0 Replies Latest reply on Oct 23, 2015 10:18 AM by nicolyra

    CLI console problems with native libraries

    nicolyra

      Hello all,

       

      I'm working with a JBoss-EAP-6.4.2 server and I have a problem with the CLI console.

       

      Until today, I wrote directly the JBoss configuration into the standalone.xml file.

      But I have to convert all the configuration in JBoss CLI commands and I have a problem with the SSL configuration.

       

      The certificates we use are in the PKI format and I must use tomcat-native libraries to use them with JBoss.

      That's why I modified the configuration with the CLI command :

       

      /subsystem=web/:write-attribute(name=native, value=true)

       

      But now, when I try to reload the server I always have problems!!

       

      1. Sometimes the server shutdown with this kind of messages :

       

      INFO  [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-3) JBWEB003077: Coyote HTTP/1.1 stopping on : http-/0.0.0.0:8080

      #

      # A fatal error has been detected by the Java Runtime Environment:

      #

      #  SIGSEGV (0xb) at pc=0x00007feaf3dd7600, pid=11313, tid=140647047718656

      #

      # JRE version: OpenJDK Runtime Environment (8.0_60-b27) (build 1.8.0_60-b27)

      # Java VM: OpenJDK 64-Bit Server VM (25.60-b23 mixed mode linux-amd64 compressed oops)

      # Problematic frame:

      # C  [libssl.so.10+0x44600]  SSL_state+0x0

      #

      # Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again

      #

      # An error report file with more information is saved as:

      # /tmp/hs_err_pid11313.log

      #

      # If you would like to submit a bug report, please visit:

      #   http://bugreport.java.com/bugreport/crash.jsp

      # The crash happened outside the Java Virtual Machine in native code.

      # See problematic frame for where to report the bug.

      #

      /foo/bar/jboss-as/bin/standalone.sh : ligne 306 : 11313 Abandon                 "java" -D"[Standalone]" -server -XX:+UseCompressedOops -Xms1303m -Xmx1303m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs="org.jboss.byteman" -Djava.awt.headless=true -Djboss.modules.policy-permissions=true -Djboss.server.base.dir="/foo/bar/foobar" -Djboss.server.log.dir="/var/log/jboss-as" -Djava.security.egd=file:///dev/urandom -Djboss.server.data.dir="/foo/bar/foobar/data" "-Dorg.jboss.boot.log.file=/"/var/log/jboss-as"/server.log" "-Dlogging.configuration=file:/"/foo/bar/foobar"/configuration/logging.properties" -jar "/foo/bar/jboss-as/jboss-modules.jar" -mp "/foo/bar/foobar/modules:/foo/bar/jboss-as/modules" -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -Djboss.home.dir="/foo/bar/jboss-as" -Djboss.server.base.dir="/"/foo/bar/foobar""

       

       

      2. Otherwise I have this kind of error :

       

      ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) JBWEB003043: Error initializing endpoint: java.lang.Exception: JBWEB002002: Socket bind failed: [22] Argument invalide

      at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:664) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]

      at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:104) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]

      at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]

      at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.2.Final-redhat-SNAPSHOT.jar:7.5.2.Final-redhat-SNAPSHOT]

      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60]

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60]

      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60]

      INFO  [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-1) JBWEB003000: Coyote HTTP/1.1 starting on: http-/0.0.0.0:8443

      ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.connector.http: org.jboss.msc.service.StartException in service jboss.web.connector.http: JBAS018007: Erreur de démarrage du connecteur web

      at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:393)

      at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

      at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]

      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60]

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60]

      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60]

      Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed

      at org.apache.catalina.connector.Connector.init(Connector.java:989)

      at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318)

      ... 5 more

      ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: L'opération ("add") a échoué - adresse : ([

      ("subsystem" => "web"),

      ("connector" => "http")

      ]) - description de l'échec : {"JBAS014671: Les services ont échoué" => {"jboss.web.connector.http" => "org.jboss.msc.service.StartException in service jboss.web.connector.http: JBAS018007: Erreur de démarrage du connecteur web

      Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed"}}

       

       

      I tried to use the "org.apache.coyote.http11.Http11Protoco" protocol for the HTTP and HTTPS connectors but it don't recognize PKI certificates....

       

      Anyone has an idea of the problem?

       

      The subsystem configuration :

       

      <subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="true">

        <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" executor="http-thread-pool"/>

        <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true" executor="http-thread-pool">

        <ssl name="foo-ssl" password="changeit" certificate-key-file="/etc/pki/tls/private/${jboss.host.name}.key" protocol="TLSv1" certificate-file="/etc/pki/tls/certs/${jboss.host.name}.crt"/>

        </connector>

        <virtual-server name="default-host" enable-welcome-root="true">

        <alias name="localhost"/>

        <alias name="example.com"/>

        </virtual-server>

      </subsystem>

       

       

      The CLI commands :

       

      # ADDING HTTP thread-pool

      /subsystem=threads/thread-factory=http-connector-factory/:add(thread-name-pattern=HTTP-%t,group-name=http-thread-pool,priority=42)

      /subsystem=threads/unbounded-queue-thread-pool=http-thread-pool/:add(max-threads=42,keepalive-time={time=42, unit="seconds"},thread-factory=http-connector-factory)

      reload

      # CONFIGURE web subsystem to use native libraries

      /subsystem=web/:write-attribute(name=native, value=true)

      reload

      # CONFIGURE HTTP connector

      /subsystem=web/connector=http/:write-attribute(name=executor, value=http-thread-pool)

      reload

      # ADDING HTTPS connector with SSL configuration

      /subsystem=web/connector=https/:add(socket-binding=https,scheme=https,protocol=HTTP/1.1,enable-lookups=false,secure=true,executor=http-thread-pool)

      /subsystem=web/connector=https/ssl=configuration:add(name=lyra-ssl, password=changeit, certificate-key-file=/etc/pki/tls/private/${jboss.host.name}.key, certificate-file=/etc/pki/tls/certs/${jboss.host.name}.crt, protocol=TLSv1)

      quit

       

       

      Thank you in advance

       

      Nicolas