given value -b<interface>=<value> Set system property jboss.bind.address.<interface> to the given value -c <config>, -c=<config> Name of the server configuration file to use (default is "standalone.xml") (Same as --server-config) --debug [<port>] Activate debug mode with an optional argument to specify the port. Only works if the launch script supports it. -D<name>[=<value>] Set a system property -h, --help Display this message and exit --read-only-server-config=<config> Name of the server configuration file to use. This differs from '--server-config' and '-c' in that the original file is never overwritten. -P <url>, -P=<url>, Load system properties from the given --properties=<url> url -S<name>[=<value>] Set a security property --server-config=<config> Name of the server configuration file to use (default is "standalone.xml") (Same as -c) -u <value>, -u=<value> Set system property jboss.default.multicast.address to the given value -v, -V, --version Print version and exit -secmgr Runs the server with a security manager installed. --start-mode Sets the start mode of the server, it can be either 'normal','admin-only' or 'suspend'. If this is 'suspend' the server will start in suspended mode, and will not service requests until it has been resumed. If this is started in admin-only mode the server will only open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --admin-only. --graceful-startup=<value> Start the server gracefully, queuing or cleanly rejecting requests until the server is fully started --git-repo <repo_url>, The git repository to clone to get the --git-repo=<repo_url> server configuration. --git-branch <branch>, The git branch to use to get the server --git-branch=<branch> configuration. Default is 'master' --git-auth <auth_config>, The elytron configuration file for --git-auth=<auth_config> managing git credentials. Default is 'null' 11:39:56,441 FATAL [org.jboss.as.server] (main) WFLYSRV0239: Aborting with exit code 1

Current Result:
On dualstack host the standalone.sh script reports WFLYSRV0073: Invalid option '::1' errors & refuses to start the container.

Expected Result:
Container is started properly also on dualstack host.
Show
How Reproducible: Always Steps To Reproduce: Attempt to running the Red Hat Single Sign-On for OpenShift image in offline mode: $ docker pull registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:7.5-6 $ hostname -i | cat -A ::1 127.0.0.1$ $ docker run --network none -it registry.redhat.io/rh-sso-7/sso75-openshift-rhel8:7.5-6 WARN No password defined for JGroups cluster. AUTH protocol will be disabled. Please define JGROUPS_CLUSTER_PASSWORD. WARN Environment variable OPENSHIFT_KUBE_PING_NAMESPACE undefined. Clustering will be unavailable. Please refer to the documentation for configuration. INFO Configuring JGroups discovery protocol to kubernetes.KUBE_PING INFO Using PicketBox SSL configuration. INFO Configuring JGroups cluster traffic encryption protocol to SYM_ENCRYPT. WARN Detected missing JGroups encryption configuration, the communication within the cluster WILL NOT be encrypted. INFO Access log is disabled, ignoring configuration. INFO Running rh-sso-7/sso75-openshift-rhel8 image, version 7.5 ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /opt/eap JAVA: /usr/lib/jvm/java-11/bin/java JAVA_OPTS: -javaagent:"/opt/eap/jboss-modules.jar" -server -Xlog:gc*:file="/opt/eap/standalone/log/gc.log":time,uptimemillis:filecount=5,filesize=3M -Xms1303m -Xmx1303m -XX:MetaspaceSize=96m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=jdk.nashorn.api,com.sun.crypto.provider -Djava.awt.headless=true -XX:+UseParallelOldGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/./urandom -Djboss.modules.settings.xml.url=file:///opt/jboss/container/wildfly/s2i/galleon/settings.xml --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED ========================================================================= 11:39:55,999 INFO [org.jboss.modules] (main) JBoss Modules version 1.11.0.Final-redhat-00001 WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.jolokia.util.ClassUtil (jar:file:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar!/) to constructor sun.security.x509.X500Name(java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String) WARNING: Please consider reporting this to the maintainers of org.jolokia.util.ClassUtil WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release WFLYSRV0073: Invalid option '::1' Usage: standalone.sh [args...] where args include: --admin-only Set the server's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --start-mode. Deprecated; use --start-mode=admin-only instead. -b <value>, -b=<value> Set system property jboss.bind.address to the given value -b<interface>=<value> Set system property jboss.bind.address.<interface> to the given value -c <config>, -c=<config> Name of the server configuration file to use (default is "standalone.xml") (Same as --server-config) --debug [<port>] Activate debug mode with an optional argument to specify the port. Only works if the launch script supports it. -D<name>[=<value>] Set a system property -h, --help Display this message and exit --read-only-server-config=<config> Name of the server configuration file to use. This differs from '--server-config' and '-c' in that the original file is never overwritten. -P <url>, -P=<url>, Load system properties from the given --properties=<url> url -S<name>[=<value>] Set a security property --server-config=<config> Name of the server configuration file to use (default is "standalone.xml") (Same as -c) -u <value>, -u=<value> Set system property jboss.default.multicast.address to the given value -v, -V, --version Print version and exit -secmgr Runs the server with a security manager installed. --start-mode Sets the start mode of the server, it can be either 'normal','admin-only' or 'suspend'. If this is 'suspend' the server will start in suspended mode, and will not service requests until it has been resumed. If this is started in admin-only mode the server will only open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --admin-only. --graceful-startup=<value> Start the server gracefully, queuing or cleanly rejecting requests until the server is fully started --git-repo <repo_url>, The git repository to clone to get the --git-repo=<repo_url> server configuration. --git-branch <branch>, The git branch to use to get the server --git-branch=<branch> configuration. Default is 'master' --git-auth <auth_config>, The elytron configuration file for --git-auth=<auth_config> managing git credentials. Default is 'null' 11:39:56,441 FATAL [org.jboss.as.server] (main) WFLYSRV0239: Aborting with exit code 1 Current Result: On dualstack host the standalone.sh script reports WFLYSRV0073: Invalid option '::1' errors & refuses to start the container. Expected Result: Container is started properly also on dualstack host.
Git Pull Request:
https://github.com/jboss-container-images/redhat-sso-7-openshift-image/pull/206
Docs QE Status:
NEW
QE Status:
NEW

Description

Deploying sso via argocd operator on a dual-stack Openshift cluster fails because IP_ADDR contains both IPs (ipv6 and ipv4). The content of $IP_ADDR is directly used to create the starting parms for -bIPV6<space>IPV6. Something not accepted by standalone.sh

++ eval configure
+++ configure
+++ configure_ha
++++ hostname -i
+++ IP_ADDR='fd02:0:0:6::88 10.129.2.136'
+++ JBOSS_HA_ARGS='-b fd02:0:0:6::88 10.129.2.136 -bprivate fd02:0:0:6::88 10.129.2.136'

Which then gives:

JBOSS_HA_ARGS='-b fd02:0:0:6::88 10.129.2.136 -bprivate fd02:0:0:6::88 10.129.2.136 -Djboss.node.name=keycloak-3-btxz6'

Attachments

Activity

context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]

current Project key: KEYCLOAK

Deploy on dual-stack ocp4.8 fails

Details

Description

Attachments

Activity

Public project attachment banner

People

Dates