Bug 1302322 - Secure server-agent communication using sslsocket incorrectly requires a truststore password
Secure server-agent communication using sslsocket incorrectly requires a trus...
Product: JBoss Operations Network
Classification: JBoss
Component: Agent, Usability (Show other bugs)
JON 3.3.5
Unspecified Unspecified
medium Severity medium
: DR01
: JON 3.3.6
Assigned To: Josejulio Martínez
Filip Brychta
: EasyFix, Triaged
Depends On: 867148
  Show dependency treegraph
Reported: 2016-01-27 08:42 EST by Filip Brychta
Modified: 2016-08-22 09:41 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-27 11:32:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Filip Brychta 2016-01-27 08:42:27 EST
Description of problem:
When setting up encryption following https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/configuring-ssl.html agent is not able to communicate with server and throws exception which is not very helpful. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. follow https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/configuring-ssl.html to set up encryption

Actual results:
Agent is not communication with server and throws:
2016-01-27 07:42:39,728 ERROR [RHQ Agent Registration Thread] (enterprise.communications.command.client.ClientCommandSenderTask)- {ClientCommandSenderTask.send-failed}Failed to send command [Command: type=[remotepojo]; cmd-in-response=[false]; config=[{rhq.agent-name=fbr-jon335.bc.jonqe.lab.eng.bos.redhat.com, rhq.externalizable-strategy=AGENT, rhq.send-throttle=true}]; params=[{invocation=NameBasedInvocation[registerAgent], targetInterfaceName=org.rhq.core.clientapi.server.core.CoreServerService}]]. Cause: java.lang.reflect.InvocationTargetException:null -> java.lang.RuntimeException:null -> java.lang.NullPointerException:null. Cause: java.lang.reflect.InvocationTargetException

Expected results:
It should work.

Additional info:
There are 2 options:
a) add missing step to documentation
b) fix usage of default values

Problem is in agent-configuration.xml - to make it work it's necessary to uncomment keystore and truststore properties. This step is missing in documentation. This also means that default values are not used correctly.

This step is not necessary when using sslservlet.

To avoid confusion it should be the same for both sslservlet and sslsocket. Use default values or document that it's necessary to uncomment it in agent-configuration.xml
Comment 1 Larry O'Leary 2016-01-27 13:22:14 EST
This issue had been identified in upstream Bug 867148.

The issue is that rhq.agent.client.security.truststore.password becomes a required parameter even though it is not used once you set sslsocket. The result is the agent fails to start unless you add the unused property and provide some meaningless dummy value.

To fix this, the property and its value should only be used if it is defined and not an empty string.
Comment 2 Josejulio Martínez 2016-02-19 11:30:39 EST
commit bbb0359b56d9f74e637fa9e1d021b83a5879bb7a
Author: Josejulio Martínez <jmartine@redhat.com>
Date:   Fri Feb 12 13:14:29 2016 -0600

    Bug 1302322 - Secure server-agent communication using sslsocket incorrectly requires a truststore password.
    Made ClientSenderSecurityTruststorePassword(client.security.truststore.password) property optional, no longer storing null in the configuration map. This avoids passing a map with nulls to org.jboss.remoting.Client which causes an Exception on it's connect method.
Comment 3 Mike McCune 2016-03-28 18:47:43 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 5 Simeon Pinder 2016-06-17 21:11:34 EDT
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build:
Comment 7 errata-xmlrpc 2016-07-27 11:32:30 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.