Uploaded image for project: 'WildFly WIP'
  1. WildFly WIP
  2. WFWIP-461

[7.4.5 preview images] - Required HTTPS_KEYSTORE_TYPE won't let secured route to be configured

    XMLWordPrintable

Details

    Description

      Following the product docs [1], we are configuring SSL with env variables HTTPS_NAME, HTTPS_KEYSTORE and HTTPS_PASSWORD as documented in [2] to deploy an EAP secured application - actually the RH-SSO quickstarts, i.e. based on the eap74-https-s2i template and latest JDK 17 based images [3].

      The server starts with a WARN about partial HTTPS configuration and unavailability:

      ...
2022-05-23 07:55:57 Launching EAP Server
INFO Configuring JGroups cluster traffic encryption protocol to SYM_ENCRYPT.
INFO Configuring JGroups discovery protocol to dns.DNS_PING
INFO Using Elytron for SSL configuration.
WARN Partial HTTPS configuration, the https connector WILL NOT be configured. Missing: HTTPS_KEYSTORE_TYPE
INFO Access log is disabled, ignoring configuration.
WARN Configuration of an embedded messaging broker within the appserver is enabled but is not recommended. Support for such a configuration will be removed in a future release.
WARN If you are not configuring messaging destinations, to disable configuring an embedded messaging broker set the DISABLE_EMBEDDED_JMS_BROKER environment variable to true.
INFO Server started in admin mode, CLI script executed during server boot.
INFO Running jboss-eap-7-tech-preview/eap74-openjdk17-runtime-openshift-rhel8 image, version 7.4.5
...

      Setting this issue to Blocker since it is breaking backward compatibility.

      BTW - although the initial WARN is disappearing when setting HTTPS_KEYSTORE_TYPE=PKCS12, the deployment would fail anyway, complaining about missing KEYCLOAK authentication mechanism. This has been reported as WFWIP-462

      [1]
      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/getting_started_with_jboss_eap_for_openshift_container_platform/build_run_java_app_s2i#doc-wrapper

      [2]
      https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/getting_started_with_jboss_eap_for_openshift_container_platform/index#https_env_variables

      [3]
      https://issues.redhat.com/browse/EAP7-1780?focusedCommentId=20306516&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-20306516

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. WFLY-15622 WARN Partial HTTPS configuration, the https connector WILL NOT be configured. Missing: HTTPS_KEYSTORE_TYPE

          • Critical - To be worked on immediately following BLOCKER issues.
          • Resolved
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-24017 [7.4.* JDK 17 images] - Missing required KEYCLOAK mechanism

          • Critical - To be worked on immediately following BLOCKER issues.
          • Pull Request Sent

          Activity

            People

              jdenise@redhat.com Jean Francois Denise
              fburzigo Fabio Burzigotti
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: