[jira] [Commented] (ARTEMIS-5116) SslAutoReload not working in kubernetes environment

Mon, 25 Nov 2024 14:35:16 -0800 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901031#comment-17901031
 ] 

ASF subversion and git services commented on ARTEMIS-5116:
----------------------------------------------------------

Commit 6747f561bc85333aff5689a017b5324c4107e250 in activemq-artemis's branch 
refs/heads/main from Domenico Francesco Bruscino
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=6747f561bc ]

ARTEMIS-5116 Fix web binding SSL auto reload from symbolic links


> SslAutoReload not working in kubernetes environment
> ---------------------------------------------------
>
>                 Key: ARTEMIS-5116
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5116
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: management, Web Console
>    Affects Versions: 2.33.0, 2.34.0, 2.35.0, 2.36.0, 2.37.0, 2.38.0
>            Reporter: Dominik
>            Priority: Critical
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The secret containing the keystore is mouted as symlink in the kubernetes pod:
> {code:java}
> drwxr-sr-x 2 root 1001  140 Oct 16 14:12 ..2024_10_16_14_12_19.2285581092
> lrwxrwxrwx 1 root 1001   32 Oct 16 14:12 ..data -> 
> ..2024_10_16_14_12_19.2285581092
> lrwxrwxrwx 1 root 1001   13 Oct 16 13:43 ca.crt -> ..data/ca.crt
> lrwxrwxrwx 1 root 1001   19 Oct 16 13:43 keystore.jks -> ..data/keystore.jks
> lrwxrwxrwx 1 root 1001   14 Oct 16 13:43 tls.crt -> ..data/tls.crt
> lrwxrwxrwx 1 root 1001   14 Oct 16 13:43 tls.key -> ..data/tls.key
> lrwxrwxrwx 1 root 1001   21 Oct 16 13:43 truststore.jks -> 
> ..data/truststore.jks {code}
> The WebServerComponent starts some tasks detects the file changes and should 
> reload the SslContextFactory if the keystore or the truststore changes.
> The scanner which is used to detect the filechanges reports the path of the 
> changed files as realpaths (resolved symlinks). 
> The WebServerComponent on the other hand stores the reload task under the 
> symlink path.
> So we have a missmatch between the two paths:
>  * *Scanner path:* 
> /amq/extra/secrets/my-cert-secret/..2024_10_16_14_35_54.563918461/keystore.jks
>  * *Task path:* /amq/extra/secrets/my-cert-secret/keystore.jks
>  
> Maybe it would be sufficient to initialize the scanner without realPath 
> reporting.
>  
> scanner = new Scanner(scannerScheduler, {*}false{*});



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to