Dominik created ARTEMIS-5116:
--------------------------------
Summary: SslAutoReload not working in kubernetes environment
Key: ARTEMIS-5116
URL: https://issues.apache.org/jira/browse/ARTEMIS-5116
Project: ActiveMQ Artemis
Issue Type: Bug
Components: management, Web Console
Affects Versions: 2.37.0, 2.36.0, 2.35.0, 2.34.0, 2.33.0
Reporter: Dominik
The secret containing the keystore is mouted as symlink in the kubernetes pod:
{code:java}
drwxr-sr-x 2 root 1001 140 Oct 16 14:12 ..2024_10_16_14_12_19.2285581092
lrwxrwxrwx 1 root 1001 32 Oct 16 14:12 ..data ->
..2024_10_16_14_12_19.2285581092
lrwxrwxrwx 1 root 1001 13 Oct 16 13:43 ca.crt -> ..data/ca.crt
lrwxrwxrwx 1 root 1001 19 Oct 16 13:43 keystore.jks -> ..data/keystore.jks
lrwxrwxrwx 1 root 1001 14 Oct 16 13:43 tls.crt -> ..data/tls.crt
lrwxrwxrwx 1 root 1001 14 Oct 16 13:43 tls.key -> ..data/tls.key
lrwxrwxrwx 1 root 1001 21 Oct 16 13:43 truststore.jks ->
..data/truststore.jks {code}
The WebServerComponent starts some tasks detects the file changes and should
reload the SslContextFactory if the keystore or the truststore changes.
The scanner which is used to detect the filechanges reports the path of the
changed files as realpaths (resolved symlinks).
The WebServerComponent on the other hand stores the reload task under the
symlink path.
So we have a missmatch between the two paths:
* *Scanner path:*
/amq/extra/secrets/my-cert-secret/..2024_10_16_14_35_54.563918461/keystore.jks
* *Task path:* /amq/extra/secrets/my-cert-secret/keystore.jks
Maybe it would be sufficient to initialize the scanner without realPath
reporting.
scanner = new Scanner(scannerScheduler, {*}false{*});
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
