Bug 1013010

Summary: Seeding SRAMP fails if SSL enabled in post process installation
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Pavol Srna <psrna>
Component: InstallerAssignee: Thomas Hauser <thauser>
Status: CLOSED CURRENTRELEASE QA Contact: Stefan Bunciak <sbunciak>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: fcanas, jsedlace, psrna, soa-p-jira
Target Milestone: ER7   
Target Release: 6.0.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
screenshot none

Description Pavol Srna 2013-09-27 15:07:29 UTC 
Description of problem:

Please see screenshot attached.




How reproducible:


Steps to Reproduce:
1. leave all defaults
2. enable SSL in post processing configuration and fill in necessary fields for keystore 
3. hit on next .. (it fails on the processing page)
Comment 1 Pavol Srna 2013-09-27 15:08:01 UTC 
Created attachment 803999 [details]
screenshot
Comment 3 Francisco Canas 2013-09-27 19:22:06 UTC 
We are unable to reproduce this issue with either ER3 or latest dev jars.
Can you give us a few more details?
Are you using a valid keystore file, and is it brand new? 
Which exact installer version are you using currently?
JDK version and OS?

thanks.
Comment 4 Pavol Srna 2013-09-30 08:54:34 UTC 
I used a self signed certificate.

Here are my steps:

A) Creating the keystore and private key:

a1) `keytool -genkey -alias jboss -keypass pass123 -keyalg RSA -keystore server.keystore` ... server.keystore is generated.

a2) `keytool -list -keystore server.keystore` ... You should see the PrivateKeyEntry named jboss in the listing.



B) Generating and storing the certificate.

b1) `keytool -export -alias jboss -keypass pass123 -file server.crt -keystore server.keystore`  ... server.crt is generated.

b2) `keytool -import -alias jbosscert -keypass pass123 -file server.crt -keystore server.keystore` ... You receive a warning that it already exists in the keystore.  Ignore it.  It is because Java expects separate keystore and trustore files and we are using only one.

b3) `keytool -list -keystore server.keystore` ... You should see a TrustedCertEntry named jbosscert in the listing.


Then I used the generated keystore file in the installer.

I used ER3 installer (jboss-eap-6.0.0.fsw.ci-installer.jar) 
uname -a: 

Linux psrna-ThinkPad-T430s 3.5.0-40-generic #62~precise1-Ubuntu SMP Fri Aug 23 17:59:10 UTC 2013 i686 i686 i386 GNU/Linux

java:  

java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) Server VM (build 24.0-b56, mixed mode)


When I uncheck the s-ramp pack in the installer and install only FSW then there is no exception/error dialog during installation.
Comment 5 Thomas Hauser 2013-09-30 17:59:21 UTC 
Reproduced. The issue is not that the SRAMP repo seeding fails, but that the job that tries to shutdown the server fails due to missing classes relating to the SSL configuration.
Comment 6 Thomas Hauser 2013-09-30 18:02:56 UTC 
I was able to fix this issue (somewhat) by including the jboss-sasl classes in the installer. However, there is a prompt displayed to the user: 
Accept certificate? [N]o, [T]emporarily, [P]ermenantly : T

The installer will hang until an answer is given. It will fail if the "No" answer is given. I will look into automating this selection, at least there is no big CNFE being spit at the user now.
Comment 7 Thomas Hauser 2013-10-21 15:32:57 UTC 
A complete fix for this issue will be in post beta builds. The prompt will not be displayed to the user at all anymore.
Comment 8 Pavol Srna 2013-12-13 13:20:32 UTC 
Verified in ER7.