CLI console problems with native libraries

Latest response

Hello all,

I'm working with a JBoss-EAP-6.4.2 server and I have a problem with the CLI console.

Until today, I wrote directly the JBoss configuration into the standalone.xml file.
But I have to convert all the configuration in JBoss CLI commands and I have a problem with the SSL configuration.

The certificates we use are in the PKI format and I must use tomcat-native libraries to use them with JBoss.
That's why I modified the configuration with the CLI command :

/subsystem=web/:write-attribute(name=native, value=true)

But now, when I try to reload the server I always have problems!!

  1. Sometimes the server shutdown with this kind of messages :
INFO  [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-3) JBWEB003077: Coyote HTTP/1.1 stopping on : http-/0.0.0.0:8080
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007feaf3dd7600, pid=11313, tid=140647047718656
#
# JRE version: OpenJDK Runtime Environment (8.0_60-b27) (build 1.8.0_60-b27)
# Java VM: OpenJDK 64-Bit Server VM (25.60-b23 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# C  [libssl.so.10+0x44600]  SSL_state+0x0
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid11313.log
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
/foo/bar/jboss-as/bin/standalone.sh : ligne 306 : 11313 Abandon                 "java" -D"[Standalone]" -server -XX:+UseCompressedOops -Xms1303m -Xmx1303m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs="org.jboss.byteman" -Djava.awt.headless=true -Djboss.modules.policy-permissions=true -Djboss.server.base.dir="/foo/bar/foobar" -Djboss.server.log.dir="/var/log/jboss-as" -Djava.security.egd=file:///dev/urandom -Djboss.server.data.dir="/foo/bar/foobar/data" "-Dorg.jboss.boot.log.file=/"/var/log/jboss-as"/server.log" "-Dlogging.configuration=file:/"/foo/bar/foobar"/configuration/logging.properties" -jar "/foo/bar/jboss-as/jboss-modules.jar" -mp "/foo/bar/foobar/modules:/foo/bar/jboss-as/modules" -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -Djboss.home.dir="/foo/bar/jboss-as" -Djboss.server.base.dir="/"/foo/bar/foobar""
  1. Otherwise I have this kind of error :
ERROR [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-2) JBWEB003043: Error initializing endpoint: java.lang.Exception: JBWEB002002: Socket bind failed: [22] Argument invalide
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:664) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:104) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
at org.apache.catalina.connector.Connector.init(Connector.java:986) [jbossweb-7.5.9.Final-redhat-1.jar:7.5.9.Final-redhat-1]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318) [jboss-as-web-7.5.2.Final-redhat-SNAPSHOT.jar:7.5.2.Final-redhat-SNAPSHOT]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60]
INFO  [org.apache.coyote.http11.Http11AprProtocol] (MSC service thread 1-1) JBWEB003000: Coyote HTTP/1.1 starting on: http-/0.0.0.0:8443
ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.connector.http: org.jboss.msc.service.StartException in service jboss.web.connector.http: JBAS018007: Erreur de démarrage du connecteur web
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:393)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913) [jboss-msc-1.1.5.Final-redhat-1.jar:1.1.5.Final-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_60]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_60]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_60]
Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.init(Connector.java:989)
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:318)
... 5 more
ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) JBAS014612: L'opération ("add") a échoué - adresse : ([
("subsystem" => "web"),
("connector" => "http")
]) - description de l'échec : {"JBAS014671: Les services ont échoué" => {"jboss.web.connector.http" => "org.jboss.msc.service.StartException in service jboss.web.connector.http: JBAS018007: Erreur de démarrage du connecteur web
Caused by: LifecycleException:  JBWEB000023: Protocol handler initialization failed"}}

I tried to use the "org.apache.coyote.http11.Http11Protoco" protocol for the HTTP and HTTPS connectors but it don't recognize PKI certificates....

Anyone has an idea of the problem?

The subsystem configuration :

<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="true">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" executor="http-thread-pool"/>
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true" executor="http-thread-pool">
        <ssl name="foo-ssl" password="changeit" certificate-key-file="/etc/pki/tls/private/${jboss.host.name}.key" protocol="TLSv1" certificate-file="/etc/pki/tls/certs/${jboss.host.name}.crt"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

The CLI commands :

# ADDING HTTP thread-pool
/subsystem=threads/thread-factory=http-connector-factory/:add(thread-name-pattern=HTTP-%t,group-name=http-thread-pool,priority=42)
/subsystem=threads/unbounded-queue-thread-pool=http-thread-pool/:add(max-threads=42,keepalive-time={time=42, unit="seconds"},thread-factory=http-connector-factory)
reload
# CONFIGURE web subsystem to use native libraries
/subsystem=web/:write-attribute(name=native, value=true)
reload
# CONFIGURE HTTP connector
/subsystem=web/connector=http/:write-attribute(name=executor, value=http-thread-pool)
reload
# ADDING HTTPS connector with SSL configuration
/subsystem=web/connector=https/:add(socket-binding=https,scheme=https,protocol=HTTP/1.1,enable-lookups=false,secure=true,executor=http-thread-pool)
/subsystem=web/connector=https/ssl=configuration:add(name=lyra-ssl, password=changeit, certificate-key-file=/etc/pki/tls/private/${jboss.host.name}.key, certificate-file=/etc/pki/tls/certs/${jboss.host.name}.crt, protocol=TLSv1)
quit

Thank you in advance

Nicolas

nm

Responses