October 2019 - jboss-jira - Jboss List Archives

[JBoss JIRA] (WFWIP-196) Operator missing volumes from secrets and config maps

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFWIP-196?page=com.atlassian.jira.plugin.... ] Jeff Mesnil commented on WFWIP-196: ----------------------------------- Fixed in upstream in https://github.com/wildfly/wildfly-operator/pull/93 and https://github.com/wildfly/wildfly-operator/pull/96 > Operator missing volumes from secrets and config maps > ------------------------------------------------------ > > Key: WFWIP-196 > URL: https://issues.jboss.org/browse/WFWIP-196 > Project: WildFly WIP > Issue Type: Bug > Components: OpenShift > Reporter: Martin Choma > Assignee: Jeff Mesnil > Priority: Blocker > Labels: operator > > Operator is missing way of configuring volumes from secets and config maps > - secrets > -- configuring keystore in ssl > -- configuring keystore for jgroups ASYNC encryption in jgroups (DNS_PING, KUBE_PING)) > - config map > -- Microprofile Config and reading properties from ConfigMap > -- running custom CLI script from config map (EAP7-892) -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-218) server scale down keeps data in client's data/ejb-xa-recovery and transactions on client aren't commited

by Tomasz Adamski (Jira)

[ https://issues.jboss.org/browse/WFWIP-218?page=com.atlassian.jira.plugin.... ] Tomasz Adamski commented on WFWIP-218: -------------------------------------- The problem is this issue is as follows: 1. transaction log on on server is cleared correctly 2. server's stateful-set is scaled down (pod referenced by client disappears) 3. client checks in-doubt resource but cannot connect to the server In OpenShift environment with wildfly-operator, we can be sure that if the server's stateful-set was scaled down correctly then it logs must have been cleared. As a result, client records can be discarded. This is not true in general (bare-metal) where the server may go down and still have records in the log. in the context of above I would propose: 1. workaround - provide the customer with a manual procedure (if connection error to the server's pod occurs but the pod was scaled down correctly remove log records). This is not elegant, but this is an emergency and I don't expect it to be used often. 2. solution - if operating within OpenShift client cannot connect to one of the server's pods, client checks with OpenShift API whether the server's pod was scaled down. If it was, the record can be discarded. I would suggest downgrading this issue with provided workaround and later work on the target solution (which would require OpenShift integration and has to be researched). > server scale down keeps data in client's data/ejb-xa-recovery and transactions on client aren't commited > -------------------------------------------------------------------------------------------------------- > > Key: WFWIP-218 > URL: https://issues.jboss.org/browse/WFWIP-218 > Project: WildFly WIP > Issue Type: Bug > Components: OpenShift > Reporter: Martin Simka > Assignee: Ondrej Chaloupka > Priority: Blocker > > this follows up on WFWIP-206 > While testing tx recovery in OpenShift I see that scale down of pod that has transaction in-doubt on it isn't successful > Scenario: > *ejb client* (app tx-client, pod tx-client-0): > * EJB business method > ** lookup remote EJB > ** enlist XA resource 1 to transaction > ** enlist XA resource 2 to transaction > ** call remote EJB > *ejb server* (app tx-server, pod tx-server-0): > * EJB business method > ** enlist XA resource 1 to transaction > ** enlist XA resource 2 to transaction > *testTxStatelessServerSecondCommitThrowRmFail* > ejb server XA resource 2 fails with {{XAException(XAException.XAER_RMFAIL)}} > Then the test calls scale down (size from 1 to 0) on tx-server pod. Server scale down completes but sometimes there some records left in {{<JBOSS_HOME>/standalone/data/ejb-xa-recovery}} on tx-client and transactions on client aren't commited. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-187) Changes to PVC are not reflected in Operator

by Jeff Mesnil (Jira)

[ https://issues.jboss.org/browse/WFWIP-187?page=com.atlassian.jira.plugin.... ] Jeff Mesnil commented on WFWIP-187: ----------------------------------- Resizing a in-use PVC requires to enable the feature https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-... I don't think there is anything else to do on the operator side about it. > Changes to PVC are not reflected in Operator > -------------------------------------------- > > Key: WFWIP-187 > URL: https://issues.jboss.org/browse/WFWIP-187 > Project: WildFly WIP > Issue Type: Bug > Components: OpenShift > Reporter: Martin Choma > Assignee: Jeff Mesnil > Priority: Blocker > Labels: operator > > Any chnages (adding, removing or updating) made to PVC after WildFlyServer CR was created are not reflected in underlying PVC kubernetes object. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFLY-12595) Upgrade IronJacamar to 1.4.18.Final

by Ivo Studensky (Jira)

[ https://issues.jboss.org/browse/WFLY-12595?page=com.atlassian.jira.plugin... ] Ivo Studensky reassigned WFLY-12595: ------------------------------------ Assignee: Ivo Studensky (was: Stefano Maestri) > Upgrade IronJacamar to 1.4.18.Final > ----------------------------------- > > Key: WFLY-12595 > URL: https://issues.jboss.org/browse/WFLY-12595 > Project: WildFly > Issue Type: Component Upgrade > Components: Build System > Reporter: Ivo Studensky > Assignee: Ivo Studensky > Priority: Major > Labels: downstream_dependency > -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-224) Redundant template eap-cd-chained-build-s2i.json

by Jean Francois Denise (Jira)

[ https://issues.jboss.org/browse/WFWIP-224?page=com.atlassian.jira.plugin.... ] Jean Francois Denise resolved WFWIP-224. ---------------------------------------- Resolution: Done Template remove from https://github.com/wildfly/temp-openshift-image > Redundant template eap-cd-chained-build-s2i.json > ------------------------------------------------ > > Key: WFWIP-224 > URL: https://issues.jboss.org/browse/WFWIP-224 > Project: WildFly WIP > Issue Type: Bug > Components: OpenShift > Reporter: Nikoleta Ziakova > Assignee: Jean Francois Denise > Priority: Major > > The [chained-build|https://github.com/wildfly/temp-openshift-image/blob/EAP7-1...] template was added with old feature design when chained build was not possible to be added to the existing templates. Now the existing templates contain chained build so this new template has become redundant. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (SWSQE-953) ocp4-kqe2 cluster is stuck and not possible to remove

by Filip Brychta (Jira)

[ https://issues.jboss.org/browse/SWSQE-953?page=com.atlassian.jira.plugin.... ] Filip Brychta resolved SWSQE-953. --------------------------------- Resolution: Done > ocp4-kqe2 cluster is stuck and not possible to remove > ----------------------------------------------------- > > Key: SWSQE-953 > URL: https://issues.jboss.org/browse/SWSQE-953 > Project: Kiali QE > Issue Type: Bug > Reporter: Filip Brychta > Assignee: Filip Brychta > Priority: Major > Labels: infrastructure > > After mixing ocp 4.1 and 4.2 installation the ocp4-kqe2 is stuck and it's not possible to remove it even manually. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (WFWIP-224) Redundant template eap-cd-chained-build-s2i.json

by Jean Francois Denise (Jira)

[ https://issues.jboss.org/browse/WFWIP-224?page=com.atlassian.jira.plugin.... ] Jean Francois Denise commented on WFWIP-224: -------------------------------------------- This one will be removed. It is not needed anymore. The analysis doc reflects that. > Redundant template eap-cd-chained-build-s2i.json > ------------------------------------------------ > > Key: WFWIP-224 > URL: https://issues.jboss.org/browse/WFWIP-224 > Project: WildFly WIP > Issue Type: Bug > Components: OpenShift > Reporter: Nikoleta Ziakova > Assignee: Jean Francois Denise > Priority: Major > > The [chained-build|https://github.com/wildfly/temp-openshift-image/blob/EAP7-1...] template was added with old feature design when chained build was not possible to be added to the existing templates. Now the existing templates contain chained build so this new template has become redundant. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1851) Elytron ldaps realm fails if a referral is returned inside a search

