search

eclipse-ee4j / glassfish

Eclipse GlassFish
https://eclipse-ee4j.github.io/glassfish/
386 stars 144 forks source link

security was enabled, many files were absent in the config dir of the remote local instance. #14820

Closed glassfishrobot closed 13 years ago

glassfishrobot commented 13 years ago

Build 31. Solaris 10 Sparc. Installed this build on two machines, removed .asadmintruststore on both machines and executed:

jed-asqe-7#/opt/appserver-sqe/ee/cluster_inf] asadmin start-domain Waiting for domain1 to start .......................... Successfully started the domain : domain1 domain Location: /opt/glassfish3/glassfish/domains/domain1 Log File: /opt/glassfish3/glassfish/domains/domain1/logs/server.log Admin Port: 4848 Command start-domain executed successfully. jed-asqe-7#/opt/appserver-sqe/ee/cluster_inf] asadmin enable-secure-admin Command enable-secure-admin executed successfully. jed-asqe-7#/opt/appserver-sqe/ee/cluster_inf] asadmin stop-domain Waiting for the domain to stop .... Command stop-domain executed successfully. jed-asqe-7#/opt/appserver-sqe/ee/cluster_inf] asadmin start-domain Waiting for domain1 to start ........ Successfully started the domain : domain1 domain Location: /opt/glassfish3/glassfish/domains/domain1 Log File: /opt/glassfish3/glassfish/domains/domain1/logs/server.log Admin Port: 4848 Command start-domain executed successfully. jed-asqe-7#/opt/appserver-sqe/ee/cluster_inf] asadmin list-instances [ [ Version: V3 Subject: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: SunPKCS11-Solaris RSA public key, 1024 bits (id 12649264, session object) modulus: 154951567744546153685031769973527908492919327000019305949829493629344252280190492644697846719081990278414742040653128156563944471186262761316853536330847561755934796652944870123752615078948009241080169323929108265745986852837406808824537750057085667555237211812881924696635482737280688372970907534897340344813 public exponent: 65537 Validity: [From: Thu Nov 18 01:16:36 PST 2010, To: Sun Nov 15 01:16:36 PST 2020] Issuer: CN=localhost, OU=GlassFish, O=Oracle Corporation, L=Santa Clara, ST=California, C=US SerialNumber: [ 4ce4eef4]

Certificate Extensions: 1 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 40 A0 B1 E9 94 AE 84 D4 E7 41 26 D4 EA D4 F0 1F @........A&..... 0010: 03 41 95 09 .A.. ] ]

] Algorithm: [SHA1withRSA] Signature: 0000: 77 A3 29 E2 29 39 0C 98 EB EE 07 A4 CC A6 D2 88 w.).)9.......... 0010: F8 36 2A 06 E0 B9 B9 74 F1 71 96 65 E4 80 DB 78 .6....t.q.e...x 0020: 0A 7B FA FF 38 F2 84 3E 02 BA 0A 75 0C 83 59 14 ....8..>...u..Y. 0030: 0E 99 7E 17 6A 83 5B 96 CB F5 0B 8B 92 D2 9C 76 ....j.[........v 0040: 3C B6 2B 74 FA 86 08 F4 94 39 15 33 4C 1C 25 88 <.+t.....9.3L.%. 0050: D1 74 3F BE E3 CE BD 59 68 3B 57 58 E8 6E 63 A5 .t?....Yh;WX.nc. 0060: 3B CE 2E 84 C9 42 6C 84 A5 ED 5E EA 2A E1 C0 DF ;....Bl...^.... 0070: 34 51 AE 23 B6 53 AA E2 4F 99 2C D5 54 B0 17 DF 4Q.#.S..O.,.T...

] Do you trust the above certificate [y|N] -->y Nothing to list. Command list-instances executed successfully. jed-asqe-7#/opt/appserver-sqe/ee/cluster_inf] ./setup.pl Command create-cluster executed successfully. Command create-cluster executed successfully. Command create-node-ssh executed successfully. Rendezvoused with DAS on localhost:4848. Port Assignments for server instance in1: JMX_SYSTEM_CONNECTOR_PORT=17676 JMS_PROVIDER_PORT=18686 HTTP_LISTENER_PORT=18080 ASADMIN_LISTENER_PORT=14848 JAVA_DEBUGGER_PORT=29009 IIOP_SSL_LISTENER_PORT=13800 IIOP_LISTENER_PORT=13700 OSGI_SHELL_TELNET_PORT=26666 HTTP_SSL_LISTENER_PORT=18181 IIOP_SSL_MUTUALAUTH_PORT=13801 Command create-local-instance executed successfully. Rendezvoused with DAS on jed-asqe-7:4848. Port Assignments for server instance in2: JMX_SYSTEM_CONNECTOR_PORT=17676 JMS_PROVIDER_PORT=18686 HTTP_LISTENER_PORT=18080 ASADMIN_LISTENER_PORT=14848 JAVA_DEBUGGER_PORT=29009 IIOP_SSL_LISTENER_PORT=13800 IIOP_LISTENER_PORT=13700 OSGI_SHELL_TELNET_PORT=26666 HTTP_SSL_LISTENER_PORT=18181 IIOP_SSL_MUTUALAUTH_PORT=13801 WARNING: Instance in1 seems to be offline; Command was not replicated to that instance Command create-local-instance executed successfully. Using DAS host localhost and port 4848 from existing das.properties for node localhost. To use a different DAS, create a new node using create-node-ssh or create-node-config. Create the instance with the new node and correct host and port: asadmin --host das_host --port das_port create-local-instance --node node_name instance_name. Rendezvoused with DAS on localhost:4848. Port Assignments for server instance in3: JMX_SYSTEM_CONNECTOR_PORT=37676 JMS_PROVIDER_PORT=38686 HTTP_LISTENER_PORT=38080 ASADMIN_LISTENER_PORT=34848 JAVA_DEBUGGER_PORT=29010 IIOP_SSL_LISTENER_PORT=33800 IIOP_LISTENER_PORT=33700 OSGI_SHELL_TELNET_PORT=26667 HTTP_SSL_LISTENER_PORT=38181 IIOP_SSL_MUTUALAUTH_PORT=33801 Command create-local-instance executed successfully. Using DAS host jed-asqe-7 and port 4848 from existing das.properties for node jed-asqe-14. To use a different DAS, create a new node using create-node-ssh or create-node-config. Create the instance with the new node and correct host and port: asadmin --host das_host --port das_port create-local-instance --node node_name instance_name. Rendezvoused with DAS on jed-asqe-7:4848. Port Assignments for server instance in4: JMX_SYSTEM_CONNECTOR_PORT=37676 JMS_PROVIDER_PORT=38686 HTTP_LISTENER_PORT=38080 ASADMIN_LISTENER_PORT=34848 JAVA_DEBUGGER_PORT=29010 IIOP_SSL_LISTENER_PORT=33800 IIOP_LISTENER_PORT=33700 OSGI_SHELL_TELNET_PORT=26667 HTTP_SSL_LISTENER_PORT=38181 IIOP_SSL_MUTUALAUTH_PORT=33801 WARNING: Instance in3 seems to be offline; Command was not replicated to that instance Command create-local-instance executed successfully. Waiting for in1 to start ................................ Successfully started the instance: in1 instance Location: /opt/glassfish3/glassfish/nodes/localhost/in1 Log File: /opt/glassfish3/glassfish/nodes/localhost/in1/logs/server.log Admin Port: 14848 Command start-local-instance executed successfully. Warning: Synchronization with DAS failed, continuing startup... Waiting for in2 to start .............................. Successfully started the instance: in2 instance Location: /opt/glassfish3/glassfish/nodes/jed-asqe-14/in2 Log File: /opt/glassfish3/glassfish/nodes/jed-asqe-14/in2/logs/server.log Admin Port: 14848 Command start-local-instance executed successfully. Waiting for in3 to start ................................. Successfully started the instance: in3 instance Location: /opt/glassfish3/glassfish/nodes/localhost/in3 Log File: /opt/glassfish3/glassfish/nodes/localhost/in3/logs/server.log Admin Port: 34848 Command start-local-instance executed successfully. Warning: Synchronization with DAS failed, continuing startup... Waiting for in4 to start ............................. Successfully started the instance: in4 instance Location: /opt/glassfish3/glassfish/nodes/jed-asqe-14/in4 Log File: /opt/glassfish3/glassfish/nodes/jed-asqe-14/in4/logs/server.log Admin Port: 34848 Command start-local-instance executed successfully.

================================================================ Then I've checked what files were created in config directory of instance in1 (on the DAS host) and instance in2 (on the remnote) host. In in1 config dir were the follow files:

admin-keyfile domain.xml lockfile wss-server-config-1.0.xml c1-config/ domain.xml.bak login.conf wss-server-config-2.0.xml cacerts.jks keyfile pid.prev default-web.xml keystore.jks server.policy domain-passwords local-password sun-acc.xml

In in2 config dir (remote host) were follow files:

==============================================

c1-config/ cacerts.jks domain.xml domain.xml.bak keystore.jks local-password lockfile pid pid.prev

=================================================

So, many files were absent in in2 config dir. I don't know, it happened because the synchronization with DAS failed or for another reason.

But because files ere missed, for example, create-auth-realm failed:

Command create-auth-realm failed on server instance i10: org.glassfish.api.admin.CommandException: remote failure: Creation o f Authrealm cert10 failed. java.lang.SecurityException: /opt/glassfish3/glassfish/nodes/n10/i10/config/login.conf (No such f ile or directory) java.lang.SecurityException: /opt/glassfish3/glassfish/nodes/n10/i10/config/login.conf (No such file or directory)

Environment

Operating System: All Platform: All

Affected Versions

[3.1]

glassfishrobot commented 6 years ago
glassfishrobot commented 13 years ago

@glassfishrobot Commented tmueller said: This appears to be a result of the problem that Tim reported on the dev alias earlier this week, i.e., SSL admin connections from remote hosts are hanging. This causes the sync failure, and the result is the files are missing because sync has not been completed.

Assigning to Tim so that he can mark this as fixed when the Grizzly problem is resolved.

glassfishrobot commented 13 years ago

@glassfishrobot Commented @tjquinno said: Elena reported in a separate e-mail that the security-related problems she had reported were fixed by a combination of Grizzly and secure admin changes.

On that basis I am closing these issues with the understanding that if these problems return the issues will be reopened.

glassfishrobot commented 7 years ago

@glassfishrobot Commented This issue was imported from java.net JIRA GLASSFISH-14820

glassfishrobot commented 13 years ago

@glassfishrobot Commented Reported by easarina

glassfishrobot commented 13 years ago

@glassfishrobot Commented Marked as fixed on Tuesday, November 30th 2010, 12:01:45 am