Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-27610

java.util.logging.ErrorManager: 1: FileHandler is closed or not yet initialized, unable to log [2024-03-02 00:04:12 [CertStatusUpdateTask] WARNING: CertStatusUpdateTask: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/ca" "read")

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • pki-core
    • None
    • None
    • None
    • rhel-sst-idm-cs
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      We had a report https://github.com/freeipa/freeipa-container/issues/593 for the containerized FreeIPA about log files not getting written to the (containerization specific) locations /data/var/lib/pki/pki-tomcat/logs/ca and /data/var/lib/pki/pki-tomcat/logs/acme after the initial log was written there fine.

      abokovoy@redhat.com mentioned that it might be caused by the Java access manager policies and the /data location being used in the container.

      But he was then able to see the same problem outside of any containerization on Fedora 39 and I was able to reproduce it on RHEL 9.3 as well, with the stock FreeIPA/IdM configuration and paths.

      Please provide the package NVR for which bug is seen:

      idm-pki-base-11.4.2-1.el9.noarch

      How reproducible:

      Deterministic.

      Steps to reproduce

      1. ipa-server-install -U -r EXAMPLE.TEST -n example.test -p Secret123 -a Secret123 --no-ntp
      2. Set time close to midnight: date -s '23:55'
      3. Wait ten minutes: sleep 600
      4. journalctl -l | grep 'access denied'

      Expected results

      No error message.

      Actual results

      Mar 02 00:04:12 machine.example.com server[21658]: java.util.logging.ErrorManager: 1: FileHandler is closed or not yet initialized, unable to log [2024-03-02 00:04:12 [CertStatusUpdateTask] WARNING: CertStatusUpdateTask: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/ca" "read")
Mar 02 00:04:12 machine.example.com server[21658]: java.security.AccessControlException: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/ca" "read")
Mar 02 00:04:13 machine.example.com server[21658]: java.util.logging.ErrorManager: 1: FileHandler is closed or not yet initialized, unable to log [2024-03-02 00:04:13 [pool-1-thread-1] SEVERE: Unable to run maintenance task: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/acme" "read")
Mar 02 00:04:13 machine.example.com server[21658]: java.security.AccessControlException: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/acme" "read")

      The full tracebacks are

      Mar 02 00:04:12 machine.example.com server[21658]: java.util.logging.ErrorManager: 1: FileHandler is closed or not yet initialized, unable to log [2024-03-02 00:04:12 [CertStatusUpdateTask] WARNING: CertStatusUpdateTask: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/ca" "read")
Mar 02 00:04:12 machine.example.com server[21658]: java.security.AccessControlException: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/ca" "read")
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:756)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.io.File.exists(File.java:829)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.io.File.mkdirs(File.java:1403)
Mar 02 00:04:12 machine.example.com server[21658]:         at org.apache.juli.FileHandler.openWriter(FileHandler.java:491)
Mar 02 00:04:12 machine.example.com server[21658]:         at org.apache.juli.FileHandler.publish(FileHandler.java:279)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.logging/java.util.logging.Logger.log(Logger.java:980)
Mar 02 00:04:12 machine.example.com server[21658]:         at org.slf4j.impl.JDK14LoggerAdapter.log(JDK14LoggerAdapter.java:582)
Mar 02 00:04:12 machine.example.com server[21658]:         at org.slf4j.impl.JDK14LoggerAdapter.info(JDK14LoggerAdapter.java:277)
Mar 02 00:04:12 machine.example.com server[21658]:         at com.netscape.cmscore.dbs.CertStatusUpdateTask.updateCertStatus(CertStatusUpdateTask.java:215)
Mar 02 00:04:12 machine.example.com server[21658]:         at com.netscape.cmscore.dbs.CertStatusUpdateTask.run(CertStatusUpdateTask.java:259)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Mar 02 00:04:12 machine.example.com server[21658]:         at java.base/java.lang.Thread.run(Thread.java:840)
Mar 02 00:04:12 machine.example.com server[21658]: ]
Mar 02 00:04:13 machine.example.com server[21658]: java.util.logging.ErrorManager: 1: FileHandler is closed or not yet initialized, unable to log [2024-03-02 00:04:13 [pool-1-thread-1] SEVERE: Unable to run maintenance task: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/acme" "read")
Mar 02 00:04:13 machine.example.com server[21658]: java.security.AccessControlException: access denied ("java.io.FilePermission" "/var/lib/pki/pki-tomcat/logs/acme" "read")
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:756)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.io.File.exists(File.java:829)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.io.File.mkdirs(File.java:1403)
Mar 02 00:04:13 machine.example.com server[21658]:         at org.apache.juli.FileHandler.openWriter(FileHandler.java:491)
Mar 02 00:04:13 machine.example.com server[21658]:         at org.apache.juli.FileHandler.publish(FileHandler.java:279)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.logging/java.util.logging.Logger.log(Logger.java:980)
Mar 02 00:04:13 machine.example.com server[21658]:         at org.slf4j.impl.JDK14LoggerAdapter.log(JDK14LoggerAdapter.java:582)
Mar 02 00:04:13 machine.example.com server[21658]:         at org.slf4j.impl.JDK14LoggerAdapter.info(JDK14LoggerAdapter.java:277)
Mar 02 00:04:13 machine.example.com server[21658]:         at org.dogtagpki.acme.scheduler.ACMEMaintenanceTask.run(ACMEMaintenanceTask.java:22)
Mar 02 00:04:13 machine.example.com server[21658]:         at org.dogtagpki.acme.scheduler.ACMEScheduler$1.run(ACMEScheduler.java:59)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
Mar 02 00:04:13 machine.example.com server[21658]:         at java.base/java.lang.Thread.run(Thread.java:840)
Mar 02 00:04:13 machine.example.com server[21658]: ]

      And there are no "after-midnight" log files in the reported directories.

              Unassigned Unassigned
              rhn-engineering-jpazdziora Jan Pazdziora (Inactive)
              RHCS Maintenance RHCS Maintenance
              IdM CS QE IdM CS QE
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: