Created attachment 1340547 [details] hawkular metrics pod log Description of problem: This defect is found when testing https://bugzilla.redhat.com/show_bug.cgi?id=1500471 /etc/origin/master/ca-bundle.crt file, after add spaces to the end of "-----BEGIN CERTIFICATE-----" and restart server and deploy metrics 3.6. hawkular-metrics pod throws out java.io.IOException continuously, details please see the attached file. Although this exception, it does not affect metrics' function, metrics sanity testing passed ******************************************************************************** [org.openshift.ping.common.stream.TokenStreamProvider] (thread-2,ee,hawkular-metrics-n15zd) Could not create trust manager for /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Illegal header: -----BEGIN CERTIFICATE----- at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:110) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) at org.openshift.ping.common.stream.TokenStreamProvider.configureCaCert(TokenStreamProvider.java:73) at org.openshift.ping.common.stream.TokenStreamProvider.getSSLSocketFactory(TokenStreamProvider.java:106) at org.openshift.ping.common.stream.TokenStreamProvider.openStream(TokenStreamProvider.java:49) at org.openshift.ping.common.stream.OpenStream.call(OpenStream.java:25) at org.openshift.ping.common.stream.OpenStream.call(OpenStream.java:7) at org.openshift.ping.common.Utils.execute(Utils.java:210) at org.openshift.ping.common.Utils.openStream(Utils.java:50) at org.openshift.ping.kube.Client.getNode(Client.java:84) at org.openshift.ping.kube.Client.getPods(Client.java:90) at org.openshift.ping.kube.KubePing.doReadAll(KubePing.java:196) at org.openshift.ping.common.OpenshiftPing.readAll(OpenshiftPing.java:249) at org.openshift.ping.common.OpenshiftPing.sendMcastDiscoveryRequest(OpenshiftPing.java:201) at org.jgroups.protocols.PING.sendDiscoveryRequest(PING.java:62) at org.jgroups.protocols.PING.findMembers(PING.java:32) at org.jgroups.protocols.Discovery.findMembers(Discovery.java:244) at org.jgroups.protocols.Discovery.down(Discovery.java:388) at org.openshift.ping.common.OpenshiftPing.down(OpenshiftPing.java:196) at org.jgroups.protocols.MERGE3$InfoSender.run(MERGE3.java:381) at org.jgroups.util.TimeScheduler3$Task.run(TimeScheduler3.java:291) at org.jgroups.util.TimeScheduler3$RecurringTask.run(TimeScheduler3.java:325) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.jboss.as.clustering.jgroups.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:52) at java.lang.Thread.run(Thread.java:748) Caused by: java.io.IOException: Illegal header: -----BEGIN CERTIFICATE----- at sun.security.provider.X509Factory.checkHeaderFooter(X509Factory.java:646) at sun.security.provider.X509Factory.readOneBlock(X509Factory.java:636) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:96) ************************************************************************ Version-Release number of selected component (if applicable): metrics-hawkular-metrics:v3.6.173.0.56-1 # openshift version openshift v3.6.173.0.56 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 How reproducible: Always Steps to Reproduce: 1. Change to "-----BEGIN CERTIFICATE----- "(two spaces in the end) of /etc/origin/master/ca-bundle.crt. 2. Restart server and deploy metrics 3.6 3. Actual results: hawkular-metrics pod throws out java.io.IOException continuously Expected results: There should not be exception in hawkular-metrics pod log Additional info:
This is an issue on an external component: https://github.com/jboss-openshift/openshift-ping Similar issues will occur (BZ 1503462) on other components that are using Java's cert facilities. Unless we face a situation where a customer can't fix the cert, we won't be fixing the whole stack.