Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-2712

[OSE] [6.2] mq-create doesn't reuse existing keystore.jks

    XMLWordPrintable

Details

    • % %
    • Hide

      1. create mq-profile with mq-create from CLI or web console
      2. assign profile to container
      3. broker fails to start, because of invalid password to keystore

      Show
      1. create mq-profile with mq-create from CLI or web console 2. assign profile to container 3. broker fails to start, because of invalid password to keystore

    Description

      When new messaging profile is generated through mq-create, mq-create service doesn't find already existing keystore in default profile and keeps generating new one. The new keystore and trustore are used before the default one, broker fails to start due to invalid password error.

      mq-service log:

      2015-02-24 05:09:01,010 | WARN  | tp1454723281-140 | SchemaLookup                     | io.hawt.jsonschema.SchemaLookup    95 | 170 - io.hawt.hawtio-json-schema-mbean - 1.5.0.redhat-077 | Failed to find class for io.hawt.jsonschema.internal.customizers.io.fabric8.api.jmx.MQBrokerConfigDTOSchemaCustomizer
2015-02-24 05:09:08,223 | INFO  | tp1454723281-140 | MQServiceImpl                    | io.fabric8.service.MQServiceImpl  125 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | Generating ssl keystore...
2015-02-24 05:09:33,797 | INFO  | tp1454723281-140 | MQServiceImpl                    | io.fabric8.service.MQServiceImpl  143 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | Keystore generated
2015-02-24 05:09:33,802 | INFO  | tp1454723281-140 | MQServiceImpl                    | io.fabric8.service.MQServiceImpl  170 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | Exporting broker certificate to create truststore.jks
2015-02-24 05:09:34,434 | INFO  | output processor | MQServiceImpl                    | .fabric8.service.MQServiceImpl$1  260 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | keytool: Certificate stored in file </var/lib/openshift/54ec3fa96892dfb5e70004d4/fuse/container/data/tmp/14247724743305654336602472710695.tmp>
2015-02-24 05:09:34,438 | INFO  | tp1454723281-140 | MQServiceImpl                    | io.fabric8.service.MQServiceImpl  182 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | Creating truststore.jks
2015-02-24 05:09:35,023 | INFO  | output processor | MQServiceImpl                    | .fabric8.service.MQServiceImpl$1  260 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | keytool: Certificate was added to keystore
2015-02-24 05:09:35,044 | INFO  | tp1454723281-140 | ProfileServiceImpl               | ric8.internal.ProfileServiceImpl  138 | 75 - io.fabric8.fabric-core - 1.2.0.redhat-072 | createProfile: Profile[ver=1.0,id=mq-broker-default.amq,atts={parents=mq-base}]
2015-02-24 05:09:35,860 | INFO  | tp1454723281-140 | DefaultPullPushPolicy            | t.internal.DefaultPullPushPolicy  214 | 77 - io.fabric8.fabric-git - 1.2.0.redhat-072 | Pushing last change to: http://fuse-test.example.com:80/git/fabric/
2015-02-24 05:09:36,108 | INFO  | tp1454723281-156 | FabricGitServlet                 | abric8.git.http.FabricGitServlet   84 | 102 - io.fabric8.fabric-git-server - 1.2.0.redhat-072 | GitHttp service res=HTTP/1.1 200

      Broker log:

