904766 – rhevm-manage-domains crash when using latest java openjdk "1.7.0_11-icedtea"

Bug 904766 - rhevm-manage-domains crash when using latest java openjdk "1.7.0_11-icedtea"

Summary: rhevm-manage-domains crash when using latest java openjdk "1.7.0_11-icedtea"

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-config
Sub Component:
Version:	3.2.0
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Target Release:	3.2.0
Assignee:	Yair Zaslavsky
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	infra
Depends On:	905128
Blocks:
TreeView+	depends on / blocked

Reported:	2013-01-27 12:52 UTC by Eyal Edri
Modified:	2016-02-10 19:14 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-03 10:33:28 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Eyal Edri 2013-01-27 12:52:58 UTC

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. update java to latest version (1.7.0._11)
2. run rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -user=vdcadmin -passwordFile=/tmp/tmpLAuvZv -addPermissions -provider=ActiveDirectory
3.
  
Actual results:
# /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java -version
java version "1.7.0_11-icedtea"
OpenJDK Runtime Environment (rhel-2.4.0.2.el6-x86_64)
OpenJDK 64-Bit Server VM (build 24.0-b28, mixed mode)
# /usr/bin/rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -user=vdcadmin -passwordFile=/tmp/tmpLAuvZv -addPermissions -provider=ActiveDirectory
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fdb25ebae5f, pid=20117, tid=140579204630272
#
# JRE version: OpenJDK Runtime Environment (7.0_11) (build 1.7.0_11-icedtea-mockbuild_2013_01_23_09_25-b00)
# Java VM: OpenJDK 64-Bit Server VM (24.0-b28 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V  [libjvm.so+0x5d9e5f]  JNI_CreateJavaVM+0xd40f
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /var/log/hs_err_pid20117.log
#
# If you would like to submit a bug report, please include
# instructions on how to reproduce the bug and visit:
#   http://icedtea.classpath.org/bugzilla
#
/usr/bin/rhevm-manage-domains: line 149: 20117 Aborted                 "${JAVA_HOME}/bin/java" -cp .:$CP org.ovirt.engine.core.utils.kerberos.ManageDomains "$@" -propertiesFile=$PROPERTIES_FILE
You have new mail in /var/spool/mail/root



Expected results:
new domain should be added

Additional info:

Comment 1 Roy Golan 2013-01-27 12:57:48 UTC

release 11 of jdk 7  was around a security issue. I took my java.security file and placed it onto the jenkins VM and
manage domains ran.

sun added a sun.security.pkcs11.SunPKCS11 as the first provider which causes this.

as a workaround we can :
1. comment the provider and set the 1st and 2nd provider to be the same
 #security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
 security.provider.1=sun.security.provider.Sun
 security.provider.2=sun.security.provider.Sun

2.put an overrided java.policy file in our jboss install dir and pass -Djava.security.properties to jboss

Comment 2 Roy Golan 2013-01-27 13:05:47 UTC

the file is 
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.11.x86_64/jre/lib/security/java.security

Comment 3 Yair Zaslavsky 2013-01-28 12:54:06 UTC

I think option #2 is more valid. We should not tamper with java installation.

Note You need to log in before you can comment on or make changes to this bug.