[JBoss JIRA] (WFLY-11529) Expose WildFly metrics in /metrics endpoints
by Jeff Mesnil (Jira)
[ https://issues.jboss.org/browse/WFLY-11529?page=com.atlassian.jira.plugin... ]
Jeff Mesnil updated WFLY-11529:
-------------------------------
Affects Version/s: (was: 15.0.0.Beta1)
> Expose WildFly metrics in /metrics endpoints
> --------------------------------------------
>
> Key: WFLY-11529
> URL: https://issues.jboss.org/browse/WFLY-11529
> Project: WildFly
> Issue Type: Bug
> Components: MP Metrics
> Reporter: Jeff Mesnil
> Assignee: Jeff Mesnil
> Priority: Critical
>
> MicroProfile Metrics mandates that metrics names are unique and does not able to have multiple suppliers for the same metric with different labels.
> Due to this restriction, the names of WildFly metrics are long and convoluted; e.g. `deployment/example.war/subsystem/undertow/servlet/org.example.MyServlet/request-count`
> This type of names prevents any aggregation in Prometheus and is very different from the names configured in the imx-exporter for older WildFly versions (https://github.com/jboss-openshift/cct_module/pull/314)
> Instead, the name of the metric should be "simple" (e.g. undertow_request_count) and the different supplies should provide labels:
> {code}
> undertow_request_count{deployment="foo.war", servlet="MyServletA"} 5.0
> undertow_request_count{deployment="foo.war", servlet="MyServletB"} 10.0
> {code}
> In its current state the WildFly metrics are not usable and we should disable them until they are properly exposed in a correct state.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-11529) Expose WildFly metrics in /metrics endpoints
by Jeff Mesnil (Jira)
Jeff Mesnil created WFLY-11529:
----------------------------------
Summary: Expose WildFly metrics in /metrics endpoints
Key: WFLY-11529
URL: https://issues.jboss.org/browse/WFLY-11529
Project: WildFly
Issue Type: Bug
Components: MP Metrics
Affects Versions: 15.0.0.Beta1
Reporter: Jeff Mesnil
Assignee: Jeff Mesnil
Fix For: 15.0.0.Final
MicroProfile Metrics mandates that metrics names are unique and does not able to have multiple suppliers for the same metric with different labels.
Due to this restriction, the names of WildFly metrics are long and convoluted; e.g. `deployment/example.war/subsystem/undertow/servlet/org.example.MyServlet/request-count`
This type of names prevents any aggregation in Prometheus and is very different from the names configured in the imx-exporter for older WildFly versions (https://github.com/jboss-openshift/cct_module/pull/314)
Instead, the name of the metric should be "simple" (e.g. undertow_request_count) and the different supplies should provide labels:
{code}
undertow_request_count{deployment="foo.war", servlet="MyServletA"} 5.0
undertow_request_count{deployment="foo.war", servlet="MyServletB"} 10.0
{code}
In its current state the WildFly metrics are not usable and we should disable them until they are properly exposed in a correct state.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-3789) Vault cannot be initialized with external password provided by CLASS
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-3789?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-3789.
------------------------------------
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketBox which is deprecated.
> Vault cannot be initialized with external password provided by CLASS
> ---------------------------------------------------------------------
>
> Key: WFLY-3789
> URL: https://issues.jboss.org/browse/WFLY-3789
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Filip Bogyai
> Assignee: Peter Skopek
> Priority: Major
>
> When vault is configured to use external password obtained from CLASS, e.g. :{code:xml} <vault-option name="KEYSTORE_PASSWORD" value="{CLASS}org.jboss.security.plugins.TmpFilePassword:${java.io.tmpdir}/tmp.password"/> {code}
> WildFly is unable to start, because of ClassNotFoundException:
> {code}
> 11:00:40,696 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([("core-service" => "vault")]): java.lang.RuntimeException: WFLYSRV0076: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception:
> at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:88) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractAddStepHandler$1.execute(AbstractAddStepHandler.java:75) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:657) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:498) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractOperationContext.completeStepInternal(AbstractOperationContext.java:299) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractOperationContext.executeOperation(AbstractOperationContext.java:294) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.OperationContextImpl.executeOperation(OperationContextImpl.java:1072) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.ModelControllerImpl.boot(ModelControllerImpl.java:375) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:297) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.server.ServerService.boot(ServerService.java:373) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.server.ServerService.boot(ServerService.java:348) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:259) [wildfly-controller-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
> Caused by: org.jboss.as.server.services.security.VaultReaderException: WFLYSEC0017: Vault Reader Exception:
> at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:99) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT]
> at org.jboss.as.server.services.security.VaultAddHandler.performRuntime(VaultAddHandler.java:86) [wildfly-server-1.0.0.Alpha4.jar:1.0.0.Alpha4]
> ... 12 more
> Caused by: org.jboss.security.vault.SecurityVaultException: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab
> at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:210) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
> at org.jboss.as.security.vault.RuntimeVaultReader.createVault(RuntimeVaultReader.java:97) [wildfly-security-9.0.0.Alpha1-SNAPSHOT.jar:9.0.0.Alpha1-SNAPSHOT]
> ... 13 more
> Caused by: java.lang.ClassNotFoundException: org.jboss.security.plugins.TmpFilePassword from [Module "org.jboss.as.controller:main" from local module loader @4be525ab
> at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:213) [jboss-modules.jar:1.3.3.Final]
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:459) [jboss-modules.jar:1.3.3.Final]
> at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:408) [jboss-modules.jar:1.3.3.Final]
> at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:389) [jboss-modules.jar:1.3.3.Final]
> at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:134) [jboss-modules.jar:1.3.3.Final]
> at org.jboss.security.Util.invokePasswordClass(Util.java:174) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
> at org.jboss.security.Util.loadPassword(Util.java:126) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
> at org.picketbox.plugins.vault.PicketBoxSecurityVault.loadKeystorePassword(PicketBoxSecurityVault.java:343) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
> at org.picketbox.plugins.vault.PicketBoxSecurityVault.init(PicketBoxSecurityVault.java:204) [picketbox-4.0.21.Beta3.jar:4.0.21.Beta3]
> ... 14 more
> {code}
> External passwords for vault were introduces by RFE: SECURITY-831
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-5558) Redundant security-related XML schema files
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-5558?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-5558.
------------------------------------
Assignee: Darran Lofthouse
Resolution: Won't Do
Marking as 'Won't Fix' as this is in relation to PicketBox which is deprecated.
> Redundant security-related XML schema files
> -------------------------------------------
>
> Key: WFLY-5558
> URL: https://issues.jboss.org/browse/WFLY-5558
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.0.CR3
> Reporter: Martin Švehla
> Assignee: Darran Lofthouse
> Priority: Major
>
> There are several XML schemas in server's docs/schemas that are in my opinion redundant and should be removed:
> * picketbox-security-domain-configuration_4_0.xsd - duplicates subsystem configuration in jboss-as-security_1_2.xsd
> * security-config_*.xsd - 3 schemas for old deployable security configuration descriptor. These kinds of deployments are afaik not supported in EAP 7.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-5894) Usage of context.getOriginalRootResource().navigate(pathAddress) should be reviewed in the picketlink subsystem
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-5894?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-5894.
------------------------------------
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketLink which is deprecated.
> Usage of context.getOriginalRootResource().navigate(pathAddress) should be reviewed in the picketlink subsystem
> ---------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-5894
> URL: https://issues.jboss.org/browse/WFLY-5894
> Project: WildFly
> Issue Type: Task
> Components: Security
> Reporter: James Perkins
> Assignee: Pedro Igor
> Priority: Major
>
> There are 4 resource definitions that use the {{OperationContext.getOriginalRootResource()}} method. These could be fragile in a composite add/write operation as a {{NoSuchResourceException}} might be thrown during the {{Resource.navigate()}} method.
> 1. {{org.wildfly.extension.picketlink.federation.model.idp.IdentityProviderResourceDefinition}}
> 2. {{org.wildfly.extension.picketlink.federation.model.keystore.KeyStoreProviderResourceDefinition}}
> 3. {{org.wildfly.extension.picketlink.federation.model.saml.SAMLResourceDefinition}}
> 4. {{org.wildfly.extension.picketlink.federation.model.sp.ServiceProviderResourceDefinition}}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFLY-6839) It is impossible configure KeyStore ValidatingAlias in picketlink-federation subsystem same as in picketlink.xml
by Darran Lofthouse (Jira)
[ https://issues.jboss.org/browse/WFLY-6839?page=com.atlassian.jira.plugin.... ]
Darran Lofthouse resolved WFLY-6839.
------------------------------------
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketLink which is deprecated.
> It is impossible configure KeyStore ValidatingAlias in picketlink-federation subsystem same as in picketlink.xml
> ----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-6839
> URL: https://issues.jboss.org/browse/WFLY-6839
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Pedro Igor
> Priority: Major
>
> In picketlink.xml configuration file I can define multiple ValidatingAlias for same certificate alias.
> {code}
> <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
> ...
> ...
> <ValidatingAlias Key="localhost" Value="servercert" />
> <ValidatingAlias Key="127.0.0.1" Value="servercert" />
> </KeyProvider>
> {code}
> But in subsystem configuration I cannot do this.
> *Workaround*
> You can clone your certificate in keystore under different alias and then add new validating alias with this value.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months
[JBoss JIRA] (WFCORE-4258) Intermittent failure in PropertiesAuthenticationDigestedTestCase.testBadUser
by Brian Stansberry (Jira)
Brian Stansberry created WFCORE-4258:
----------------------------------------
Summary: Intermittent failure in PropertiesAuthenticationDigestedTestCase.testBadUser
Key: WFCORE-4258
URL: https://issues.jboss.org/browse/WFCORE-4258
Project: WildFly Core
Issue Type: Bug
Components: Security, Test Suite
Reporter: Brian Stansberry
Assignee: Darran Lofthouse
https://ci.wildfly.org/viewLog.html?buildId=134022&buildTypeId=WildFlyCor...
{code}
java.lang.IllegalStateException: WFLYDM0043: No CallbackHandler available for mechanism DIGEST in realm TestRealm
at org.jboss.as.domain.management.security.SecurityRealmService.getCallbackHandlerService(SecurityRealmService.java:565)
at org.jboss.as.domain.management.security.SecurityRealmService.getAuthorizingCallbackHandler(SecurityRealmService.java:462)
at org.jboss.as.domain.management.security.realms.PropertiesAuthenticationDigestedTestCase.testBadUser(PropertiesAuthenticationDigestedTestCase.java:125)
{code}
TeamCity shows 3 failures in the past month.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 6 months