[JBoss JIRA] (WFLY-10474) AMQ119012: Timed out waiting to receive initial broadcast from cluster
by Erich Duda (JIRA)
[ https://issues.jboss.org/browse/WFLY-10474?page=com.atlassian.jira.plugin... ]
Erich Duda commented on WFLY-10474:
-----------------------------------
[~jmesnil] This issue is blocker for Wildfly 14. Can you please take a look. It looks like bug in JGroups.
> AMQ119012: Timed out waiting to receive initial broadcast from cluster
> ----------------------------------------------------------------------
>
> Key: WFLY-10474
> URL: https://issues.jboss.org/browse/WFLY-10474
> Project: WildFly
> Issue Type: Bug
> Components: JMS
> Affects Versions: 13.0.0.Beta1
> Reporter: Erich Duda
> Assignee: Jeff Mesnil
> Priority: Critical
> Labels: blocker-WF14
>
> In messaging HA scenarios we see that tests sometimes fail because of exception \[1\]. The exception is thrown from {{ServerLocatorImpl::createSessionFactory}} which waits until initial broadcast from cluster is received, but it is not received in 10 seconds timeout. In following scenario the issue causes split brain - both live and backup are active at the same time.
> *Scenario*
> * There are two Wildfly/Artemis servers configured as Live-Backup pair
> * Live server is killed
> * Backup server becomes new Live server
> * Live server is restarted and failback is performed
> *Expectation:* Failback performs successfully. Original Live becomes Live again and original Backup becomes Backup again.
> *Reality:* After the Live is restarted, it does not detect that there is already another active Live with the same nodeId and it activates (becomes Live) so both Live and Backup are active at the same time.
> *Technical details*
> I found out that original Live server does not detect that its Backup is active, because SharedNothingLiveActivation::isNodeIdUsed returns false. I added more logs to this method and found out that the {{false}} is returned from line \[2\] after that the exception \[1\] is thrown.
> *Investigation report*
> I tried to downgrade Artemis to {{1.5.5.jbossorg-010}} version but I hit the same issue. So the issue is not caused by recent Artemis upgrade.
> It is regression against EAP 7.1.0.GA but it is not regression against Wildfly 12.
> We see the issue only with JGroups. I tried to run the test with Netty discovery and it passed 50 times in row.
> \[1\]
> {code}
> ActiveMQConnectionTimedOutException[errorType=CONNECTION_TIMEDOUT message=AMQ119012: Timed out waiting to receive initial broadcast from cluster]
> at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:749) [artemis-core-client-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.connect(ServerLocatorImpl.java:627) [artemis-core-client-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.connectNoWarnings(ServerLocatorImpl.java:633) [artemis-core-client-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.core.server.impl.SharedNothingLiveActivation.isNodeIdUsed(SharedNothingLiveActivation.java:280) [artemis-server-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.core.server.impl.SharedNothingLiveActivation.run(SharedNothingLiveActivation.java:90) [artemis-server-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.internalStart(ActiveMQServerImpl.java:539) [artemis-server-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl.start(ActiveMQServerImpl.java:485) [artemis-server-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.apache.activemq.artemis.jms.server.impl.JMSServerManagerImpl.start(JMSServerManagerImpl.java:413) [artemis-jms-server-1.5.5.jbossorg-012.jar:1.5.5.jbossorg-SNAPSHOT]
> at org.wildfly.extension.messaging.activemq.jms.JMSService.doStart(JMSService.java:205) [wildfly-messaging-activemq-13.0.0.Beta2-SNAPSHOT.jar:13.0.0.Beta2-SNAPSHOT]
> at org.wildfly.extension.messaging.activemq.jms.JMSService.access$000(JMSService.java:64) [wildfly-messaging-activemq-13.0.0.Beta2-SNAPSHOT.jar:13.0.0.Beta2-SNAPSHOT]
> at org.wildfly.extension.messaging.activemq.jms.JMSService$1.run(JMSService.java:99) [wildfly-messaging-activemq-13.0.0.Beta2-SNAPSHOT.jar:13.0.0.Beta2-SNAPSHOT]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [rt.jar:1.8.0_171]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_171]
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-2.3.2.Final.jar:2.3.2.Final]
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) [jboss-threads-2.3.2.Final.jar:2.3.2.Final]
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) [jboss-threads-2.3.2.Final.jar:2.3.2.Final]
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) [jboss-threads-2.3.2.Final.jar:2.3.2.Final]
> at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_171]
> at org.jboss.threads.JBossThread.run(JBossThread.java:485) [jboss-threads-2.3.2.Final.jar:2.3.2.Final]
> {code}
> \[2\] https://github.com/rh-messaging/jboss-activemq-artemis/blob/465eb8733e465...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1607) Revise cipher suites exposed by Elytron
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1607?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse commented on ELY-1607:
---------------------------------------
I think this is definitely a good case to review how we currently document how the databases were initially defined and how they are maintained so future engineers to work on this have a good head start to track down the information needed to verify and apply updates.
