[Hawkular-dev] agent running in EAP6.4 cannot talk to Hawkular Server over HTTPS

John Mazzitelli mazz at redhat.com
Wed Mar 8 00:55:05 EST 2017 

Thank you, JoseJulio - your fix worked! Crisis averted :)

I ran some tests over here and it looks good.

----- Original Message -----
> Only thing I could think of was to use reflection to get the actual wrapped
> factory:
> 
> https://github.com/hawkular/hawkular-agent/pull/300/commits/bedf8a19496aba56df71c95447b1327c766676d5#diff-394e3f128a0dd5307095aab90861bce7R319
> 
> This is currently working on EAP6 (and EAP7).
> 
> On Tue, Mar 7, 2017 at 4:03 PM, John Mazzitelli <mazz at redhat.com> wrote:
> 
> > BTW: the latest agent release/master branch will not produce this NPE but
> > it still isn't good because, instead of getting an NPE, you get this
> > loveliness:
> >
> > 16:57:53,081 ERROR [org.hawkular.agent.monitor.service.MonitorService]
> > (Hawkular WildFly Agent Startup Thread) HAWKMONITOR010054: Agent
> > encountered errors during start up and will be stopped.:
> > java.lang.IllegalStateException:
> > Unable to extract the trust manager on okhttp3.internal.platform.
> > Platform at 69f176ea, sslSocketFactory is class org.jboss.as.domain.
> > management.security.WrapperSSLContext$WrapperSpi$WrapperSSLSocketFactory
> >         at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.
> > java:599)
> >
> > OKHttp is looking for particular SSL class to find a trust manager but is
> > thrown for a loop when it finds WildFly has its own wrapper implementation.
> > This is the whole reason why this PR exists (and the NPE shows up when
> > running with that PR):
> >
> > https://github.com/hawkular/hawkular-agent/pull/300
> >
> > (and just to clarify, this is only an issue on EAP6.4. Everything works
> > fine on EAP7+)
> >
> > ----- Original Message -----
> > > Josejulio, cc hawkular-dev:
> > >
> > > <TL;DR>
> > > Due to incomplete API support in a EAP 6.4 library, we cannot support the
> > > agent installed as a subsystem extension inside EAP6 if the agent is to
> > talk
> > > to the Hawkular Server over HTTPS.
> > > </TL;DR>
> > >
> > > I don't know how to workaround this one - maybe someone has a bright
> > idea.
> > > But right now, it looks like we can't support an EAP6-based agent
> > talking to
> > > Hawkular-Metrics over HTTPS *unless* the agent is running as a javaagent
> > (a
> > > new feature not even in master yet, but I tried it and it works).
> > >
> > > This is a EAP 6.4 method that OKHttp is calling when making an HTTP
> > request
> > > requiring SSL - I'll give you the summary - its a one-line auto-generated
> > > stub method that "return null;" :)
> > >
> > > https://github.com/wildfly/wildfly-core/blame/
> > de6b17d4d342e98871c0e95f7e6faa9006383768/domain-management/
> > src/main/java/org/jboss/as/domain/management/security/
> > WrapperSSLContext.java#L124-L126
> > >
> > > I stepped into this code via a debugger and the line number and behavior
> > > (returning null always) matches up with that code.
> > >
> > > Needless to say, this causes a NullPointerException later on in the
> > OKHttp
> > > library and thus cannot talk to the Hawkular Server over HTTPS.
> > >
> > > Here's the stack trace that got me there:
> > >
> > > Daemon Thread [Hawkular WildFly Agent Startup Thread] (Suspended)
> > >       org.jboss.as.domain.management.security.
> > WrapperSSLContext$WrapperSpi$WrapperSSLSocketFactory.
> > createSocket(java.net.Socket,
> > >       java.lang.String, int, boolean) line: 126
> > >       okhttp3.internal.connection.RealConnection.connectTls(int, int,
> > >       okhttp3.internal.connection.ConnectionSpecSelector) line: 230
> > >       okhttp3.internal.connection.RealConnection.establishProtocol(int,
> > int,
> > >       okhttp3.internal.connection.ConnectionSpecSelector) line: 198
> > >       okhttp3.internal.connection.RealConnection.buildConnection(int,
> > int, int,
> > >       okhttp3.internal.connection.ConnectionSpecSelector) line: 174
> > >       okhttp3.internal.connection.RealConnection.connect(int, int, int,
> > >       java.util.List<okhttp3.ConnectionSpec>, boolean) line: 114
> > >       okhttp3.internal.connection.StreamAllocation.findConnection(int,
> > int, int,
> > >       boolean) line: 193
> > >       okhttp3.internal.connection.StreamAllocation.findHealthyConnection(int,
> > int,
> > >       int, boolean, boolean) line: 129
> > >       okhttp3.internal.connection.StreamAllocation.newStream(
> > okhttp3.OkHttpClient,
> > >       boolean) line: 98
> > >       okhttp3.internal.connection.ConnectInterceptor.intercept(
> > okhttp3.Interceptor$Chain)
> > >       line: 42
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(
> > okhttp3.Request,
> > >       okhttp3.internal.connection.StreamAllocation,
> > >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request)
> > line: 67
> > >       okhttp3.internal.cache.CacheInterceptor.intercept(
> > okhttp3.Interceptor$Chain)
> > >       line: 109
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(
> > okhttp3.Request,
> > >       okhttp3.internal.connection.StreamAllocation,
> > >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request)
> > line: 67
> > >       okhttp3.internal.http.BridgeInterceptor.intercept(
> > okhttp3.Interceptor$Chain)
> > >       line: 93
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(
> > okhttp3.Request,
> > >       okhttp3.internal.connection.StreamAllocation,
> > >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> > >       okhttp3.internal.http.RetryAndFollowUpInterceptor.
> > intercept(okhttp3.Interceptor$Chain)
> > >       line: 124
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(
> > okhttp3.Request,
> > >       okhttp3.internal.connection.StreamAllocation,
> > >       okhttp3.internal.http.HttpStream, okhttp3.Connection) line: 92
> > >       okhttp3.internal.http.RealInterceptorChain.proceed(okhttp3.Request)
> > line: 67
> > >       okhttp3.RealCall.getResponseWithInterceptorChain() line: 170
> > >       okhttp3.RealCall.execute() line: 60
> > >       org.hawkular.agent.monitor.service.MonitorService(org.
> > hawkular.agent.monitor.service.AgentCoreEngine).waitForHawkularServer()
> > >       line: 648
> > >       org.hawkular.agent.monitor.service.MonitorService(org.
> > hawkular.agent.monitor.service.AgentCoreEngine).startHawkularAgent(org.
> > hawkular.agent.monitor.config.AgentCoreEngineConfiguration)
> > >       line: 279
> > >       org.hawkular.agent.monitor.service.MonitorService(org.
> > hawkular.agent.monitor.service.AgentCoreEngine).startHawkularAgent()
> > >       line: 164
> > >       org.hawkular.agent.monitor.service.MonitorService$
> > 1CustomPropertyChangeListener$1.run()
> > >       line: 395
> > >       java.lang.Thread.run() line: 745
> > >
> > _______________________________________________
> > hawkular-dev mailing list
> > hawkular-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/hawkular-dev
> >
>

More information about the hawkular-dev mailing list