August 2018 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFWIP-99) /health endpoint still available after /subsystem=microprofile-health-smallrye:remove

by Rostislav Svoboda (JIRA)

[ https://issues.jboss.org/browse/WFWIP-99?page=com.atlassian.jira.plugin.s... ] Rostislav Svoboda closed WFWIP-99. ---------------------------------- Endpoint gets removed > /health endpoint still available after /subsystem=microprofile-health-smallrye:remove > -------------------------------------------------------------------------------------- > > Key: WFWIP-99 > URL: https://issues.jboss.org/browse/WFWIP-99 > Project: WildFly WIP > Issue Type: Bug > Components: MP Health > Reporter: Rostislav Svoboda > Assignee: Jeff Mesnil > Priority: Critical > > /health endpoint still available after /subsystem=microprofile-health-smallrye:remove > {code} > [standalone@localhost:9990 /] /subsystem=microprofile-health-smallrye:remove > {"outcome" => "success"} > {code} > I see 2 ways to go: > A) reload required should be reported > B) /health endpoint gets removed > CLI says > {code} > [standalone@localhost:9990 /] /subsystem=microprofile-health-smallrye:check > { > "outcome" => "failed", > "failure-description" => "WFLYCTL0216: Management resource '[(\"subsystem\" => \"microprofile-health-smallrye\")]' not found", > "rolled-back" => true > } > {code} > But curl is still happy: > {code} > curl -v http://127th.0.1:9990/health > * Trying 127.0.0.1... > * TCP_NODELAY set > * Connected to 127.0.0.1 (127.0.0.1) port 9990 (#0) > > GET /health HTTP/1.1 > > Host: 127.0.0.1:9990 > > User-Agent: curl/7.54.0 > > Accept: */* > > > < HTTP/1.1 200 OK > < Connection: keep-alive > < Content-Type: application/json > < Content-Length: 157 > < Date: Fri, 10 Aug 2018 08:47:02 GMT > < > * Connection #0 to host 127.0.0.1 left intact > {"outcome":"UP","checks":[{"name":"AppHealth","state":"UP","data":{"application":"available"}},{"name":"CountHealthCheck","state":"UP","data":{"count":20}}]} > {code} -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-97) MP Health is not available in standalone HA profiles

by Rostislav Svoboda (JIRA)

[ https://issues.jboss.org/browse/WFWIP-97?page=com.atlassian.jira.plugin.s... ] Rostislav Svoboda closed WFWIP-97. ---------------------------------- > MP Health is not available in standalone HA profiles > ---------------------------------------------------- > > Key: WFWIP-97 > URL: https://issues.jboss.org/browse/WFWIP-97 > Project: WildFly WIP > Issue Type: Bug > Components: MP Health > Reporter: Rostislav Svoboda > Assignee: Jeff Mesnil > Priority: Blocker > > MP Health is not available in standalone HA profiles > MP health is defined in > * standalone/configuration//standalone-full.xml > * standalone/configuration//standalone.xml > MP health is NOT defined in > * standalone/configuration//standalone-full-ha.xml > * standalone/configuration//standalone-ha.xml > Using build based on https://github.com/wildfly/wildfly/pull/11503 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2827) [DMN Designer] SVG produced for each save operation

by Michael Anstis (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2827?page=com.atlassian.jira.plugi... ] Michael Anstis updated DROOLS-2827: ----------------------------------- Story Points: 3 > [DMN Designer] SVG produced for each save operation > --------------------------------------------------- > > Key: DROOLS-2827 > URL: https://issues.jboss.org/browse/DROOLS-2827 > Project: Drools > Issue Type: Bug > Components: DMN Editor > Reporter: Jozef Marko > Assignee: Michael Anstis > Labels: drools-tools > Attachments: Screenshot from 2018-08-02 10-56-15.png > > > Each save operation in DMN designer produces new svg file in the workbench. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (DROOLS-2827) [DMN Designer] SVG produced for each save operation

by Michael Anstis (JIRA)

[ https://issues.jboss.org/browse/DROOLS-2827?page=com.atlassian.jira.plugi... ] Michael Anstis updated DROOLS-2827: ----------------------------------- Sprint: 2018 Week 33-35 > [DMN Designer] SVG produced for each save operation > --------------------------------------------------- > > Key: DROOLS-2827 > URL: https://issues.jboss.org/browse/DROOLS-2827 > Project: Drools > Issue Type: Bug > Components: DMN Editor > Reporter: Jozef Marko > Assignee: Michael Anstis > Labels: drools-tools > Attachments: Screenshot from 2018-08-02 10-56-15.png > > > Each save operation in DMN designer produces new svg file in the workbench. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10824) Upgrade JBossWS to 5.2.2.Final

by Alessio Soldano (JIRA)

Alessio Soldano created WFLY-10824: -------------------------------------- Summary: Upgrade JBossWS to 5.2.2.Final Key: WFLY-10824 URL: https://issues.jboss.org/browse/WFLY-10824 Project: WildFly Issue Type: Component Upgrade Components: Web Services Reporter: Alessio Soldano Assignee: Alessio Soldano Fix For: 14.0.0.CR1 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ] Radoslav Husar commented on WFLY-10795: --------------------------------------- [~jkasik] Thanks for the report -- the PR with a fix is up. Fixed affected version since this has not been in any release yet. > Non-Elytron SSL configuration won't establish secure channel between worker and balancer > ---------------------------------------------------------------------------------------- > > Key: WFLY-10795 > URL: https://issues.jboss.org/browse/WFLY-10795 > Project: WildFly > Issue Type: Bug > Components: mod_cluster > Affects Versions: No Release > Environment: Latest snapshot from ci.wildfly.org > Reporter: Jan Kašík > Assignee: Radoslav Husar > Priority: Blocker > Fix For: 14.0.0.CR1 > > Attachments: confs.zip > > > When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer. > Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel. > I enabled SSL debugging, and such unsecured-secured communication causes this error: > {code} > 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl. > 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false > 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true > 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true > 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false > 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record > 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2 > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal() > {code} > What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from: > {code} > 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2 > at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Suppressed: org.infinispan.util.logging.TraceException > at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75) > at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525) > at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508) > at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321) > at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87) > at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731) > at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175) > at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37) > at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47) > ... 1 more > {code} > Configuration using non-Elytron configuration was possible before, hence this is a regression. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-7816) Camel CXF version not compatible with WildFly CXF

by Alessio Soldano (JIRA)

[ https://issues.jboss.org/browse/WFLY-7816?page=com.atlassian.jira.plugin.... ] Alessio Soldano resolved WFLY-7816. ----------------------------------- Resolution: Out of Date > Camel CXF version not compatible with WildFly CXF > ------------------------------------------------- > > Key: WFLY-7816 > URL: https://issues.jboss.org/browse/WFLY-7816 > Project: WildFly > Issue Type: Component Upgrade > Components: Web Services > Affects Versions: 10.1.0.Final > Reporter: Thomas Diesler > Assignee: Alessio Soldano > > cxf-3.1.9 distributed with camel-2.19.x is not compatible with cxf-3.1.6 from wildfly-10.1.0.Final > {code} > Caused by: java.lang.NoSuchMethodError: org.apache.cxf.message.Message.remove(Ljava/lang/Class;)Ljava/lang/Object; > at org.apache.camel.component.cxf.CxfEndpoint$CamelCxfClientImpl.setParameters(CxfEndpoint.java:1239) > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:470) > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:416) > at org.apache.camel.component.cxf.CxfProducer.process(CxfProducer.java:133) > {code} > CrossRef: https://github.com/wildfly-extras/wildfly-camel/issues/1546 -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ] Radoslav Husar updated WFLY-10795: ---------------------------------- Fix Version/s: 14.0.0.CR1 > Non-Elytron SSL configuration won't establish secure channel between worker and balancer > ---------------------------------------------------------------------------------------- > > Key: WFLY-10795 > URL: https://issues.jboss.org/browse/WFLY-10795 > Project: WildFly > Issue Type: Bug > Components: mod_cluster > Affects Versions: No Release > Environment: Latest snapshot from ci.wildfly.org > Reporter: Jan Kašík > Assignee: Radoslav Husar > Priority: Blocker > Fix For: 14.0.0.CR1 > > Attachments: confs.zip > > > When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer. > Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel. > I enabled SSL debugging, and such unsecured-secured communication causes this error: > {code} > 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl. > 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false > 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true > 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true > 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false > 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record > 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2 > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal() > {code} > What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from: > {code} > 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2 > at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Suppressed: org.infinispan.util.logging.TraceException > at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75) > at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525) > at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508) > at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321) > at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87) > at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731) > at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175) > at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37) > at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47) > ... 1 more > {code} > Configuration using non-Elytron configuration was possible before, hence this is a regression. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ] Radoslav Husar updated WFLY-10795: ---------------------------------- Affects Version/s: No Release (was: 14.0.0.CR1) > Non-Elytron SSL configuration won't establish secure channel between worker and balancer > ---------------------------------------------------------------------------------------- > > Key: WFLY-10795 > URL: https://issues.jboss.org/browse/WFLY-10795 > Project: WildFly > Issue Type: Bug > Components: mod_cluster > Affects Versions: No Release > Environment: Latest snapshot from ci.wildfly.org > Reporter: Jan Kašík > Assignee: Radoslav Husar > Priority: Blocker > Fix For: 14.0.0.CR1 > > Attachments: confs.zip > > > When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer. > Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel. > I enabled SSL debugging, and such unsecured-secured communication causes this error: > {code} > 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl. > 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false > 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true > 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true > 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false > 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record > 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2 > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal() > {code} > What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from: > {code} > 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2 > at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Suppressed: org.infinispan.util.logging.TraceException > at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75) > at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525) > at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508) > at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321) > at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87) > at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731) > at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175) > at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37) > at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47) > ... 1 more > {code} > Configuration using non-Elytron configuration was possible before, hence this is a regression. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-10795) Non-Elytron SSL configuration won't establish secure channel between worker and balancer

by Radoslav Husar (JIRA)

