search

eclipse-kura / kura

Eclipse Kura™ is a versatile framework to supercharge your edge devices, streamlining the process of configuring your gateway, connecting sensors, and IoT devices to seamlessly collect, process, and send data to the cloud.
https://eclipse.dev/kura/
Eclipse Public License 2.0
499 stars 306 forks source link

Server manager does not close properly #3796

Open pintify opened 2 years ago

pintify commented 2 years ago

Describe the bug The bundle org.eclipse.kura.http.server.manager does not close properly. At least in case of error with the certificate. If you remove the certificate localhost from the default Httpskeystore, the server goes into error and leave the endpoint on port 443 opened, preventing any further deployment of the web interface.

To Reproduce Steps to reproduce the behavior (it is advisable to backup file /opt/eclipse/kura/user/security/httpskeystore.ks before this as it will be emptied during the test): beware the web portal will be lost after the test until you restore the keystore file and restart Kura

  1. Remove localhost certificate from HttpsKeystore
  2. Check opened ports on the system
  3. Port 443 is still in use
  4. The port remains used until Kura is stopped

Expected behavior The server should get an error and be closed but the port should not be present, allowing a restart of the service once everything is fine again or it is restarted from the platform (Kapua).

Target Environment (please complete the following information):

Additional context This test was found when the localhost certificate was being updated. At some time any user should do this and will find the issue it he does not want to restart Kura

There is a workaround possible by stopping the bundle prior to the critical operation and starting it again after it. Make sure you have remote access to the device via Kapua or similar, as the web interface will get down after the stop

github-actions[bot] commented 11 months ago

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] commented 11 months ago

This issue was closed because it has been inactive for 14 days since being marked as stale.

pintify commented 10 months ago

Wow! I don't think this issue should be closed without fixing it.

github-actions[bot] commented 8 months ago

This issue is stale because it has been open for 60 days with no activity.

pintify commented 10 hours ago

The issue remains on version 5.5.0, any update on this?

mattdibi commented 9 hours ago

Hi there @pintify, thanks for pinging us.

Given this is not a common use-case scenario, the fix for this particular issue wasn't scheduled and thus remains a known issue in 5.5.0.

I don't think we have any reference in the docs about this but, from what I understand, the correct procedure for changing a certificate at runtime should be:

  1. upload the new certificate
  2. change the alias used by the web server
  3. restart

Hope this helps.