Skip to main content

Error upgrading config for secure DAS-to-instance admin traffic

2 replies [Last post]
Anonymous

Dear GlassFish users

I'm trying to upgrade the GlassFish Server Open Source Edition from
3.1.2 to 3.1.2.2 with a side-by-side upgrade path and the help of the
asupgrade tool, following the upgrade guide (chapter "To Upgrade From
the Command Line Using Upgrade Tool").

Unfortunately the upgrade fails with the following exception:
asadmin: SEVERE: Error upgrading config for secure DAS-to-instance admin
traffic
asadmin: org.jvnet.hk2.component.ComponentException: injection failed on
com.sun.enterprise.security.ssl.SSLUtils.secSupp with class
com.sun.enterprise.server.pluggable.SecuritySupport

[...]

asadmin: Caused by: java.io.IOException: Keystore was tampered with, or
password was incorrect

The old version is located at /opt/glassfish-3.1.2 and symlinked to
/opt/glassfish, whereas the new version will be located at
/opt/glassfish-3.1.2.2. The old version uses a site specific master
password (not the default one).

I've used the following steps to upgrade to the new version:

cd /var/tmp
wget
http://download.java.net/glassfish/3.1.2.2/release/glassfish-3.1.2.2.zip
mkdir --mode=755 /opt/glassfish-3.1.2.2
unzip glassfish-3.1.2.2.zip -d /opt/glassfish-3.1.2.2

rm -rf /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains/domain1

/opt/glassfish-3.1.2.2/glassfish3/glassfish/bin/asupgrade \
--console \
--source /opt/glassfish/glassfish3/glassfish/domains/domain1 \
--target /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains

On the "Enter the master password" prompt I've entered the same master
password as on the old version, however asadmin doesn't seems to be able
to access the keystore. I've used copy and paste for entering the master
password and also verified it on the old version beforehand.

Afterwards I've compared the MD5 sums of the following files on both
versions, they all match.
.../domains/domain1/config/keystore.jks
.../domains/domain1/config/cacerts.jks
.../domains/domain1/master-password

I was also able to list the content of the keystore and the cacerts with
help of the keytool and the master password of the old version.

Are there any pre-upgrade steps that I've missed or what could be the
cause of the above error?

Please find attached the complete upgrade log file.

Thanks a lot in advance for your help.
Christian

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
tjquinn
Offline
Joined: 2005-03-30

Christian,

I will try to reproduce this problem here a little later today, but in the meantime have you tried referring to the original 3.1.2 installation in the upgrade using /opt/glassfish-3.1.2 instead of the link? It's not clear that this is the problem, but it would be easy to try (if you have not already done so).

- Tim

On Aug 21, 2012, at 6:34 AM, Christian Affolter wrote:

> Dear GlassFish users
>
> I'm trying to upgrade the GlassFish Server Open Source Edition from
> 3.1.2 to 3.1.2.2 with a side-by-side upgrade path and the help of the
> asupgrade tool, following the upgrade guide (chapter "To Upgrade From
> the Command Line Using Upgrade Tool").
>
> Unfortunately the upgrade fails with the following exception:
> asadmin: SEVERE: Error upgrading config for secure DAS-to-instance admin
> traffic
> asadmin: org.jvnet.hk2.component.ComponentException: injection failed on
> com.sun.enterprise.security.ssl.SSLUtils.secSupp with class
> com.sun.enterprise.server.pluggable.SecuritySupport
>
> [...]
>
> asadmin: Caused by: java.io.IOException: Keystore was tampered with, or
> password was incorrect
>
>
> The old version is located at /opt/glassfish-3.1.2 and symlinked to
> /opt/glassfish, whereas the new version will be located at
> /opt/glassfish-3.1.2.2. The old version uses a site specific master
> password (not the default one).
>
>
> I've used the following steps to upgrade to the new version:
>
> cd /var/tmp
> wget
> http://download.java.net/glassfish/3.1.2.2/release/glassfish-3.1.2.2.zip
> mkdir --mode=755 /opt/glassfish-3.1.2.2
> unzip glassfish-3.1.2.2.zip -d /opt/glassfish-3.1.2.2
>
> rm -rf /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains/domain1
>
> /opt/glassfish-3.1.2.2/glassfish3/glassfish/bin/asupgrade \
> --console \
> --source /opt/glassfish/glassfish3/glassfish/domains/domain1 \
> --target /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains
>
> On the "Enter the master password" prompt I've entered the same master
> password as on the old version, however asadmin doesn't seems to be able
> to access the keystore. I've used copy and paste for entering the master
> password and also verified it on the old version beforehand.
>
> Afterwards I've compared the MD5 sums of the following files on both
> versions, they all match.
> .../domains/domain1/config/keystore.jks
> .../domains/domain1/config/cacerts.jks
> .../domains/domain1/master-password
>
> I was also able to list the content of the keystore and the cacerts with
> help of the keytool and the master password of the old version.
>
>
> Are there any pre-upgrade steps that I've missed or what could be the
> cause of the above error?
>
>
> Please find attached the complete upgrade log file.
>
>
> Thanks a lot in advance for your help.
> Christian
>

tjquinn
Offline
Joined: 2005-03-30

Hello, again, Christian.

I have reproduced the problem here, without using a symlink.

We need to investigate a little more on this end, but this certainly looks like a bug. I have opened this

http://java.net/jira/browse/GLASSFISH-19031

to track it.

One workaround that worked for me is to change the master password on the old domain back to the default, do the upgrade, then set the master password in the new installation to whatever you wanted. Then the asupgrade worked. Not ideal, I know, but at least it would allow you to perform the upgrade and get past this.

- Tim

On Aug 22, 2012, at 7:04 AM, Tim Quinn wrote:

> Christian,
>
> I will try to reproduce this problem here a little later today, but in the meantime have you tried referring to the original 3.1.2 installation in the upgrade using /opt/glassfish-3.1.2 instead of the link? It's not clear that this is the problem, but it would be easy to try (if you have not already done so).
>
> - Tim
>
>
> On Aug 21, 2012, at 6:34 AM, Christian Affolter wrote:
>
>> Dear GlassFish users
>>
>> I'm trying to upgrade the GlassFish Server Open Source Edition from
>> 3.1.2 to 3.1.2.2 with a side-by-side upgrade path and the help of the
>> asupgrade tool, following the upgrade guide (chapter "To Upgrade From
>> the Command Line Using Upgrade Tool").
>>
>> Unfortunately the upgrade fails with the following exception:
>> asadmin: SEVERE: Error upgrading config for secure DAS-to-instance admin
>> traffic
>> asadmin: org.jvnet.hk2.component.ComponentException: injection failed on
>> com.sun.enterprise.security.ssl.SSLUtils.secSupp with class
>> com.sun.enterprise.server.pluggable.SecuritySupport
>>
>> [...]
>>
>> asadmin: Caused by: java.io.IOException: Keystore was tampered with, or
>> password was incorrect
>>
>>
>> The old version is located at /opt/glassfish-3.1.2 and symlinked to
>> /opt/glassfish, whereas the new version will be located at
>> /opt/glassfish-3.1.2.2. The old version uses a site specific master
>> password (not the default one).
>>
>>
>> I've used the following steps to upgrade to the new version:
>>
>> cd /var/tmp
>> wget
>> http://download.java.net/glassfish/3.1.2.2/release/glassfish-3.1.2.2.zip
>> mkdir --mode=755 /opt/glassfish-3.1.2.2
>> unzip glassfish-3.1.2.2.zip -d /opt/glassfish-3.1.2.2
>>
>> rm -rf /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains/domain1
>>
>> /opt/glassfish-3.1.2.2/glassfish3/glassfish/bin/asupgrade \
>> --console \
>> --source /opt/glassfish/glassfish3/glassfish/domains/domain1 \
>> --target /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains
>>
>> On the "Enter the master password" prompt I've entered the same master
>> password as on the old version, however asadmin doesn't seems to be able
>> to access the keystore. I've used copy and paste for entering the master
>> password and also verified it on the old version beforehand.
>>
>> Afterwards I've compared the MD5 sums of the following files on both
>> versions, they all match.
>> .../domains/domain1/config/keystore.jks
>> .../domains/domain1/config/cacerts.jks
>> .../domains/domain1/master-password
>>
>> I was also able to list the content of the keystore and the cacerts with
>> help of the keytool and the master password of the old version.
>>
>>
>> Are there any pre-upgrade steps that I've missed or what could be the
>> cause of the above error?
>>
>>
>> Please find attached the complete upgrade log file.
>>
>>
>> Thanks a lot in advance for your help.
>> Christian
>>
>