Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
2.33.0, 2.34.0, 2.35.0, 2.36.0, 2.37.0, 2.38.0
-
None
Description
The secret containing the keystore is mouted as symlink in the kubernetes pod:
drwxr-sr-x 2 root 1001 140 Oct 16 14:12 ..2024_10_16_14_12_19.2285581092 lrwxrwxrwx 1 root 1001 32 Oct 16 14:12 ..data -> ..2024_10_16_14_12_19.2285581092 lrwxrwxrwx 1 root 1001 13 Oct 16 13:43 ca.crt -> ..data/ca.crt lrwxrwxrwx 1 root 1001 19 Oct 16 13:43 keystore.jks -> ..data/keystore.jks lrwxrwxrwx 1 root 1001 14 Oct 16 13:43 tls.crt -> ..data/tls.crt lrwxrwxrwx 1 root 1001 14 Oct 16 13:43 tls.key -> ..data/tls.key lrwxrwxrwx 1 root 1001 21 Oct 16 13:43 truststore.jks -> ..data/truststore.jks
The WebServerComponent starts some tasks detects the file changes and should reload the SslContextFactory if the keystore or the truststore changes.
The scanner which is used to detect the filechanges reports the path of the changed files as realpaths (resolved symlinks).
The WebServerComponent on the other hand stores the reload task under the symlink path.
So we have a missmatch between the two paths:
- Scanner path: /amq/extra/secrets/my-cert-secret/..2024_10_16_14_35_54.563918461/keystore.jks
- Task path: /amq/extra/secrets/my-cert-secret/keystore.jks
Maybe it would be sufficient to initialize the scanner without realPath reporting.
scanner = new Scanner(scannerScheduler, false);
Attachments
Issue Links
- links to
