Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 904766

Summary: rhevm-manage-domains crash when using latest java openjdk "1.7.0_11-icedtea"
Product: Red Hat Enterprise Virtualization Manager Reporter: Eyal Edri <eedri>
Component: ovirt-engine-configAssignee: Yair Zaslavsky <yzaslavs>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Stehlik <pstehlik>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.2.0CC: acathrow, bazulay, dyasny, eedri, iheim, lpeer, mgoldboi, oourfali, Rhev-m-bugs, sgrinber, yeylon, ykaul, yzaslavs
Target Milestone: ---Keywords: Regression, TestBlocker
Target Release: 3.2.0   
Hardware: x86_64   
OS: Linux   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-03 10:33:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 905128    
Bug Blocks:    

Description Eyal Edri 2013-01-27 12:52:58 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. update java to latest version (1.7.0._11)
2. run rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -user=vdcadmin -passwordFile=/tmp/tmpLAuvZv -addPermissions -provider=ActiveDirectory
3.
  
Actual results:
# /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java -version
java version "1.7.0_11-icedtea"
OpenJDK Runtime Environment (rhel-2.4.0.2.el6-x86_64)
OpenJDK 64-Bit Server VM (build 24.0-b28, mixed mode)
# /usr/bin/rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -user=vdcadmin -passwordFile=/tmp/tmpLAuvZv -addPermissions -provider=ActiveDirectory
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fdb25ebae5f, pid=20117, tid=140579204630272
#
# JRE version: OpenJDK Runtime Environment (7.0_11) (build 1.7.0_11-icedtea-mockbuild_2013_01_23_09_25-b00)
# Java VM: OpenJDK 64-Bit Server VM (24.0-b28 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V  [libjvm.so+0x5d9e5f]  JNI_CreateJavaVM+0xd40f
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /var/log/hs_err_pid20117.log
#
# If you would like to submit a bug report, please include
# instructions on how to reproduce the bug and visit:
#   http://icedtea.classpath.org/bugzilla
#
/usr/bin/rhevm-manage-domains: line 149: 20117 Aborted                 "${JAVA_HOME}/bin/java" -cp .:$CP org.ovirt.engine.core.utils.kerberos.ManageDomains "$@" -propertiesFile=$PROPERTIES_FILE
You have new mail in /var/spool/mail/root



Expected results:
new domain should be added

Additional info:
Comment 1 Roy Golan 2013-01-27 12:57:48 UTC 
release 11 of jdk 7  was around a security issue. I took my java.security file and placed it onto the jenkins VM and
manage domains ran.

sun added a sun.security.pkcs11.SunPKCS11 as the first provider which causes this.

as a workaround we can :
1. comment the provider and set the 1st and 2nd provider to be the same
 #security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
 security.provider.1=sun.security.provider.Sun
 security.provider.2=sun.security.provider.Sun

2.put an overrided java.policy file in our jboss install dir and pass -Djava.security.properties to jboss
Comment 2 Roy Golan 2013-01-27 13:05:47 UTC 
the file is 
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.11.x86_64/jre/lib/security/java.security
Comment 3 Yair Zaslavsky 2013-01-28 12:54:06 UTC 
I think option #2 is more valid. We should not tamper with java installation.