1455877 – Running with SSL: Hawkular JavaAgent security-realm is not configured

Bug 1455877 - Running with SSL: Hawkular JavaAgent security-realm is not configured

Summary: Running with SSL: Hawkular JavaAgent security-realm is not configured

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Middleware Manager
Classification:	JBoss
Component:	middleware-manager-docker
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	DR1
Target Release:	7.0.0
Assignee:	Josejulio Martínez
QA Contact:	Hayk Hovsepyan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-05-26 11:07 UTC by Hayk Hovsepyan
Modified:	2025-02-10 03:58 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2025-02-10 03:58:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description Hayk Hovsepyan 2017-05-26 11:07:13 UTC

Description of problem:
While running Hawkular-Services docker container in SSL mode, Hawkular JavaAgent is not able to monitor Hawkular Services itself, so Hawkular Server is not recognized and shown in CFME UI.

Version-Release number of selected component (if applicable):
brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/jboss-mm-7-tech-preview/middleware-manager:7.0.0-16

How reproducible:
SSL mode only, when running H-Services container with "HAWKULAR_USE_SSL=true" option

Steps to Reproduce:
1. Run Hawkular Services docker container in SSL mode.
2. In CFME UI, add that Middleware Manager. Refresh items and relationships.
3. "Middleware Servers" in Relationships is 0.
In Hawkular Services docker container you can see that Hawkular JavaAgent is not configured correctly to use existing security realm.

Comment 5 Josejulio Martínez 2017-06-01 18:46:56 UTC

What version (or commit) of hawkular-services are you using?

Using master (as of today) I'm able to see inventoried hawkular-services (using hawkfx, will test on CFME UI)

I started hawkular-services following the instructions here:
https://github.com/hawkular/hawkular-services/tree/master/docker-dist

# Cassandra
docker run --name hawkular-cassandra -e CASSANDRA_START_RPC=true -d cassandra:3.0.9

# Hawkular services
docker run --link=hawkular-cassandra -e CASSANDRA_NODES=hawkular-cassandra -e HAWKULAR_USE_SSL=true -p 8443:8443 `whoami`/hawkular-services

With that you must connect to https://THE_HOST:8443 and select 'SSL without validation'

----

After looking at your server.log I see an error:
keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-1.8.0/jre/lib/security/cacerts (Permission denied)

and at the bottom I see:
The command-gateway URL is [ws://127.0.0.1:8080/hawkular/command-gateway/feed/b2009504df80]

It seems that the certificate wasn't created and is not using SSL at all.
Javaagent is trying to talk to services using https (which isn't up).

Could you pass me the command you are using to start hawkular services?

Comment 11 Hayk Hovsepyan 2017-10-02 08:46:56 UTC

Verified on Cloudforms Middleware Manager - 7.0.0.TP3-DR1

Comment 16 Red Hat Bugzilla 2025-02-10 03:58:52 UTC

This product has been discontinued or is no longer tracked in Red Hat Bugzilla.

Note You need to log in before you can comment on or make changes to this bug.