users@glassfish.java.net

Re: Error upgrading config for secure DAS-to-instance admin traffic

From: Tim Quinn <tim.quinn_at_oracle.com>
Date: Wed, 22 Aug 2012 10:00:40 -0500

Hello, again, Christian.

I have reproduced the problem here, without using a symlink.

We need to investigate a little more on this end, but this certainly looks like a bug. I have opened this

http://java.net/jira/browse/GLASSFISH-19031

to track it.

One workaround that worked for me is to change the master password on the old domain back to the default, do the upgrade, then set the master password in the new installation to whatever you wanted. Then the asupgrade worked. Not ideal, I know, but at least it would allow you to perform the upgrade and get past this.

- Tim

On Aug 22, 2012, at 7:04 AM, Tim Quinn wrote:

> Christian,
>
> I will try to reproduce this problem here a little later today, but in the meantime have you tried referring to the original 3.1.2 installation in the upgrade using /opt/glassfish-3.1.2 instead of the link? It's not clear that this is the problem, but it would be easy to try (if you have not already done so).
>
> - Tim
>
>
> On Aug 21, 2012, at 6:34 AM, Christian Affolter wrote:
>
>> Dear GlassFish users
>>
>> I'm trying to upgrade the GlassFish Server Open Source Edition from
>> 3.1.2 to 3.1.2.2 with a side-by-side upgrade path and the help of the
>> asupgrade tool, following the upgrade guide (chapter "To Upgrade From
>> the Command Line Using Upgrade Tool").
>>
>> Unfortunately the upgrade fails with the following exception:
>> asadmin: SEVERE: Error upgrading config for secure DAS-to-instance admin
>> traffic
>> asadmin: org.jvnet.hk2.component.ComponentException: injection failed on
>> com.sun.enterprise.security.ssl.SSLUtils.secSupp with class
>> com.sun.enterprise.server.pluggable.SecuritySupport
>>
>> [...]
>>
>> asadmin: Caused by: java.io.IOException: Keystore was tampered with, or
>> password was incorrect
>>
>>
>> The old version is located at /opt/glassfish-3.1.2 and symlinked to
>> /opt/glassfish, whereas the new version will be located at
>> /opt/glassfish-3.1.2.2. The old version uses a site specific master
>> password (not the default one).
>>
>>
>> I've used the following steps to upgrade to the new version:
>>
>> cd /var/tmp
>> wget
>> http://download.java.net/glassfish/3.1.2.2/release/glassfish-3.1.2.2.zip
>> mkdir --mode=755 /opt/glassfish-3.1.2.2
>> unzip glassfish-3.1.2.2.zip -d /opt/glassfish-3.1.2.2
>>
>> rm -rf /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains/domain1
>>
>> /opt/glassfish-3.1.2.2/glassfish3/glassfish/bin/asupgrade \
>> --console \
>> --source /opt/glassfish/glassfish3/glassfish/domains/domain1 \
>> --target /opt/glassfish-3.1.2.2/glassfish3/glassfish/domains
>>
>> On the "Enter the master password" prompt I've entered the same master
>> password as on the old version, however asadmin doesn't seems to be able
>> to access the keystore. I've used copy and paste for entering the master
>> password and also verified it on the old version beforehand.
>>
>> Afterwards I've compared the MD5 sums of the following files on both
>> versions, they all match.
>> .../domains/domain1/config/keystore.jks
>> .../domains/domain1/config/cacerts.jks
>> .../domains/domain1/master-password
>>
>> I was also able to list the content of the keystore and the cacerts with
>> help of the keytool and the master password of the old version.
>>
>>
>> Are there any pre-upgrade steps that I've missed or what could be the
>> cause of the above error?
>>
>>
>> Please find attached the complete upgrade log file.
>>
>>
>> Thanks a lot in advance for your help.
>> Christian
>> <upgrade.log>
>