JBoss ON agent 3.3 Update-06 fails startup with SSLContext not available

Solution Verified - Updated

Environment

  • Red Hat JBoss Operations Network (ON) 3.3 Update-06 (3.3.6)
  • Using sslsocket secure socket communications between agent and server

Issue

  • After upgrade to 3.3 Update-06 (3.3.6) all agents fail to start with the following exception logged in agent.log:

      java.io.IOException: Error creating server socket factory SSL context: TLSv1,TLSv1.1,TLSv1.2 SSLContext not available
      at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
      at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
      at org.jboss.remoting.security.SSLSocketBuilder.createServerSocketFactorySSLContext(SSLSocketBuilder.java:1197)
      at org.jboss.remoting.security.SSLSocketBuilder.createCustomServerSocketFactory(SSLSocketBuilder.java:385)
      at org.jboss.remoting.security.SSLSocketBuilder.createSSLServerSocketFactory(SSLSocketBuilder.java:366)
      at org.jboss.remoting.security.SSLSocketBuilder.createSSLServerSocketFactory(SSLSocketBuilder.java:345)
      at org.jboss.remoting.security.SSLServerSocketFactoryService.start(SSLServerSocketFactoryService.java:61)
      at org.rhq.enterprise.communications.ServiceContainer.initializeSecurityServices(ServiceContainer.java:1393)
      at org.rhq.enterprise.communications.ServiceContainer.setupServerConnector(ServiceContainer.java:1240)
      at org.rhq.enterprise.communications.ServiceContainer.start(ServiceContainer.java:596)
      at org.rhq.enterprise.communications.ServiceContainer.start(ServiceContainer.java:514)
      at org.rhq.enterprise.agent.AgentMain.startCommServices(AgentMain.java:2542)
      at org.rhq.enterprise.agent.AgentMain.start(AgentMain.java:715)
      at org.rhq.enterprise.agent.AgentMain.main(AgentMain.java:461)

Resolution

This issue has been identified as This content is not included.Red Hat Bugzilla 1301970 and will be addressed in JBoss ON 3.3 Update-07.

If you have already installed JBoss ON 3.3 Update-06 you will need to explicitly set the agent's configuration property rhq.communications.connector.security.secure-socket-protocol to a valid value such as TLS. The following JBoss ON agent command demonstrates setting this property.

  1. Shutdown the JBoss ON agent if it is running.

  2. Set the environment variable RHQ_AGENT_HOME to the complete path of your JBoss ON agent installation:

     RHQ_AGENT_HOME=/opt/jboss/on/rhq-agent
 export RHQ_AGENT_HOME

  3. Execute the following command to set the configuration property to TLS:

     echo "setconfig rhq.communications.connector.security.secure-socket-protocol=TLS" | "${RHQ_AGENT_HOME}/bin/rhq-agent.sh" --nostart

  4. Repeat the previous steps for all agents.

Root Cause

In JBoss ON 3.3 Update-06, the default value for the agent configuration property rhq.communications.connector.security.secure-socket-protocol was changed from TLS to a value that is not compatible with the SSL socket implementation used by the JBoss ON agent. If a value is not explicitly defined for rhq.communications.connector.security.secure-socket-protocol in the agent's configuration file or at agent installation time, the agent will attempt to use this invalid default value.

SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.