[jboss-jira] [JBoss JIRA] (WFWIP-229) Configuring JGroups encryption protocols produces deprecated configuration
Yeray Borges (Jira)
issues at jboss.org
Fri Oct 4 12:55:00 EDT 2019
[ https://issues.jboss.org/browse/WFWIP-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13795132#comment-13795132 ]
Yeray Borges commented on WFWIP-229:
------------------------------------
Hi [~mjurc], in my opinion, this issue should be resolved as rejected because there is a non-deprecated version of ASYM_ENCRYPT protocol when the cluster security is not managed by Elytron. I tested the Elytron variant, and I successfully see the non-deprecated version added to the stack.
Using docker you could try with the following configuration:
{noformat}
-e JGROUPS_ENCRYPT_PROTOCOL="SYM_ENCRYPT" \
-e JGROUPS_ENCRYPT_SECRET="encrypt_secret" \
-e JGROUPS_ENCRYPT_NAME="encrypt_name" \
-e JGROUPS_ENCRYPT_PASSWORD="encrypt_password" \
-e JGROUPS_ENCRYPT_KEYSTORE="encrypt_keystore" \
-e JGROUPS_ENCRYPT_KEYSTORE_DIR="jboss.server.base.dir" \
-e JGROUPS_CLUSTER_PASSWORD="cluster_password" \
{noformat}
In Openshift, you can use the eap-cd-https-s2i, I tested with:
{noformat}
oc new-app --template=eap-cd-https-s2i \
-p IMAGE_STREAM_NAMESPACE=eap-demo \
-p SOURCE_REPOSITORY_URL=https://github.com/jboss-developer/jboss-eap-quickstarts \
-p SOURCE_REPOSITORY_REF=openshift \
-p CONTEXT_DIR=kitchensink \
-e HTTPS_PASSWORD=mykeystorepass \
-e HTTPS_KEYSTORE=keystore.jks \
-e HTTPS_NAME=jboss \
-e HTTPS_KEYSTORE_TYPE=jks \
-e JGROUPS_ENCRYPT_NAME="secret-key" \
-e JGROUPS_ENCRYPT_PASSWORD="password" \
-e CONFIGURE_ELYTRON_SSL=true
{noformat}
> Configuring JGroups encryption protocols produces deprecated configuration
> --------------------------------------------------------------------------
>
> Key: WFWIP-229
> URL: https://issues.jboss.org/browse/WFWIP-229
> Project: WildFly WIP
> Issue Type: Bug
> Components: OpenShift
> Environment: The example has been produced with the following S2I environment variables:
> {code}
> OPENSHIFT_DNS_PING_SERVICE_NAME=ping-service
> JGROUPS_ENCRYPT_PROTOCOL=ASYM_ENCRYPT
> JGROUPS_CLUSTER_PASSWORD=foobar123
> OPENSHIFT_DNS_PING_SERVICE_PORT=8888
> JGROUPS_PING_PROTOCOL=dns.DNS_PING
> SCRIPT_DEBUG=true
> {code}
> Reporter: Michal Jurc
> Assignee: Yeray Borges
> Priority: Critical
>
> Any S2I configuration of ping protocols utilising encryption for protocols will result in deprecated configuration. S2I should not configure runtime to deprecated configuration by default, unless the user chooses to.
> {code:title=Example JGroups ASYM_ENCRYPT configuration}
> [standalone at localhost:9990 /] /subsystem=jgroups/stack=tcp/protocol=org.jgroups.protocols.ASYM_ENCRYPT:read-resource-description
> {
> "outcome" => "success",
> "result" => {
> "description" => "The configuration of a protocol within a protocol stac
> k.",
> "capabilities" => [{
> "name" => "org.wildfly.clustering.jgroups.protocol",
> "dynamic" => true,
> "dynamic-elements" => [
> "stack",
> "protocol"
> ]
> }],
> "deprecated" => {
> "since" => "5.0.0",
> "reason" => "Deprecated. Use protocol=ASYM_ENCRYPT instead."
> },
> "attributes" => {
> "module" => {
> "type" => STRING,
> "description" => "The module with which to resolve the protocol
> type.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "default" => "org.jgroups",
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> },
> "properties" => {
> "type" => OBJECT,
> "description" => "The properties of this protocol.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "value-type" => STRING,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> },
> "socket-binding" => {
> "type" => STRING,
> "description" => "Defines the bind address/port used of the serv
> er socket used to receive messages from other cluster members.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "deprecated" => {
> "since" => "5.0.0",
> "reason" => "Deprecated. Supports EAP 7.0 slaves."
> },
> "access-type" => "read-only",
> "storage" => "configuration"
> },
> "statistics-enabled" => {
> "type" => BOOLEAN,
> "description" => "Indicates whether or not this protocol will co
> llect statistics overriding stack configuration.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "resource-services"
> }
> },
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {"property" => {
> "description" => "A JGroups protocol property.",
> "model-description" => undefined
> }}
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list