Bug 1302322

Summary: Secure server-agent communication using sslsocket incorrectly requires a truststore password
Product: [JBoss] JBoss Operations Network Reporter: Filip Brychta <fbrychta>
Component: Agent, UsabilityAssignee: Josejulio Martínez <jmartine>
Status: CLOSED ERRATA QA Contact: Filip Brychta <fbrychta>
Severity: medium Docs Contact:
Priority: medium    
Version: JON 3.3.5CC: jmartine, loleary, spinder
Target Milestone: DR01Keywords: EasyFix, Triaged
Target Release: JON 3.3.6   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-27 15:32:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 867148    
Bug Blocks:    

Description Filip Brychta 2016-01-27 13:42:27 UTC 
Description of problem:
When setting up encryption following https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/configuring-ssl.html agent is not able to communicate with server and throws exception which is not very helpful. 

Version-Release number of selected component (if applicable):
JON3.3.5.ER01

How reproducible:
Always

Steps to Reproduce:
1. follow https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/configuring-ssl.html to set up encryption

Actual results:
Agent is not communication with server and throws:
2016-01-27 07:42:39,728 ERROR [RHQ Agent Registration Thread] (enterprise.communications.command.client.ClientCommandSenderTask)- {ClientCommandSenderTask.send-failed}Failed to send command [Command: type=[remotepojo]; cmd-in-response=[false]; config=[{rhq.agent-name=fbr-jon335.bc.jonqe.lab.eng.bos.redhat.com, rhq.externalizable-strategy=AGENT, rhq.send-throttle=true}]; params=[{invocation=NameBasedInvocation[registerAgent], targetInterfaceName=org.rhq.core.clientapi.server.core.CoreServerService}]]. Cause: java.lang.reflect.InvocationTargetException:null -> java.lang.RuntimeException:null -> java.lang.NullPointerException:null. Cause: java.lang.reflect.InvocationTargetException

Expected results:
It should work.

Additional info:
There are 2 options:
a) add missing step to documentation
b) fix usage of default values

Problem is in agent-configuration.xml - to make it work it's necessary to uncomment keystore and truststore properties. This step is missing in documentation. This also means that default values are not used correctly.

This step is not necessary when using sslservlet.

To avoid confusion it should be the same for both sslservlet and sslsocket. Use default values or document that it's necessary to uncomment it in agent-configuration.xml
Comment 1 Larry O'Leary 2016-01-27 18:22:14 UTC 
This issue had been identified in upstream Bug 867148.

The issue is that rhq.agent.client.security.truststore.password becomes a required parameter even though it is not used once you set sslsocket. The result is the agent fails to start unless you add the unused property and provide some meaningless dummy value.

To fix this, the property and its value should only be used if it is defined and not an empty string.
Comment 2 Josejulio Martínez 2016-02-19 16:30:39 UTC 
commit bbb0359b56d9f74e637fa9e1d021b83a5879bb7a
Author: Josejulio Martínez <jmartine>
Date:   Fri Feb 12 13:14:29 2016 -0600

    Bug 1302322 - Secure server-agent communication using sslsocket incorrectly requires a truststore password.
    
    Made ClientSenderSecurityTruststorePassword(client.security.truststore.password) property optional, no longer storing null in the configuration map. This avoids passing a map with nulls to org.jboss.remoting.Client which causes an Exception on it's connect method.
Comment 3 Mike McCune 2016-03-28 22:47:43 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 5 Simeon Pinder 2016-06-18 01:11:34 UTC 
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=499890
Comment 7 errata-xmlrpc 2016-07-27 15:32:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1519.html