Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6023

Proxy in production mode: CipherSuites argument is null

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: proxy, test-impact
    • Labels:
    • Flagged:
      Impediment
    • Epic Link:
    • Story Points:
      0.5

      Description

      Found with rev (f333fd24819)

      This is a regression since this commit: https://stash.forgerock.org/projects/OPENDJ/repos/opendj/commits/7bf2737a68269e9c6d1ee0db442b5a4c754e74bf

      When setting up a proxy using the ds-proxy-profile in production mode, it looks fine:

      ProductionMode/PROXY1/opendj/setup --profile ds-proxy-server --set ds-proxy-server/rsConnectionSecurity:start-tls --set ds-proxy-server/proxyUserBindDn:"cn=proxy,dc=example,dc=com" --set ds-proxy-server/proxyUserBindPassword:"$up3r$tr0ng" --set ds-proxy-server/replicationServers:"localhost:4444" --set ds-proxy-server/replicationServers:"localhost:4445" --set ds-proxy-server/rsBindDn:"cn=myself" --set ds-proxy-server/rsBindPassword:"password" --productionMode  --useJavaTrustStore /tmp/ProductionMode/PROXY1/opendj/tmp/proxy-truststore -T password  -h localhost -p 1391 -D "cn=myself" -w password --adminConnectorPort 4446 --monitorUserDn "uid=Monitor" --monitorUserPassword password  -O 	
      
      Validating parameters..... Done
      Configuring certificates..... Done
      Configuring server..... Done
      Configuring profile DS proxy server..... Done
      
      To see basic server status and configuration, you can launch
      /local/GIT/pyforge/results/20190215-114701/proxy_group/ProductionMode/PROXY1/opendj/bin/status
      

      But when starting it:

      ProductionMode/PROXY1/opendj/bin/start-ds 	
      
      [15/Feb/2019:11:48:19 +0100] category=CORE severity=NOTICE msgID=134 msg=ForgeRock Directory Services 7.0.0-SNAPSHOT (build 20190215004140, revision number f333fd24819e0adb56b17dd8190efef4b7772700) starting up
      [15/Feb/2019:11:48:19 +0100] category=JVM severity=NOTICE msgID=21 msg=Installation Directory:  /local/GIT/pyforge/results/20190215-114701/proxy_group/ProductionMode/PROXY1/opendj
      [15/Feb/2019:11:48:19 +0100] category=JVM severity=NOTICE msgID=23 msg=Instance Directory:      /local/GIT/pyforge/results/20190215-114701/proxy_group/ProductionMode/PROXY1/opendj
      [15/Feb/2019:11:48:19 +0100] category=JVM severity=NOTICE msgID=17 msg=JVM Information: 1.8.0_151-b12 by Oracle Corporation, 64-bit architecture, 3717201920 bytes heap size
      [15/Feb/2019:11:48:19 +0100] category=JVM severity=NOTICE msgID=18 msg=JVM Host: cforel-Dell-Precision-M3800, running Linux 4.4.0-21-generic amd64, 16725336064 bytes physical memory size, number of processors available 8
      [15/Feb/2019:11:48:19 +0100] category=JVM severity=NOTICE msgID=19 msg=JVM Arguments: "-XX:+PrintGCDateStamps", "-Xloggc:/local/GIT/pyforge/results/20190215-114701/proxy_group/ProductionMode/PROXY1/opendj/logs/GCDetails_PROXY1", "-XX:+PrintGCDetails", "-Dorg.opends.server.scriptName=start-ds"
      [15/Feb/2019:11:48:19 +0100] category=ACCESS_CONTROL severity=NOTICE msgID=103 msg=The global access control engine has been initialized with 6 policies
      [15/Feb/2019:11:48:20 +0100] category=org.opends.messages.external severity=WARNING msgID=1 msg=GRIZZLY0029: Error during Processor execution. Connection=null ioEvent=NONE processor=null exception=IllegalArgumentException: CipherSuites may not be null (CipherSuiteList.java:74 SSLEngineImpl.java:2038 SSLEngineConfigurator.java:233 SSLEngineConfigurator.java:215 SSLFilter.java:348 SSLFilter.java:241 SSLFilter.java:225 SSLFilter.java:208 GrizzlyLdapSocketConnector.java:250 GrizzlyLdapSocketConnector.java:242 GrizzlyLdapSocketConnector.java:171 TCPNIOConnectorHandler.java:348 ProcessorExecutor.java:115 ProcessorExecutor.java:208 ProcessorExecutor.java:86 TCPNIOTransport.java:539 TCPNIOConnectorHandler.java:226 TCPNIOConnectorHandler.java:158 TCPNIOConnection.java:258 TCPNIOTransport.java:530 AbstractIOStrategy.java:112 ...)
      [15/Feb/2019:11:48:20 +0100] category=PROTOCOL severity=NOTICE msgID=276 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4446
      [15/Feb/2019:11:48:20 +0100] category=PROTOCOL severity=NOTICE msgID=276 msg=Started listening for new connections on LDAP 0.0.0.0 port 1391
      [15/Feb/2019:11:48:20 +0100] category=CORE severity=NOTICE msgID=135 msg=The Directory Server has started successfully
      [15/Feb/2019:11:48:20 +0100] category=CORE severity=NOTICE msgID=139 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID org.opends.messages.core-135): The Directory Server has started successfully
      
      

      We have an ugly warning in the output, yet it does not prevent the proxy from starting.
      When checking this proxy works, it actually doesnot:

      ProductionMode/PROXY1/opendj/bin/ldapsearch -h localhost -p 1391 -D "cn=myself" -w password -b "cn=monitor" --useStartTLS -X "ds-cfg-backend-id=proxyRoot" ds-mon-backend-proxy-shard 	
      
      dn: ds-cfg-backend-id=proxyRoot,cn=backends,cn=monitor
      

      and in error logs:

      [15/Feb/2019:11:50:19 +0100] category=org.opends.messages.external severity=WARNING msgID=1 msg=GRIZZLY0029: Error during Processor execution. Connection=null ioEvent=NONE processor=null exception=IllegalArgumentException: CipherSuites may not be null (CipherSuiteList.java:74 SSLEngineImpl.java:2038 SSLEngineConfigurator.java:233 SSLEngineConfigurator.java:215 SSLFilter.java:348 SSLFilter.java:241 SSLFilter.java:225 SSLFilter.java:208 GrizzlyLdapSocketConnector.java:250 GrizzlyLdapSocketConnector.java:242 GrizzlyLdapSocketConnector.java:171 TCPNIOConnectorHandler.java:348 ProcessorExecutor.java:115 ProcessorExecutor.java:208 ProcessorExecutor.java:86 TCPNIOTransport.java:539 TCPNIOConnectorHandler.java:226 TCPNIOConnectorHandler.java:158 TCPNIOConnection.java:258 TCPNIOTransport.java:530 AbstractIOStrategy.java:112 ...)
      

      To reproduce:

      ./run-pybot.py -n -v -s proxy_group.ProductionMode -t Allow_Discovery_Configuration  dj
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gaetan Gaetan Boismal
                Reporter:
                cforel carole forel
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: