search

WASdev / websphere-liberty-operator

Deploy and manage containerized Liberty applications on Kubernetes. Documentation: https://ibm.biz/wlo-docs
Apache License 2.0
9 stars 4 forks source link

Keystore conflicts if Liberty has existing keystore #117

Open danielguinan1 opened 2 years ago

danielguinan1 commented 2 years ago

I ran into this error when deploying an application with an existing keystore using WLO. My liberty server had the following existing keystore: <keyStore id="defaultKeyStore" password="secret" />

[5/5/22 19:26:19:857 UTC] 0000002f com.ibm.ws.config.xml.internal.ConfigValidator A CWWKG0102I: Found conflicting settings for defaultKeyStore instance of keyStore configuration.
Property password has conflicting values:
Secure value is set in file:/opt/ol/wlp/usr/servers/defaultServer/configDropins/defaults/keystore.xml.
Secure value is set in file:/opt/ol/wlp/usr/servers/defaultServer/server.xml.
Property password will be set to the value defined in file:/opt/ol/wlp/usr/servers/defaultServer/server.xml.

I understand that this error is happening because there is a default keystore at /config/configDropins/defaults/keystore.xml that is generated.

<server description="Default Server">
    <keyStore id="defaultKeyStore" password="fJwOv0932JPIveMx99U+qsY4fs44RCuKbtSUB8f1E/w=" />
</server>

We need a way to resolve this use case. I resolved this by changing my application from using the default keystore to issue JWT to one without the default keystore name (defaultKeyStore").

leochr commented 2 years ago

This is container/application-specific. We already have this issue opened to reevaluate the default keystore generation: https://github.com/OpenLiberty/ci.docker/issues/312