Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1455877 - Running with SSL: Hawkular JavaAgent security-realm is not configured
Running with SSL: Hawkular JavaAgent security-realm is not configured
Status: VERIFIED
Product: Middleware Manager
Classification: JBoss
Component: middleware-manager-docker (Show other bugs)
unspecified
Unspecified Unspecified
high Severity high
: DR1
: 7.0.0
Assigned To: Josejulio Martínez
Hayk Hovsepyan
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-26 07:07 EDT by Hayk Hovsepyan
Modified: 2017-10-02 04:46 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Hayk Hovsepyan 2017-05-26 07:07:13 EDT 
Description of problem:
While running Hawkular-Services docker container in SSL mode, Hawkular JavaAgent is not able to monitor Hawkular Services itself, so Hawkular Server is not recognized and shown in CFME UI.

Version-Release number of selected component (if applicable):
brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/jboss-mm-7-tech-preview/middleware-manager:7.0.0-16

How reproducible:
SSL mode only, when running H-Services container with "HAWKULAR_USE_SSL=true" option

Steps to Reproduce:
1. Run Hawkular Services docker container in SSL mode.
2. In CFME UI, add that Middleware Manager. Refresh items and relationships.
3. "Middleware Servers" in Relationships is 0.
In Hawkular Services docker container you can see that Hawkular JavaAgent is not configured correctly to use existing security realm.
Comment 5 Josejulio Martínez 2017-06-01 14:46:56 EDT 
What version (or commit) of hawkular-services are you using?

Using master (as of today) I'm able to see inventoried hawkular-services (using hawkfx, will test on CFME UI)

I started hawkular-services following the instructions here:
https://github.com/hawkular/hawkular-services/tree/master/docker-dist

# Cassandra
docker run --name hawkular-cassandra -e CASSANDRA_START_RPC=true -d cassandra:3.0.9

# Hawkular services
docker run --link=hawkular-cassandra -e CASSANDRA_NODES=hawkular-cassandra -e HAWKULAR_USE_SSL=true -p 8443:8443 `whoami`/hawkular-services

With that you must connect to https://THE_HOST:8443 and select 'SSL without validation'

----

After looking at your server.log I see an error:
keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-1.8.0/jre/lib/security/cacerts (Permission denied)

and at the bottom I see:
The command-gateway URL is [ws://127.0.0.1:8080/hawkular/command-gateway/feed/b2009504df80]

It seems that the certificate wasn't created and is not using SSL at all.
Javaagent is trying to talk to services using https (which isn't up).

Could you pass me the command you are using to start hawkular services?
Comment 11 Hayk Hovsepyan 2017-10-02 04:46:56 EDT 
Verified on Cloudforms Middleware Manager - 7.0.0.TP3-DR1
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.