[JBoss JIRA] (WFWIP-229) Configuring JGroups encryption protocols produces deprecated configuration

Friday, 4 October 2019

    [
https://issues.jboss.org/browse/WFWIP-229?page=com.atlassian.jira.plugin....
] 

Yeray Borges commented on WFWIP-229:
------------------------------------

Hi [~mjurc], in my opinion, this issue should be resolved as rejected because there is a
non-deprecated version of ASYM_ENCRYPT protocol when the cluster security is not managed
by Elytron. I tested the Elytron variant, and I successfully see the non-deprecated
version added to the stack.

Using docker you could try with the following configuration:

{noformat}
-e JGROUPS_ENCRYPT_PROTOCOL="SYM_ENCRYPT" \
-e JGROUPS_ENCRYPT_SECRET="encrypt_secret" \
-e JGROUPS_ENCRYPT_NAME="encrypt_name" \
-e JGROUPS_ENCRYPT_PASSWORD="encrypt_password" \
-e JGROUPS_ENCRYPT_KEYSTORE="encrypt_keystore" \
-e JGROUPS_ENCRYPT_KEYSTORE_DIR="jboss.server.base.dir" \
-e JGROUPS_CLUSTER_PASSWORD="cluster_password" \
{noformat}

In Openshift, you can use the eap-cd-https-s2i, I tested with:

{noformat}
oc new-app --template=eap-cd-https-s2i \
-p IMAGE_STREAM_NAMESPACE=eap-demo \
-p SOURCE_REPOSITORY_URL=https://github.com/jboss-developer/jboss-eap-quicks... \
-p SOURCE_REPOSITORY_REF=openshift \
-p CONTEXT_DIR=kitchensink \
-e HTTPS_PASSWORD=mykeystorepass \
-e HTTPS_KEYSTORE=keystore.jks \
-e HTTPS_NAME=jboss \
-e HTTPS_KEYSTORE_TYPE=jks \
-e JGROUPS_ENCRYPT_NAME="secret-key" \
-e JGROUPS_ENCRYPT_PASSWORD="password" \
-e CONFIGURE_ELYTRON_SSL=true
{noformat}

...
 Configuring JGroups encryption protocols produces deprecated
configuration
 --------------------------------------------------------------------------

                 Key: WFWIP-229
                 URL: https://issues.jboss.org/browse/WFWIP-229
             Project: WildFly WIP
          Issue Type: Bug
          Components: OpenShift
         Environment: The example has been produced with the following S2I environment
variables:
 {code}
 OPENSHIFT_DNS_PING_SERVICE_NAME=ping-service
 JGROUPS_ENCRYPT_PROTOCOL=ASYM_ENCRYPT
 JGROUPS_CLUSTER_PASSWORD=foobar123
 OPENSHIFT_DNS_PING_SERVICE_PORT=8888
 JGROUPS_PING_PROTOCOL=dns.DNS_PING
 SCRIPT_DEBUG=true
 {code}
            Reporter: Michal Jurc
            Assignee: Yeray Borges
            Priority: Critical

 Any S2I configuration of ping protocols utilising encryption for protocols will result in
deprecated configuration. S2I should not configure runtime to deprecated configuration by
default, unless the user chooses to.
 {code:title=Example JGroups ASYM_ENCRYPT configuration}
 [standalone@localhost:9990 /]
/subsystem=jgroups/stack=tcp/protocol=org.jgroups.protocols.ASYM_ENCRYPT:read-resource-description
 {
     "outcome" => "success",
     "result" => {
         "description" => "The configuration of a protocol within a
protocol stac
 k.",
         "capabilities" => [{
             "name" => "org.wildfly.clustering.jgroups.protocol",
             "dynamic" => true,
             "dynamic-elements" => [
                 "stack",
                 "protocol"
             ]
         }],
         "deprecated" => {
             "since" => "5.0.0",
             "reason" => "Deprecated. Use protocol=ASYM_ENCRYPT
instead."
         },
         "attributes" => {
             "module" => {
                 "type" => STRING,
                 "description" => "The module with which to resolve the
protocol 
 type.",
                 "expressions-allowed" => true,
                 "required" => false,
                 "nillable" => true,
                 "default" => "org.jgroups",
                 "access-type" => "read-write",
                 "storage" => "configuration",
                 "restart-required" => "resource-services"
             },
             "properties" => {
                 "type" => OBJECT,
                 "description" => "The properties of this
protocol.",
                 "expressions-allowed" => true,
                 "required" => false,
                 "nillable" => true,
                 "value-type" => STRING,
                 "access-type" => "read-write",
                 "storage" => "configuration",
                 "restart-required" => "resource-services"
             },
             "socket-binding" => {
                 "type" => STRING,
                 "description" => "Defines the bind address/port used of
the serv
 er socket used to receive messages from other cluster members.",
                 "expressions-allowed" => false,
                 "required" => false,
                 "nillable" => true,
                 "min-length" => 1L,
                 "max-length" => 2147483647L,
                 "deprecated" => {
                     "since" => "5.0.0",
                     "reason" => "Deprecated.  Supports EAP 7.0
slaves."
                 },
                 "access-type" => "read-only",
                 "storage" => "configuration"
             },
             "statistics-enabled" => {
                 "type" => BOOLEAN,
                 "description" => "Indicates whether or not this
protocol will co
 llect statistics overriding stack configuration.",
                 "expressions-allowed" => true,
                 "required" => false,
                 "nillable" => true,
                 "access-type" => "read-write",
                 "storage" => "configuration",
                 "restart-required" => "resource-services"
             }
         },
         "operations" => undefined,
         "notifications" => undefined,
         "children" => {"property" => {
             "description" => "A JGroups protocol property.",
             "model-description" => undefined
         }}
     }
 }
 {code} 

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006