Error while starting a deployment group with a custom master-password

[theirman]

Hello

I have a new problem, this time as I try to start a deployment group

When updating my master password, I used --savemasterpassword option :

${PAYARA_DIR}/bin/asadmin change-master-password --savemasterpassword=true ${DOMAIN_NAME}

When I start the deployment group, I use the --passwordfile option :

${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-deployment-group group-recette

My password file contains the values AS_ADMIN_PASS and AS_ADMIN_MASTERPASS :

AS_ADMIN_MASTERPASSWORD=//NimC8LS6ScdH//
AS_ADMIN_PASSWORD=//xCz4Xhnbh5MK//

My user payara is the owner of the file and has read rights on my file passwordFile :

drwxr-xr-x 9 payara payara  4096 May 22 11:35 .
drwxr-xr-x 3 root   root    4096 May  7 12:03 ..
-rw------- 1 payara payara 15940 May 22 13:39 .bash_history
-rw-rw-r-- 1 payara payara   105 May 21 16:34 .bashrc
drwxrwxr-x 3 payara payara  4096 May  7 15:58 .gfclient
drwxrwxr-x 3 payara payara  4096 May 21 15:50 .java
-rw------- 1 payara payara  1024 May  7 15:04 .rnd
drwxr-xr-x 8 payara payara  4096 Feb 28 18:48 appserver
drwxr-xr-x 2 payara payara  4096 May 22 11:35 autodeploy
drwxr-xr-x 2 payara payara  4096 May  7 12:03 config
drwxr-xr-x 2 payara payara  4096 May  7 12:03 deployments
-rw-r--r-- 1 payara payara    64 May 22 13:35 passwordFile
drwxr-xr-x 3 payara payara  4096 May 22 10:55 scripts

However, I still have this erreur in CLI :

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-production

remote failure: instance-production-1: Could not start instance instance-production-1 on node localhost-production (localhost).

Command failed on node localhost-production (localhost): CLI801 Instance is already synchronized
Enter master password (3) attempt(s) remain)>IOException reading password.
Command start-local-instance failed.

The Master Password is required to start the domain.  No console, no prompting possible.  You should either create the domain with --savemasterpassword=true or provide a password file with the --passwordfile option.

To complete this operation run the following command locally on host localhost from the Payara Server install location /data/apps/payara/appserver:

 lib/nadmin  start-local-instance --node localhost-production --sync normal instance-production-1

The command start-instance failed for: instance-production-1
Command start-deployment-group failed.

PS: I encounter this same error from the admin webconsole if I try to start one of my instances or if I try to start my group

Later, I tried to reset the default password (changeit)

Strangely, without changing anything other than the master-pass, everything is OK

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-production
Command start-deployment-group executed successfully.

Again :

• I stop the execution of the domain
• I modify my file passwordFile  such as AS_ADMIN_MASTERPASSWORD=//NimC8LS6ScdH//
• I modify the value of the masterpass by taking care to use the option --savemasterpassword=true
• I restart the execution of my domain
• I'm trying to start the deployment group and ...

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-production
remote failure: instance-production-1: Could not start instance instance-production-1 on node localhost-production (localhost).

Command failed on node localhost-production (localhost): Enter master password (3) attempt(s) remain)>IOException reading password.
Command start-local-instance failed.

The Master Password is required to start the domain.  No console, no prompting possible.  You should either create the domain with --savemasterpassword=true or provide a password file with the --passwordfile option.

To complete this operation run the following command locally on host localhost from the Payara Server install location /data/apps/payara/appserver:

 lib/nadmin  start-local-instance --node localhost-production --sync normal instance-production-1

The command start-instance failed for: instance-production-1
Command start-deployment-group failed.

Any idea ?

Where is physically stored the masterpass when using --savemasterpassword=true ?

[eduard...@gmail.com]

It looks like you have real passwords in your question.

Don't know if it makes any difference, but in my docker setup's I don't
use --savemasterpassword=true:

RUN ${PAYARA_DIR}/bin/asadmin --user admin --
passwordfile=/tmp/changepwd change-master-password && \
${PAYARA_DIR}/bin/asadmin --user admin --passwordfile=/tmp/changepwd
change-admin-password

I am not using deployment-goups though.

Bye, Eduard

> passwordfile option.
>
> To complete this operation run the following command locally on host
> localhost from the Payara Server install location
> /data/apps/payara/appserver:
>
> lib/nadmin start-local-instance --node localhost-production --sync
> normal instance-production-1
>
> The command start-instance failed for: instance-production-1
> Command start-deployment-group failed.
>
> Any idea ?
> Where is physically stored the masterpass when using --
> savemasterpassword=true ?

