Description of problem: Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. update java to latest version (1.7.0._11) 2. run rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -user=vdcadmin -passwordFile=/tmp/tmpLAuvZv -addPermissions -provider=ActiveDirectory 3. Actual results: # /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java -version java version "1.7.0_11-icedtea" OpenJDK Runtime Environment (rhel-2.4.0.2.el6-x86_64) OpenJDK 64-Bit Server VM (build 24.0-b28, mixed mode) # /usr/bin/rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -user=vdcadmin -passwordFile=/tmp/tmpLAuvZv -addPermissions -provider=ActiveDirectory # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007fdb25ebae5f, pid=20117, tid=140579204630272 # # JRE version: OpenJDK Runtime Environment (7.0_11) (build 1.7.0_11-icedtea-mockbuild_2013_01_23_09_25-b00) # Java VM: OpenJDK 64-Bit Server VM (24.0-b28 mixed mode linux-amd64 compressed oops) # Problematic frame: # V [libjvm.so+0x5d9e5f] JNI_CreateJavaVM+0xd40f # # Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again # # An error report file with more information is saved as: # /var/log/hs_err_pid20117.log # # If you would like to submit a bug report, please include # instructions on how to reproduce the bug and visit: # http://icedtea.classpath.org/bugzilla # /usr/bin/rhevm-manage-domains: line 149: 20117 Aborted "${JAVA_HOME}/bin/java" -cp .:$CP org.ovirt.engine.core.utils.kerberos.ManageDomains "$@" -propertiesFile=$PROPERTIES_FILE You have new mail in /var/spool/mail/root Expected results: new domain should be added Additional info:
release 11 of jdk 7 was around a security issue. I took my java.security file and placed it onto the jenkins VM and manage domains ran. sun added a sun.security.pkcs11.SunPKCS11 as the first provider which causes this. as a workaround we can : 1. comment the provider and set the 1st and 2nd provider to be the same #security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg security.provider.1=sun.security.provider.Sun security.provider.2=sun.security.provider.Sun 2.put an overrided java.policy file in our jboss install dir and pass -Djava.security.properties to jboss
the file is /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.11.x86_64/jre/lib/security/java.security
I think option #2 is more valid. We should not tamper with java installation.