[
https://issues.apache.org/jira/browse/QPID-7311?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15821761#comment-15821761
]
Alex Rudyy edited comment on QPID-7311 at 1/13/17 2:01 PM:
-----------------------------------------------------------
On connection timeout the following exception is logged into broker system
output
{noformat}
Jan 13, 2017 1:11:24 PM com.google.common.util.concurrent.ExecutionList
executeListener
SEVERE: RuntimeException while executing runnable
com.google.common.util.concurrent.Futures$6@5b83d60e with executor
org.apache.qpid.server.configuration.updater.TaskExecutorImpl@2
c5a6012
org.apache.qpid.server.configuration.IllegalConfigurationException: Unable to
get certificate for 'test' from 'https://google.com'
at
org.apache.qpid.server.security.SiteSpecificTrustStoreImpl$2.call(SiteSpecificTrustStoreImpl.java:339)
at
org.apache.qpid.server.security.SiteSpecificTrustStoreImpl$2.call(SiteSpecificTrustStoreImpl.java:302)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at
java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:625)
at
org.apache.qpid.server.security.SiteSpecificTrustStoreImpl$2.call(SiteSpecificTrustStoreImpl.java:316)
... 5 more
{noformat}
It is unclear why it is reported into system output instead of broker logs.
Might worth investigating....
I cannot justify a usage of sperate download executor in the way it is
currently implemented, as even when download happens in a separate thread, the
configuration thread remains blocked for duration of download due to doSync and
is waiting for completion of download. I would remove the creation of the
separate download executor or changed the code to do not wait for the download
completion and return immediately after scheduling of download in both
refreshCertificate and activation.
was (Author: alex.rufous):
On connection timeout the following exception is logged into broker system
output
{noformat}
Jan 13, 2017 1:11:24 PM com.google.common.util.concurrent.ExecutionList
executeListener
SEVERE: RuntimeException while executing runnable
com.google.common.util.concurrent.Futures$6@5b83d60e with executor
org.apache.qpid.server.configuration.updater.TaskExecutorImpl@2
c5a6012
org.apache.qpid.server.configuration.IllegalConfigurationException: Unable to
get certificate for 'test' from 'https://google.com'
at
org.apache.qpid.server.security.SiteSpecificTrustStoreImpl$2.call(SiteSpecificTrustStoreImpl.java:339)
at
org.apache.qpid.server.security.SiteSpecificTrustStoreImpl$2.call(SiteSpecificTrustStoreImpl.java:302)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at
java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at
java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at
java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at
java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:625)
at
org.apache.qpid.server.security.SiteSpecificTrustStoreImpl$2.call(SiteSpecificTrustStoreImpl.java:316)
... 5 more
{noformat}
It is unclear why it is reported into system output instead of broker logs.
Might worth investigating....
It seems the issue is caused by the call to executor.shutdown invoked
immediately after submitting of the Callable. I think that shutdown can be
moved into callable or download can happen in a configuration thread (without
creation of separate executor) as it is blocked anyway by waiting for the
completion of the certificate download via call doSync.
> [Java Broker] SiteSpecificTrustStore does not provide helpful error messages
> when protocol is missing
> -----------------------------------------------------------------------------------------------------
>
> Key: QPID-7311
> URL: https://issues.apache.org/jira/browse/QPID-7311
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Lorenz Quack
> Assignee: Keith Wall
> Priority: Minor
> Fix For: qpid-java-7.0
>
>
> Currently, when creating a {{SiteSpecificTrustStore}} and the protocol is not
> specified in the URL the object will be created but put into ERRORED state.
> No indication as to what is wrong is given. Furthermore the URL is not
> editable rendering the newly created object utterly useless.
> On the Broker side a MalformedURLException is logged at INFO level giving the
> helpful information "no protocol".
> On the broker side we do not need a full stack trace.
> On the client side a error message would be preferable to creating an ERRORED
> object.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