[ https://issues.jboss.org/browse/WFLY-10795?page=com.atlassian.jira.plugin... ] Radoslav Husar updated WFLY-10795: ---------------------------------- Priority: Blocker (was: Major) I see the problem now (caused by last change in the mentioned PR requested by a review), the resource is not recursively read and thus the ssl child is missing. Fixing now. > Non-Elytron SSL configuration won't establish secure channel between worker and balancer > ---------------------------------------------------------------------------------------- > > Key: WFLY-10795 > URL: https://issues.jboss.org/browse/WFLY-10795 > Project: WildFly > Issue Type: Bug > Components: mod_cluster > Affects Versions: 14.0.0.CR1 > Environment: Latest snapshot from ci.wildfly.org > Reporter: Jan Kašík > Assignee: Radoslav Husar > Priority: Blocker > Attachments: confs.zip > > > When running scenario, where connection between worker and balancer is secured with SSL, worker fails to register on balancer. > Worker obviously tries to send INFO commands, though it sends it as a 'plain text' to a secured channel. > I enabled SSL debugging, and such unsecured-secured communication causes this error: > {code} > 09:42:20,456 INFO [stdout] (default I/O-4) Using SSLEngineImpl. > 09:42:20,458 INFO [stdout] (default I/O-4) Allow unsafe renegotiation: false > 09:42:20,458 INFO [stdout] (default I/O-4) Allow legacy hello messages: true > 09:42:20,458 INFO [stdout] (default I/O-4) Is initial handshake: true > 09:42:20,459 INFO [stdout] (default I/O-4) Is secure renegotiation: false > 09:42:20,459 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,460 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,461 INFO [stdout] (default I/O-4) Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 > 09:42:20,479 INFO [stdout] (default I/O-4) default I/O-4, fatal error: 80: problem unwrapping net record > 09:42:20,480 INFO [stdout] (default I/O-4) javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, SEND TLSv1.2 ALERT: fatal, description = internal_error > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, WRITE: TLSv1.2 Alert, length = 2 > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeInbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, called closeOutbound() > 09:42:20,480 INFO [stdout] (default I/O-4) default I/O-4, closeOutboundInternal() > {code} > What bothers me, that there are no other errors (bad certificate, CLI error...) in log regarding this. Apart from: > {code} > 09:45:42,653 WARN [org.infinispan.topology.ClusterTopologyManagerImpl] (transport-thread--p14-t16) ISPN000197: Error updating cluster member list: org.infinispan.util.concurrent.TimeoutException: ISPN000476: Timed out waiting for responses for request 6 from wildfly-14.0.0.Beta2-SNAPSHOT-2 > at org.infinispan.remoting.transport.impl.MultiTargetRequest.onTimeout(MultiTargetRequest.java:167) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:87) > at org.infinispan.remoting.transport.AbstractRequest.call(AbstractRequest.java:22) > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > Suppressed: org.infinispan.util.logging.TraceException > at org.infinispan.remoting.transport.Transport.invokeRemotely(Transport.java:75) > at org.infinispan.topology.ClusterTopologyManagerImpl.confirmMembersAvailable(ClusterTopologyManagerImpl.java:525) > at org.infinispan.topology.ClusterTopologyManagerImpl.updateCacheMembers(ClusterTopologyManagerImpl.java:508) > at org.infinispan.topology.ClusterTopologyManagerImpl.handleClusterView(ClusterTopologyManagerImpl.java:321) > at org.infinispan.topology.ClusterTopologyManagerImpl.access$500(ClusterTopologyManagerImpl.java:87) > at org.infinispan.topology.ClusterTopologyManagerImpl$ClusterViewListener.lambda$handleViewChange$0(ClusterTopologyManagerImpl.java:731) > at org.infinispan.executors.LimitedExecutor.runTasks(LimitedExecutor.java:175) > at org.infinispan.executors.LimitedExecutor.access$100(LimitedExecutor.java:37) > at org.infinispan.executors.LimitedExecutor$Runner.run(LimitedExecutor.java:227) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at org.wildfly.clustering.service.concurrent.ClassLoaderThreadFactory.lambda$newThread$0(ClassLoaderThreadFactory.java:47) > ... 1 more > {code} > Configuration using non-Elytron configuration was possible before, hence this is a regression. -- This message was sent by Atlassian JIRA (v7.5.0#75005)

7 years, 9 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira August 2018