Description of problem: When setting up encryption following https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/configuring-ssl.html agent is not able to communicate with server and throws exception which is not very helpful. Version-Release number of selected component (if applicable): JON3.3.5.ER01 How reproducible: Always Steps to Reproduce: 1. follow https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Admin_and_Config/configuring-ssl.html to set up encryption Actual results: Agent is not communication with server and throws: 2016-01-27 07:42:39,728 ERROR [RHQ Agent Registration Thread] (enterprise.communications.command.client.ClientCommandSenderTask)- {ClientCommandSenderTask.send-failed}Failed to send command [Command: type=[remotepojo]; cmd-in-response=[false]; config=[{rhq.agent-name=fbr-jon335.bc.jonqe.lab.eng.bos.redhat.com, rhq.externalizable-strategy=AGENT, rhq.send-throttle=true}]; params=[{invocation=NameBasedInvocation[registerAgent], targetInterfaceName=org.rhq.core.clientapi.server.core.CoreServerService}]]. Cause: java.lang.reflect.InvocationTargetException:null -> java.lang.RuntimeException:null -> java.lang.NullPointerException:null. Cause: java.lang.reflect.InvocationTargetException Expected results: It should work. Additional info: There are 2 options: a) add missing step to documentation b) fix usage of default values Problem is in agent-configuration.xml - to make it work it's necessary to uncomment keystore and truststore properties. This step is missing in documentation. This also means that default values are not used correctly. This step is not necessary when using sslservlet. To avoid confusion it should be the same for both sslservlet and sslsocket. Use default values or document that it's necessary to uncomment it in agent-configuration.xml
This issue had been identified in upstream Bug 867148. The issue is that rhq.agent.client.security.truststore.password becomes a required parameter even though it is not used once you set sslsocket. The result is the agent fails to start unless you add the unused property and provide some meaningless dummy value. To fix this, the property and its value should only be used if it is defined and not an empty string.
commit bbb0359b56d9f74e637fa9e1d021b83a5879bb7a Author: Josejulio Martínez <jmartine> Date: Fri Feb 12 13:14:29 2016 -0600 Bug 1302322 - Secure server-agent communication using sslsocket incorrectly requires a truststore password. Made ClientSenderSecurityTruststorePassword(client.security.truststore.password) property optional, no longer storing null in the configuration map. This avoids passing a map with nulls to org.jboss.remoting.Client which causes an Exception on it's connect method.
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=499890
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-1519.html