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/ELY-1851?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse updated ELY-1851: ---------------------------------- Fix Version/s: 1.6.6.CR1 (was: 1.6.5.Final) > Elytron ldaps realm fails if a referral is returned inside a search > ------------------------------------------------------------------- > > Key: ELY-1851 > URL: https://issues.jboss.org/browse/ELY-1851 > Project: WildFly Elytron > Issue Type: Bug > Affects Versions: 1.6.3.Final > Reporter: Chao Wang > Assignee: Chao Wang > Priority: Major > Fix For: 1.6.6.CR1 > > > Elytron LdapRealm fails to follow a referral when ldaps is used (the {{ThreadLocalSSLSocketFactory}} is not set). > With a configuration similar to this one ({{memberOf}} is used to locate groups): > {code:xml} > <ldap-realm name="ldap-realm" dir-context="ldap-dir-context" direct-verification="true"> > <identity-mapping rdn-identifier="sAMAccountName" use-recursive-search="true" search-base-dn="DC=redhat,DC=com"> > <attribute-mapping> > <attribute reference="memberOf" from="cn" to="Roles" role-recursion="3"/> > </attribute-mapping> > </identity-mapping> > </ldap-realm> > ... > <dir-context name="ldap-dir-context" url="ldaps://ldap.redhat.com:636" principal="cn=Administrator,cn=Users,DC=redhat,DC=com" referral-mode="FOLLOW" ssl-context="ldaps-context"> > <credential-reference store="credstore" alias="ldap_password"/> > </dir-context> > {code} > If we have a group (or user) which contains a {{memberOf}} of another ldap, something like the following: > {noformat} > dn: CN=group-with-external-members,OU=Groups,DC=redhat,DC=com > ... > memberOf: CN=group-in-another-domain,OU=Groups,DC=lab,DC=redhat,DC=com > {noformat} > The following exception is thrown when a referral is returned for a group that is inside another ldapserver of the forest: > {noformat} > TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: java.lang.RuntimeException: ELY01079: ldap-realm realm failed to obtain attributes for entry [CN=group-with-external-members,OU=Groups,DC=redhat,DC=com] > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.extractFilteredAttributesFromSearch(LdapSecurityRealm.java:808) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$null$4(LdapSecurityRealm.java:768) > at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184) > at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) > at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1382) > at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) > at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) > at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151) > at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174) > at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) > at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.forEachAttributeValue(LdapSecurityRealm.java:841) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.lambda$extractFilteredAttributes$6(LdapSecurityRealm.java:766) > at java.util.stream.Collectors.lambda$toMap$58(Collectors.java:1321) > at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169) > at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) > at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1382) > at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481) > at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) > at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) > at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) > at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.extractAttributes(LdapSecurityRealm.java:828) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.extractFilteredAttributes(LdapSecurityRealm.java:754) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.getAttributes(LdapSecurityRealm.java:516) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.getAuthorizationIdentity(LdapSecurityRealm.java:497) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:1923) > at org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:1952) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:509) > at org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:489) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:872) > at org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:839) > at org.wildfly.security.sasl.util.SSLQueryCallbackHandler.handle(SSLQueryCallbackHandler.java:60) > at org.wildfly.security.sasl.util.TrustManagerSaslServerFactory.lambda$createSaslServer$0(TrustManagerSaslServerFactory.java:96) > at org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:146) > at org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58) > at org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:106) > at org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245) > at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217) > at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:486) > at org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:942) > at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) > at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) > at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) > at java.lang.Thread.run(Thread.java:748) > Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01108: ldap-realm realm identity search failed > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapSearch.search(LdapSecurityRealm.java:1141) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.extractFilteredAttributesFromSearch(LdapSecurityRealm.java:797) > ... 46 more > Caused by: javax.naming.CommunicationException: ldap.lab.redhat.com:636 [Root exception is java.lang.IllegalStateException: ELY04025: DirContext tries to connect without ThreadLocalSSLSocketFactory thread local setting] > at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:96) > at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:151) > at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1861) > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769) > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1786) > at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:418) > at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:396) > at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297) > at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:297) > at org.wildfly.security.auth.realm.ldap.DelegatingLdapContext.search(DelegatingLdapContext.java:335) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapSearch.searchWithPagination(LdapSecurityRealm.java:1161) > at org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapSearch.search(LdapSecurityRealm.java:1038) > ... 47 more > Caused by: java.lang.IllegalStateException: ELY04025: DirContext tries to connect without ThreadLocalSSLSocketFactory thread local setting > at org.wildfly.security.auth.realm.ldap.ThreadLocalSSLSocketFactory.getDefault(ThreadLocalSSLSocketFactory.java:46) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:296) > at com.sun.jndi.ldap.Connection.<init>(Connection.java:215) > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1609) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) > at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151) > at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52) > at org.jboss.as.naming.context.ObjectFactoryBuilder$ReferenceUrlContextFactoryWrapper.getObjectInstance(ObjectFactoryBuilder.java:293) > at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:300) > at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:119) > ... 58 more > {noformat} > The reason seems to be that the {{ThreadLocalSSLSocketFactory}} is not set when doing a search, so, if a referral is returned the new search created inside the current one has no access to the {{SSLSocketFactory}} in the thread local. -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1883) Release WildFly Elytron 1.6.5.Final

by Darran Lofthouse (Jira)

[ https://issues.jboss.org/browse/ELY-1883?page=com.atlassian.jira.plugin.s... ] Darran Lofthouse resolved ELY-1883. ----------------------------------- Resolution: Done [~ivassile] FYI https://github.com/wildfly-security/wildfly-elytron/tree/1.6.5.Final > Release WildFly Elytron 1.6.5.Final > ----------------------------------- > > Key: ELY-1883 > URL: https://issues.jboss.org/browse/ELY-1883 > Project: WildFly Elytron > Issue Type: Release > Reporter: Darran Lofthouse > Assignee: Darran Lofthouse > Priority: Major > Fix For: 1.6.5.CR1 > > -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

[JBoss JIRA] (ELY-1883) Release WildFly Elytron 1.6.5.Final

by Darran Lofthouse (Jira)

Darran Lofthouse created ELY-1883: ------------------------------------- Summary: Release WildFly Elytron 1.6.5.Final Key: ELY-1883 URL: https://issues.jboss.org/browse/ELY-1883 Project: WildFly Elytron Issue Type: Release Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: 1.6.5.CR1 -- This message was sent by Atlassian Jira (v7.13.8#713008)

4 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira October 2019