Hi,
I tried to run kapua-broker with TLS communication. I'm using docker. I find post https://www.eclipse.org/forums/index.php/t/1099356/, which man had same problem like me. I did changes like he wrotes:
My file run-broker:
ACTIVEMQ_BASE="/var/opt/activemq"
# Generate X509 certificate and private key
openssl req -x509 -newkey rsa:4096 -keyout ${ACTIVEMQ_BASE}/key.pem -out ${ACTIVEMQ_BASE}/cert.pem -days 365 -nodes -subj '/O=Eclipse Kapua/C=XX'
openssl pkcs8 -topk8 -in ${ACTIVEMQ_BASE}/key.pem -out ${ACTIVEMQ_BASE}/key.pk8 -nocrypt
rm ${ACTIVEMQ_BASE}/key.pem
mkdir /var/opt/activemq/tls
openssl pkcs12 -export -in /var/opt/activemq/cert.pem -inkey "/var/opt/activemq/key.pk8" -name kapua -password pass:"changeit" -out "/var/opt/activemq/tls/kapua.jks"
## Certificate Options
ACTIVEMQ_SSL_OPTS="${ACTIVEMQ_SSL_OPTS} -Djavax.net.ssl.keyStore=/var/opt/activemq/tls/kapua.jks"
ACTIVEMQ_SSL_OPTS="${ACTIVEMQ_SSL_OPTS} -Djavax.net.ssl.keyStorePassword=changeit"
ACTIVEMQ_SSL_OPTS="${ACTIVEMQ_SSL_OPTS} -Djavax.net.ssl.trustStore=/var/opt/activemq/tls/kapua.jks"
ACTIVEMQ_SSL_OPTS="${ACTIVEMQ_SSL_OPTS} -Djavax.net.ssl.trustStorePassword=changeit"
export ACTIVEMQ_SSL_OPTS
# Run broker
/opt/activemq/bin/activemq console
In file activemq.xml, I uncomment sslContext and modify like:
<sslContext>
<sslContext keyStore="/var/opt/activemq/tls/kapua.jks" keyStorePassword="changeit" trustStore="/var/opt/activemq/tls/kapua.jks" trustStorePassword="changeit"/>
</sslContext>
But now when I starting kapua-broker, I see errors like this:
broker_1 | 07:55:32.275 [main] ERROR o.e.k.c.l.KapuaLiquibaseClient - Error while running Liquibase scripts!
broker_1 | com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
broker_1 | The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.
broker_1 | at com.mysql.cj.jdbc.exceptions.SQLError.createCommunicationsException(SQLError.java:174)
broker_1 | at com.mysql.cj.jdbc.exceptions.SQLExceptionsMapping.translateException(SQLExceptionsMapping.java:64)
broker_1 | at com.mysql.cj.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:836)
My docker compose:
db:
image: mysql
restart: on-failure
environment:
MYSQL_ROOT_PASSWORD: pass
MYSQL_USER: user
MYSQL_PASSWORD: pass
MYSQL_DATABASE: passbb
ports:
- 3306:3306
And file: kapua-environment-setting.properties, I don't have any idea that I should do changes here:
commons.db.jdbc.driver=com.mysql.cj.jdbc.Driver
commons.db.connection.scheme=jdbc:mysql
...
commons.db.connection.useSsl=true
#
# Broker settings
#
broker.scheme=ssl
broker.host=localhost
broker.port=8883
I don't have any idea how can I fix it, I spent a lot of time on that, and see that probably problem is on connection with mysql. Mysql working correctly, I can log-in to container and see that everything works. Certificates are generated probably correctly (they aren't empty).
Without any changes in files above, kapua and mysql work correctly.
[Updated on: Fri, 13 March 2020 08:38]
Report message to a moderator