> Revise cipher suites exposed by Elytron
> ---------------------------------------
>
> Key: ELY-1607
> URL: https://issues.jboss.org/browse/ELY-1607
> Project: WildFly Elytron
> Issue Type: Bug
> Components: SSL
> Affects Versions: 1.4.0.Final
> Reporter: Martin Choma
> Assignee: Justin Cook
> Priority: Blocker
> Fix For: 1.4.1.CR1
>
>
> I know there have been discussed earlier we should revise/update database and defaults regularly.
> Checking few ciphersuites from java cipher suite list [1]. I have noticed:
> * Elytron is missing CHACHA20 variants introduced in rfc 7905
> * missing ciphersuites from RFC 6209
> * ...
> Please revise content of MechanismDatabase.properties
> [1] https://docs.oracle.com/javase/10/docs/specs/security/standard-names.html...
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1609) constraint drive authentication method in undertow doesn't work with elytron
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1609?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1609:
----------------------------------
Fix Version/s: 1.4.1.CR1
> constraint drive authentication method in undertow doesn't work with elytron
> ----------------------------------------------------------------------------
>
> Key: ELY-1609
> URL: https://issues.jboss.org/browse/ELY-1609
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.4.0.Final
> Reporter: Darran Lofthouse
> Priority: Critical
> Fix For: 1.4.1.CR1
>
>
> When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.
> If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1609) constraint drive authentication method in undertow doesn't work with elytron
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1609?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse updated ELY-1609:
----------------------------------
Priority: Critical (was: Major)
> constraint drive authentication method in undertow doesn't work with elytron
> ----------------------------------------------------------------------------
>
> Key: ELY-1609
> URL: https://issues.jboss.org/browse/ELY-1609
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.4.0.Final
> Reporter: Darran Lofthouse
> Priority: Critical
>
> When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.
> If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years
[JBoss JIRA] (ELY-1609) constraint drive authentication method in undertow doesn't work with elytron
by Darran Lofthouse (JIRA)
[ https://issues.jboss.org/browse/ELY-1609?page=com.atlassian.jira.plugin.s... ]
Darran Lofthouse moved JBEAP-15057 to ELY-1609:
-----------------------------------------------
Project: WildFly Elytron (was: JBoss Enterprise Application Platform)
Key: ELY-1609 (was: JBEAP-15057)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: HTTP
(was: Security)
(was: Web (Undertow))
Affects Version/s: 1.4.0.Final
(was: 7.1.3.GA)
> constraint drive authentication method in undertow doesn't work with elytron
> ----------------------------------------------------------------------------
>
> Key: ELY-1609
> URL: https://issues.jboss.org/browse/ELY-1609
> Project: WildFly Elytron
> Issue Type: Bug
> Components: HTTP
> Affects Versions: 1.4.0.Final
> Reporter: Darran Lofthouse
>
> When elytron is enabled constraint driven authentication method (i.e. proactive-authentication=false) has no effect.
> If you try to request an unsecured page sending in an invalid user with basic authentication, you should get the page returned with constraint drive authentication and a 401 with proactive authentication. This is what happens without Elytron enabled. But if you enable Elytron it gives a 401 in both cases.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
8 years