OpenLiberty / ci.docker

Eclipse Public License 1.0
44 stars 59 forks source link

Containerized Liberty application has startup error if server.xml has default Keystore #427

Open mtamboli opened 1 year ago

mtamboli commented 1 year ago

Failing Scenario: Many Liberty applications running on-prem have the defaultKeyStore line to create keystore to enable HTTPS. If such application tis containerized with server.xml containing <keyStore id="defaultKeyStore" password="secret" />, application will start but you cannot access the application on SSL. When you look at the Liberty log, error is CWPKI0033E: The keystore located at \/opt\/ol\/wlp\/output\/defaultServer\/resources\/security\/key.p12 did not load because of the following error: keystore password was incorrect"

This behavior is confusing for many users and we want to find a way to resolve this error condition.

mtamboli commented 1 year ago

@leochr Please let me know if you would like more information.

idlewis commented 1 year ago

@mtamboli I tried to reproduce this but didn't manage it. Can you give me any more details on the failing scenario? Maybe examples of the dockerfile and server.xml? Thanks.

idlewis commented 1 year ago

I've now managed to reproduce this. The failure occurs if the liberty container is running under the open liberty operator.

mtamboli commented 1 year ago

@idlewis yes, that is how we are deploying our containers.

mtamboli commented 1 year ago

@idlewis When will this problem be fixed?

idlewis commented 1 year ago

@mtamboli Sorry for the slow reponse, I have been out for a few days. This isn't an easy fix, I'm sorry but I don't have an ETA for you right now

mtamboli commented 1 year ago

@idlewis @leochr do we have a timeline for this fix?

leochr commented 1 year ago

@mtamboli We are shifting focus back to this after dealing with other deliverables. We don't have a timeline yet, but it is a priority item.