Bug 1142262
| Summary: | Cannot install into existing password vault on IBM JDK | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] JBoss BRMS Platform 6 | Reporter: | Tomas Livora <tlivora> | ||||||
| Component: | Documentation | Assignee: | Vikram Goyal <vigoyal> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Lukáš Petrovický <lpetrovi> | ||||||
| Severity: | medium | Docs Contact: | Vikram Goyal <vigoyal> | ||||||
| Priority: | medium | ||||||||
| Version: | 6.0.2 | CC: | aabulawi, brms-docs, kverlaen, rrajasek, thauser, vigoyal | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | One-off release | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2015-03-06 06:01:32 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1146514 | ||||||||
| Attachments: |
|
||||||||
Created attachment 938017 [details]
Fedora - VaultReaderException
Hello Tomas, Can you give me a link to the VM used for testing this? Hi Thomas, our test suite failed with the same error on all of the following machines: https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev126-virt1 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev128-virt1 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev130-virt1 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev130-virt2 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev149-virt2 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev57-rhel6-x86_64 https://jenkins.mw.lab.eng.bos.redhat.com/hudson/computer/dev172-rhel6-x86_64 Comment on attachment 938017 [details]
Fedora - VaultReaderException
The behavior on Fedora is the same as on RHEL. I just did not set up IBM JDK on my machine correctly before.
The tests reusing existing keystore were added to the test suite after 6.0.2 GA was released so this has never been tested before. However, after further investigation I have found out that everything works as expected if the keystore file is generated by the keytool from IBM JDK. It means that IBM JDK is not able to use keystores generated on other JDKs so we probably cannot do anything about it. But I am not sure. Tom, can you write your opinion on this? I would be surprised if it were the case that the IBM JDK cannot read other keystores generated by other tools. Perhaps the IBM JDK uses a different default type or some such. I'll take a look on the machines in question today. If it turns out that what you have stated is true, then I'd agree we can't do anything about it. (In reply to Tomas Livora from comment #7) > The tests reusing existing keystore were added to the test suite after 6.0.2 > GA was released so this has never been tested before. > > However, after further investigation I have found out that everything works > as expected if the keystore file is generated by the keytool from IBM JDK. > It means that IBM JDK is not able to use keystores generated on other JDKs > so we probably cannot do anything about it. But I am not sure. Tom, can you > write your opinion on this? Let's document this and address in a later release, not a blocker for 6.0.3 I haven't been able to reproduce this issue. I followed the following steps on a RHEL 6 vm. 1) Unzip eap 6.1.1 2) With the open JDK 6, I created a keystore 3) Switch to IBM JDK 7 4) Run BRMS 6.0.3 CR1 installer, and specify the previously created keystore when creating the password vault. No error messages was given when following the following steps and the installtion was successful Ahmed, I have just tested it again on RHEL 6.5 and I have been able to reproduce the issue. I have followed these steps: 1) Install BRMS 6.0.3 CR1 on OpenJDK 7. Create a new password vault using the installer. 2) Create a new directory, unzip EAP 6.1.1 there and copy vault.keystore file and vault folder into the EAP directory. 3) Run the installer on IBM JDK 7 and try to reuse the mentioned password vault. The result is an error message saying "The JVM cannot read the supplied keystore". Note that when I follow these steps but use OpenJDK instead of IBM JDK in the third step, there is no such error. I was able to reproduce the error with the procedure given above. I was also able to reproduce the error by creating a keystore from the command line using keytool, and creating a vault session using that keystore with OpenJDK 7. When I tried running the installer using IBM JDK 7 I got the same error. I agree with Tomas, and think this is an issue with the IBM JDK not being able to use keystores generated by other JDKs. After Ahmed's investigation, I don't think that we can resolve this issue, unfortunately. I agree with your Comment 7 Tomas. Thanks Tomas. Updated on the live server [1]. [1] https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/6.0/html-single/Installation_Guide/index.html#sect-The_Red_Hat_JBoss_BPM_Suite_Installer_installation |
Created attachment 938015 [details] RHEL - JVM error Description of problem: It is not possible to install BPMS/BRMS into existing EAP and reuse existing keystore when running on IBM JDK. Version-Release number of selected component (if applicable): BPMS/BRMS 6.0.3 CR1 Steps to Reproduce: 1. Unzip EAP and put your generated keystore file to its folder. 2. Run the installer, perform advanced configuration and check install password vault. 3. Enter correct keystore password and location of your keystore file. Actual results: On RHEL 6 there is an error message saying "The JVM cannot read the supplied keystore." I have also tested it locally on my Fedora 20 with IBM JDK 7.1 and in this case there was no error on the screen where the password vault is configured. However, the installation failed later with VaultReaderException. Expected results: The installation should finish successfully like on other JDKs. There are no problems like this on OpenJDK or Oracle JDK. Additional info: This issue appears on both IBM JDK versions 6 and 7.