Bug 1010111 - Compatibility issue with java-1.7.0-openjdk
Summary: Compatibility issue with java-1.7.0-openjdk
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Subscription Management
Version: 6.0.2
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: Unspecified
Assignee: Jesus M. Rodriguez
QA Contact: sthirugn@redhat.com
URL: http://projects.theforeman.org/issues...
Whiteboard:
: 1061721 1124441 (view as bug list)
Depends On: 1010082 1022017 1028028
Blocks: 1122832
TreeView+ depends on / blocked
 
Reported: 2013-09-20 02:10 UTC by Mike McCune
Modified: 2016-04-22 16:32 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Release Note
Doc Text:
The user should verify that the version of of java greater than java-1.7.0-openjdk-1.7.0.40.
Clone Of: 1010082
Environment:
Last Closed: 2014-09-11 12:25:00 UTC


Attachments (Terms of Use)
clean SAM install no problem with candlepin (281.82 KB, text/plain)
2013-10-10 20:04 UTC, Jesus M. Rodriguez
no flags Details
production log showing error (34.60 KB, text/x-log)
2013-10-14 20:09 UTC, Jesus M. Rodriguez
no flags Details


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 6426 None None None 2016-04-22 16:32:26 UTC

Comment 2 Carter Kozak 2013-10-02 18:15:49 UTC
You appear to be running "java-1.7.0-openjdk-1.7.0.40" which introduced a lower limit on RSA key length, it will not validate any keys under below 1024.  This can be disabled by commenting out 
jdk.certpath.disabledAlgorithms
in
path-to-jre/lib/security/java.security

You could also just remove "RSA keySize < 1024" from that line.

Comment 3 Jesus M. Rodriguez 2013-10-10 20:04:55 UTC
Created attachment 810731 [details]
clean SAM install no problem with candlepin

Comment 4 Jesus M. Rodriguez 2013-10-10 20:08:44 UTC
I did a fresh RHEL 6.4 install. Installed java 1.7.0 jdk, then install SAM. 

# yum install java-1.7.0-openjdk
# yum install -y katello-headpin-all
# katello-configure --deployment=sam --user-pass=admin

Then I ran the following:

# katello-service status
tomcat6 (pid 31854) is running...                          [  OK  ]
httpd (pid  32246) is running...
thumbslug (pid  32018) is running...
elasticsearch (pid  31302) is running...
katello (32199) is running.
katello (32217) is running.
delayed_job is not running.
delayed_job_monitor is not running.

# headpin -u admin -p admin ping
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                               Katello Status

Status Service        Result Duration Message                          
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FAIL   
candlepin      ok     83ms     
candlepin_auth ok     64ms     
elasticsearch  ok     51ms     
katello_jobs   FAIL   katello-jobs service not running 
thumbslug      ok     672ms    

===== END ====

There was no SSL errors. And candlepin responds with no errors as well:

# curl -k https://localhost:8443/candlepin/status/
{"result":true,"version":"0.8.26","rulesVersion":"4.2","release":"1","standalone":true,"timeUTC":"2013-10-10T20:08:13.221+0000","managerCapabilities":["cores","ram","instance_multiplier","derived_product","cert_v3"],"rulesSource":"DEFAULT"}

Comment 5 Jesus M. Rodriguez 2013-10-10 20:09:23 UTC
# rpm -qa | grep openjdk
java-1.7.0-openjdk-1.7.0.25-2.3.10.4.el6_4.x86_64
java-1.6.0-openjdk-1.6.0.0-1.50.1.11.5.el6_3.x86_64

Both JDKs are installed as well.

Comment 6 Jesus M. Rodriguez 2013-10-10 20:36:54 UTC
2013-10-10 16:32:44 (12.1 MB/s) - “java-1.7.0-openjdk-1.7.0.40-2.4.2.1.el6.x86_64.rpm” saved [26921136/26921136]

[root@dhcp137-135 ~]# rpm -Uvh java-1.7.0-openjdk-1.7.0.40-2.4.2.1.el6.x86_64.rpm 
Preparing...                ########################################### [100%]
   1:java-1.7.0-openjdk     ########################################### [100%]
[root@dhcp137-135 ~]# katello-service restart
Shutting down Katello services...
Stopping katello-jobs:                                     [FAILED]
Stopping katello: 
Stopping elasticsearch:                                    [  OK  ]
Stopping thumbslug:                                        [  OK  ]
Stopping httpd:                                            [  OK  ]
Stopping tomcat6:                                          [  OK  ]
Done.
Starting Katello services...
Starting tomcat6:                                          [  OK  ]
Starting httpd:                                            [  OK  ]
Starting thumbslug: Oct 10 15:33:50 [main] WARN  org.candlepin.thumbslug.Main - Shutting down...
                                                           [  OK  ]
Starting elasticsearch:                                    [  OK  ]
Starting katello:                                          [  OK  ]
Starting katello-jobs:                                     [FAILED]
Done.
[root@dhcp137-135 ~]# headpin -u admin -p admin ping
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
                                                                                               Katello Status

Status Service        Result Duration Message                          
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
FAIL   
candlepin      ok     338ms    
candlepin_auth ok     36ms     
elasticsearch  ok     62ms     
katello_jobs   FAIL   katello-jobs service not running 
thumbslug      ok     279ms

Comment 8 Jesus M. Rodriguez 2013-10-14 20:09:09 UTC
Created attachment 812213 [details]
production log showing error

Both candlepin pings show an SSL error. This log include some debug printing I added.

Comment 9 Adrian Likins 2013-10-15 17:02:53 UTC
whats out put of:
    ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'

On client?

Anything interesting show up with tomcat setup to start with "-Djavax.net.debug=ssl" ? ie, add it to JAVA_OPTS in /etc/tomcat6/tomcat6.conf

How is ssl setup in /etc/tomcat6/server.xml? (the Connector config)

Comment 10 Ivan Necas 2013-11-05 08:42:26 UTC
FYI: As a fix for this bug, we're installing java-1.6-0-openjdk as default for katello-all on rhel6 machines

Comment 11 Ivan Necas 2013-11-06 16:26:44 UTC
And by this bug, I mean https://bugzilla.redhat.com/show_bug.cgi?id=995123 not meaning, that it resolves this issue

Comment 14 Mike McCune 2014-02-05 17:14:13 UTC
We need to have katello-installer check for java-1.7+ to ensure we don't get bit by 1010111.

Comment 15 Mike McCune 2014-02-05 17:14:15 UTC
*** Bug 1061721 has been marked as a duplicate of this bug. ***

Comment 16 Mike McCune 2014-02-05 17:15:15 UTC
WORKAROUND:

rpm -e java-1.6.0-openjdk-1.6.0.0-3.1.13.1.el6_5.x86_64

and ensure that you have:

java-1.6.0-openjdk-1.6.0.0-1.66.1.13.0.el6.x86_64

Comment 18 Bryan Kearney 2014-06-03 20:14:11 UTC
Current install on Satellite 6.5 has both jdks installed, and the app is working. I am moving this to ON_QA.

Comment 20 sthirugn@redhat.com 2014-06-09 16:03:43 UTC
Failed.

Verification steps:
1. Subscribe/register the client to RHN
2. Remove all openjdk
3. yum install java-1.7.0-openjdk
4. Install Satellite6 Snap 8

Actual Results:
Installation failed. 
-> foreman-debug attached
-> hammer-ping failed
# hammer ping
Could not load API description from the server
  - is your server down?
  - was "foreman-rake apipie:cache" run on the server when using apipie cache? (typical production settings))
Warning: An error occured while loading module hammer_cli_katello
^CWarning: An error occured while loading module hammer_cli_foreman
Error: No such sub-command 'ping'

See: 'hammer --help'

-> UI did not launch (screenshot attached)

Version Tested:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.9.7-1.el6_5.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.9.7-1.el6_5.noarch
* candlepin-tomcat6-0.9.7-1.el6_5.noarch
* elasticsearch-0.90.10-4.el6sat.noarch
* foreman-1.6.0.14-1.el6sat.noarch
* foreman-compute-1.6.0.14-1.el6sat.noarch
* foreman-gce-1.6.0.14-1.el6sat.noarch
* foreman-libvirt-1.6.0.14-1.el6sat.noarch
* foreman-ovirt-1.6.0.14-1.el6sat.noarch
* foreman-postgresql-1.6.0.14-1.el6sat.noarch
* foreman-proxy-1.6.0.6-1.el6sat.noarch
* foreman-selinux-1.6.0-4.el6sat.noarch
* foreman-vmware-1.6.0.14-1.el6sat.noarch
* katello-1.5.0-25.el6sat.noarch
* katello-ca-1.0-1.noarch
* katello-certs-tools-1.5.5-1.el6sat.noarch
* katello-installer-0.0.45-1.el6sat.noarch
* openldap-2.4.23-32.el6_4.1.x86_64
* openldap-devel-2.4.23-32.el6_4.1.x86_64
* pulp-katello-0.3-3.el6sat.noarch
* pulp-nodes-common-2.4.0-0.18.beta.el6sat.noarch
* pulp-nodes-parent-2.4.0-0.18.beta.el6sat.noarch
* pulp-puppet-plugins-2.4.0-0.18.beta.el6sat.noarch
* pulp-puppet-tools-2.4.0-0.18.beta.el6sat.noarch
* pulp-rpm-plugins-2.4.0-0.18.beta.el6sat.noarch
* pulp-selinux-2.4.0-0.18.beta.el6sat.noarch
* pulp-server-2.4.0-0.18.beta.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-net-ldap-0.3.1-3.el6sat.noarch
* ruby193-rubygem-runcible-1.1.0-2.el6sat.noarch

Comment 22 sthirugn@redhat.com 2014-06-09 16:14:01 UTC
If this bug is not fixed before beta, this may need doc update.

Comment 23 Eric Helms 2014-06-27 19:37:42 UTC
Created redmine issue http://projects.theforeman.org/issues/6426 from this bug

Comment 24 Bryan Kearney 2014-06-27 20:01:22 UTC
Upstream bug assigned to None

Comment 25 Bryan Kearney 2014-06-27 22:01:23 UTC
Upstream bug assigned to None

Comment 26 Bryan Kearney 2014-06-28 00:01:23 UTC
Upstream bug assigned to None

Comment 27 Bryan Kearney 2014-06-28 02:01:21 UTC
Upstream bug assigned to None

Comment 28 Bryan Kearney 2014-06-28 04:01:22 UTC
Upstream bug assigned to None

Comment 29 Bryan Kearney 2014-06-28 06:01:24 UTC
Upstream bug assigned to None

Comment 30 Bryan Kearney 2014-06-28 08:01:24 UTC
Upstream bug assigned to None

Comment 31 Bryan Kearney 2014-06-28 10:01:24 UTC
Upstream bug assigned to None

Comment 32 Bryan Kearney 2014-06-28 12:01:23 UTC
Upstream bug assigned to None

Comment 33 Bryan Kearney 2014-06-28 14:01:25 UTC
Upstream bug assigned to None

Comment 34 Bryan Kearney 2014-06-28 16:01:22 UTC
Upstream bug assigned to None

Comment 35 Bryan Kearney 2014-06-28 18:01:22 UTC
Upstream bug assigned to None

Comment 36 Bryan Kearney 2014-06-28 20:01:21 UTC
Upstream bug assigned to None

Comment 37 Bryan Kearney 2014-06-28 22:01:24 UTC
Upstream bug assigned to None

Comment 38 Bryan Kearney 2014-06-29 00:01:22 UTC
Upstream bug assigned to None

Comment 39 Bryan Kearney 2014-06-29 02:01:23 UTC
Upstream bug assigned to None

Comment 40 Bryan Kearney 2014-06-29 04:01:22 UTC
Upstream bug assigned to None

Comment 41 Bryan Kearney 2014-06-29 06:01:22 UTC
Upstream bug assigned to None

Comment 42 Bryan Kearney 2014-06-29 08:01:23 UTC
Upstream bug assigned to None

Comment 43 Bryan Kearney 2014-06-29 10:01:22 UTC
Upstream bug assigned to None

Comment 44 Bryan Kearney 2014-06-29 12:01:21 UTC
Upstream bug assigned to None

Comment 45 Bryan Kearney 2014-06-29 14:01:24 UTC
Upstream bug assigned to None

Comment 46 Bryan Kearney 2014-06-29 16:01:21 UTC
Upstream bug assigned to None

Comment 47 Bryan Kearney 2014-06-29 18:01:23 UTC
Upstream bug assigned to None

Comment 48 Bryan Kearney 2014-06-29 20:01:21 UTC
Upstream bug assigned to None

Comment 49 Bryan Kearney 2014-06-29 22:01:22 UTC
Upstream bug assigned to None

Comment 50 Bryan Kearney 2014-06-30 00:01:22 UTC
Upstream bug assigned to None

Comment 51 Bryan Kearney 2014-06-30 02:01:22 UTC
Upstream bug assigned to None

Comment 52 Bryan Kearney 2014-06-30 04:01:22 UTC
Upstream bug assigned to None

Comment 53 Bryan Kearney 2014-06-30 06:01:21 UTC
Upstream bug assigned to None

Comment 54 Bryan Kearney 2014-06-30 08:01:30 UTC
Upstream bug assigned to None

Comment 55 Bryan Kearney 2014-06-30 12:01:28 UTC
Upstream bug assigned to None

Comment 56 Bryan Kearney 2014-06-30 14:01:43 UTC
Upstream bug assigned to None

Comment 57 Bryan Kearney 2014-06-30 16:02:43 UTC
Upstream bug assigned to None

Comment 58 Bryan Kearney 2014-06-30 18:01:35 UTC
Upstream bug assigned to None

Comment 59 Bryan Kearney 2014-06-30 20:01:44 UTC
Upstream bug assigned to None

Comment 60 Bryan Kearney 2014-06-30 22:01:26 UTC
Upstream bug assigned to None

Comment 61 Bryan Kearney 2014-07-01 00:01:25 UTC
Upstream bug assigned to None

Comment 62 Bryan Kearney 2014-07-01 02:01:24 UTC
Upstream bug assigned to None

Comment 63 Bryan Kearney 2014-07-01 04:01:22 UTC
Upstream bug assigned to None

Comment 64 Bryan Kearney 2014-07-01 06:01:28 UTC
Upstream bug assigned to None

Comment 65 Bryan Kearney 2014-07-01 08:01:36 UTC
Upstream bug assigned to None

Comment 66 Bryan Kearney 2014-07-01 10:01:26 UTC
Upstream bug assigned to None

Comment 67 Bryan Kearney 2014-07-01 12:01:30 UTC
Upstream bug assigned to None

Comment 68 Bryan Kearney 2014-07-01 14:01:34 UTC
Upstream bug assigned to None

Comment 69 Bryan Kearney 2014-07-01 16:01:26 UTC
Upstream bug assigned to None

Comment 70 Jesus M. Rodriguez 2014-07-30 17:21:11 UTC
The 6/9 attachments do not have any of the logs from the java bits in it. There's no tomcat logs or no candlepin logs.

Comment 71 sthirugn@redhat.com 2014-07-30 17:57:45 UTC
I dont think this bug is relevant anymore.

Satellite6 now requires java-1.7.0-openjdk by default.  Proposing to close this bug.

Comment 72 sthirugn@redhat.com 2014-07-30 18:10:34 UTC
Verified.

Satellite6 now requires java-1.7.0-openjdk


Version Tested:
Satellite-6.0.4-RHEL-6-20140723.0

* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.9.19-1.el6_5.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.9.19-1.el6_5.noarch
* candlepin-tomcat6-0.9.19-1.el6_5.noarch
* elasticsearch-0.90.10-4.el6sat.noarch
* foreman-1.6.0.29-1.el6sat.noarch
* foreman-compute-1.6.0.29-1.el6sat.noarch
* foreman-gce-1.6.0.29-1.el6sat.noarch
* foreman-libvirt-1.6.0.29-1.el6sat.noarch
* foreman-ovirt-1.6.0.29-1.el6sat.noarch
* foreman-postgresql-1.6.0.29-1.el6sat.noarch
* foreman-proxy-1.6.0.21-1.el6sat.noarch
* foreman-selinux-1.6.0-8.el6sat.noarch
* foreman-vmware-1.6.0.29-1.el6sat.noarch
* katello-1.5.0-27.el6sat.noarch
* katello-ca-1.0-1.noarch
* katello-certs-tools-1.5.6-1.el6sat.noarch
* katello-installer-0.0.56-1.el6sat.noarch
* openldap-2.4.23-32.el6_4.1.x86_64
* pulp-katello-0.3-3.el6sat.noarch
* pulp-nodes-common-2.4.0-0.23.beta.el6sat.noarch
* pulp-nodes-parent-2.4.0-0.23.beta.el6sat.noarch
* pulp-puppet-plugins-2.4.0-0.23.beta.el6sat.noarch
* pulp-puppet-tools-2.4.0-0.23.beta.el6sat.noarch
* pulp-rpm-plugins-2.4.0-0.23.beta.el6sat.noarch
* pulp-selinux-2.4.0-0.23.beta.el6sat.noarch
* pulp-server-2.4.0-0.23.beta.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-net-ldap-0.3.1-3.el6sat.noarch
* ruby193-rubygem-runcible-1.1.0-2.el6sat.noarch

Comment 73 Mike McCune 2014-07-31 13:50:22 UTC
*** Bug 1124441 has been marked as a duplicate of this bug. ***

Comment 75 Bryan Kearney 2014-09-11 12:25:00 UTC
This was delivered with Satellite 6.0 which was released on 10 September 2014.


Note You need to log in before you can comment on or make changes to this bug.