      2015-02-24 11:13:46,472 | INFO  | pool-63-thread-1 | ActiveMQServiceFactory           | mq.fabric.ActiveMQServiceFactory  136 | 164 - io.fabric8.mq.mq-fabric - 1.2.0.redhat-072 | Broker amq failed to start.  Will try again in 10 seconds
2015-02-24 11:13:46,473 | ERROR | pool-63-thread-1 | ActiveMQServiceFactory           | Factory$ClusteredConfiguration$1  556 | 164 - io.fabric8.mq.mq-fabric - 1.2.0.redhat-072 | Exception on start: Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in URL [profile:broker.xml]: Cannot create inner bean '(inner bean)#3f72454e' of type [org.apache.activemq.spring.SpringSslContext] while setting bean property 'sslContext'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#3f72454e' defined in URL [profile:broker.xml]: Invocation of init method failed; nested exception is java.io.IOException: Keystore was tampered with, or password was incorrect
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.apache.activemq.xbean.XBeanBrokerService#0' defined in URL [profile:broker.xml]: Cannot create inner bean '(inner bean)#3f72454e' of type [org.apache.activemq.spring.SpringSslContext] while setting bean property 'sslContext'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#3f72454e' defined in URL [profile:broker.xml]: Invocation of init method failed; nested exception is java.io.IOException: Keystore was tampered with, or password was incorrect
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:287)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:129)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1419)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1160)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:290)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:191)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:636)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:934)[182:org.apache.servicemix.bundles.spring-context:3.2.12.RELEASE_1]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)[182:org.apache.servicemix.bundles.spring-context:3.2.12.RELEASE_1]
	at org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)[192:org.apache.xbean.spring:3.18.0]
	at org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)[192:org.apache.xbean.spring:3.18.0]
	at io.fabric8.mq.fabric.ActiveMQServiceFactory$1.<init>(ActiveMQServiceFactory.java:197)[164:io.fabric8.mq.mq-fabric:1.2.0.redhat-072]
	at io.fabric8.mq.fabric.ActiveMQServiceFactory.createBroker(ActiveMQServiceFactory.java:197)[164:io.fabric8.mq.mq-fabric:1.2.0.redhat-072]
	at io.fabric8.mq.fabric.ActiveMQServiceFactory$ClusteredConfiguration.doStart(ActiveMQServiceFactory.java:590)[164:io.fabric8.mq.mq-fabric:1.2.0.redhat-072]
	at io.fabric8.mq.fabric.ActiveMQServiceFactory$ClusteredConfiguration.access$700(ActiveMQServiceFactory.java:413)[164:io.fabric8.mq.mq-fabric:1.2.0.redhat-072]
	at io.fabric8.mq.fabric.ActiveMQServiceFactory$ClusteredConfiguration$1.run(ActiveMQServiceFactory.java:545)[164:io.fabric8.mq.mq-fabric:1.2.0.redhat-072]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)[:1.7.0_75]
	at java.util.concurrent.FutureTask.run(FutureTask.java:262)[:1.7.0_75]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_75]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_75]
	at java.lang.Thread.run(Thread.java:745)[:1.7.0_75]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#3f72454e' defined in URL [profile:broker.xml]: Invocation of init method failed; nested exception is java.io.IOException: Keystore was tampered with, or password was incorrect
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1514)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:276)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	... 24 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)[:1.7.0_75]
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)[:1.7.0_75]
	at java.security.KeyStore.load(KeyStore.java:1214)[:1.7.0_75]
	at org.apache.activemq.spring.SpringSslContext.createKeyManagerKeyStore(SpringSslContext.java:135)[170:org.apache.activemq.activemq-osgi:5.11.0.redhat-620077]
	at org.apache.activemq.spring.SpringSslContext.createKeyManagers(SpringSslContext.java:102)[170:org.apache.activemq.activemq-osgi:5.11.0.redhat-620077]
	at org.apache.activemq.spring.SpringSslContext.afterPropertiesSet(SpringSslContext.java:79)[170:org.apache.activemq.activemq-osgi:5.11.0.redhat-620077]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.7.0_75]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)[:1.7.0_75]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[:1.7.0_75]
	at java.lang.reflect.Method.invoke(Method.java:606)[:1.7.0_75]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1640)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1581)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1511)[181:org.apache.servicemix.bundles.spring-beans:3.2.12.RELEASE_1]
	... 27 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)[:1.7.0_75]
	... 39 more

      I believe this part of ssl-broker.xml#openshift should be changed also

      https://github.com/jboss-fuse/fabric8/blob/1922fec9fa2fce6170a930ae0f03d1f98d6de441/fabric/fabric8-karaf/src/main/resources/distro/fabric/import/fabric/profiles/mq/base.profile/ssl-broker.xml%23openshift#L75-L82

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-2309 mq-base profile ssl-broker.xml#openshift file uses OPENSHIFT_FUSE_AMQ_PORT instead of OPENSHIFT_FUSE_OPENWIRE_PORT

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              hchirino Hiram Chirino
              dsimansk@redhat.com David Simansky
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: