Bug 1013010 - Seeding SRAMP fails if SSL enabled in post process installation
Seeding SRAMP fails if SSL enabled in post process installation
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Installer (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER7
: 6.0.0
Assigned To: Thomas Hauser
Stefan Bunciak
Depends On:
  Show dependency treegraph
Reported: 2013-09-27 11:07 EDT by Pavol Srna
Modified: 2014-02-06 10:29 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
screenshot (66.51 KB, image/png)
2013-09-27 11:08 EDT, Pavol Srna
no flags Details

  None (edit)
Description Pavol Srna 2013-09-27 11:07:29 EDT
Description of problem:

Please see screenshot attached.

How reproducible:

Steps to Reproduce:
1. leave all defaults
2. enable SSL in post processing configuration and fill in necessary fields for keystore 
3. hit on next .. (it fails on the processing page)
Comment 1 Pavol Srna 2013-09-27 11:08:01 EDT
Created attachment 803999 [details]
Comment 3 Francisco Canas 2013-09-27 15:22:06 EDT
We are unable to reproduce this issue with either ER3 or latest dev jars.
Can you give us a few more details?
Are you using a valid keystore file, and is it brand new? 
Which exact installer version are you using currently?
JDK version and OS?

Comment 4 Pavol Srna 2013-09-30 04:54:34 EDT
I used a self signed certificate.

Here are my steps:

A) Creating the keystore and private key:

a1) `keytool -genkey -alias jboss -keypass pass123 -keyalg RSA -keystore server.keystore` ... server.keystore is generated.

a2) `keytool -list -keystore server.keystore` ... You should see the PrivateKeyEntry named jboss in the listing.

B) Generating and storing the certificate.

b1) `keytool -export -alias jboss -keypass pass123 -file server.crt -keystore server.keystore`  ... server.crt is generated.

b2) `keytool -import -alias jbosscert -keypass pass123 -file server.crt -keystore server.keystore` ... You receive a warning that it already exists in the keystore.  Ignore it.  It is because Java expects separate keystore and trustore files and we are using only one.

b3) `keytool -list -keystore server.keystore` ... You should see a TrustedCertEntry named jbosscert in the listing.

Then I used the generated keystore file in the installer.

I used ER3 installer (jboss-eap-6.0.0.fsw.ci-installer.jar) 
uname -a: 

Linux psrna-ThinkPad-T430s 3.5.0-40-generic #62~precise1-Ubuntu SMP Fri Aug 23 17:59:10 UTC 2013 i686 i686 i386 GNU/Linux


java version "1.7.0_40"
Java(TM) SE Runtime Environment (build 1.7.0_40-b43)
Java HotSpot(TM) Server VM (build 24.0-b56, mixed mode)

When I uncheck the s-ramp pack in the installer and install only FSW then there is no exception/error dialog during installation.
Comment 5 Thomas Hauser 2013-09-30 13:59:21 EDT
Reproduced. The issue is not that the SRAMP repo seeding fails, but that the job that tries to shutdown the server fails due to missing classes relating to the SSL configuration.
Comment 6 Thomas Hauser 2013-09-30 14:02:56 EDT
I was able to fix this issue (somewhat) by including the jboss-sasl classes in the installer. However, there is a prompt displayed to the user: 
Accept certificate? [N]o, [T]emporarily, [P]ermenantly : T

The installer will hang until an answer is given. It will fail if the "No" answer is given. I will look into automating this selection, at least there is no big CNFE being spit at the user now.
Comment 7 Thomas Hauser 2013-10-21 11:32:57 EDT
A complete fix for this issue will be in post beta builds. The prompt will not be displayed to the user at all anymore.
Comment 8 Pavol Srna 2013-12-13 08:20:32 EST
Verified in ER7.

Note You need to log in before you can comment on or make changes to this bug.