> --
> You received this message because you are subscribed to the Google
> Groups "Payara Forum" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to payara-forum...@googlegroups.com.
> To view this discussion on the web, visit
> https://groups.google.com/d/msgid/payara-forum/03b50858-378a-4771-a11d-c6be81e9e415%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

[theirman]

Hello and thank you Eduard,

Even if the passwords seem real, they are temporary passwords that replace the real ones for this discussion.

So I guess, then, for each call to asadmin, you pass your password file as a parameter, that's it? and you don't have any problem using the webconsole?

Maybe the fact that I use --savemasterpassword=true and that I use --passwordfile creates a conflict. I'll try your way of doing things and come back to you to tell you the results

> send an email to payara...@googlegroups.com.

[eduard...@gmail.com]

The complete working setup I use you can find here:
https://bitbucket.org/fryske-akademy/hisgis_oat_invoermodule/src/master/install/docker/

succes

> send an email to payara-forum...@googlegroups.com.

> To view this discussion on the web, visit

> https://groups.google.com/d/msgid/payara-forum/bab40fcc-ea04-476d-8f0b-f00898913816%40googlegroups.com

[theirman]

Hello,

I come back to this error that persists on my server. In the meantime, I changed my payara version to 5.192 and my jdk to zulu-jdk 11.0.3

As Eduard suggested, I gave up the --savemasterpassword=true option and chose the --passwordfile option for each order but this does not solve my problem.

Does anyone see any other reason why this shouldn't work?

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-production
remote failure: instance-production-1: Could not start instance instance-production-1 on node localhost-production (localhost).


Command failed on node localhost-production (localhost): CLI801 Instance is already synchronized
Enter master password (3) attempt(s) remain)>IOException reading password.
Command start-local-instance failed.


The Master Password is required to start the domain.  No console, no prompting possible.  You should either create the domain with --savemasterpassword=true or provide a password file with the --passwordfile option.


To complete this operation run the following command locally on host localhost from the Payara Server install location /data/apps/payara/appserver:

 lib/nadmin  start-local-instance --node localhost-production --sync normal --timeout 120 instance-production-1

[eduard...@gmail.com]

Probably a stupid question, but can the remote read the file?

On Fri, 2019-05-31 at 02:01 -0700, theirman wrote:
>
> Hello,
> I come back to this error that persists on my server. In the
> meantime, I changed my payara version to 5.192 and my jdk to zulu-jdk
> 11.0.3
>
> As Eduard suggested, I gave up the --savemasterpassword=true option
> and chose the --passwordfile option for each order but this does not
> solve my problem.
>
> Does anyone see any other reason why this shouldn't work?
>
>
>

> bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --
> passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-
> production

> > bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --
> > passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-
> > production
> >

> > remote failure: instance-production-1: Could not start instance
> > instance-production-1 on node localhost-production (localhost).
> >
> > Command failed on node localhost-production (localhost): CLI801
> > Instance is already synchronized
> > Enter master password (3) attempt(s) remain)>IOException reading
> > password.
> > Command start-local-instance failed.
> >
> > The Master Password is required to start the domain. No console,
> > no prompting possible. You should either create the domain with --
> > savemasterpassword=true or provide a password file with the --
> > passwordfile option.
> >
> > To complete this operation run the following command locally on
> > host localhost from the Payara Server install location
> > /data/apps/payara/appserver:
> >
> > lib/nadmin start-local-instance --node localhost-production --

> > sync normal instance-production-1
> >
> > The command start-instance failed for: instance-production-1
> > Command start-deployment-group failed.
> >
> > PS: I encounter this same error from the admin webconsole if I try
> > to start one of my instances or if I try to start my group
> >
> >
> > Later, I tried to reset the default password (changeit)
> > Strangely, without changing anything other than the master-pass,
> > everything is OK

> > bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --
> > passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-
> > production

> > Command start-deployment-group executed successfully.
> >
> > Again :
> > I stop the execution of the domain
> > I modify my file passwordFile such as
> > AS_ADMIN_MASTERPASSWORD=//NimC8LS6ScdH//
> > I modify the value of the masterpass by taking care to use the
> > option --savemasterpassword=true
> > I restart the execution of my domain
> > I'm trying to start the deployment group and ...

> > bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --
> > passwordfile=${PASSWORD_FILE} start-deployment-group gr oup-
> > production

> > remote failure: instance-production-1: Could not start instance
> > instance-production-1 on node localhost-production (localhost).
> >
> > Command failed on node localhost-production (localhost): Enter
> > master password (3) attempt(s) remain)>IOException reading
> > password.
> > Command start-local-instance failed.
> >
> > The Master Password is required to start the domain. No console,
> > no prompting possible. You should either create the domain with --

> > savemasterpassword=true or provide a password file with the --
> > passwordfile option.
> >
> > To complete this operation run the following command locally on
> > host localhost from the Payara Server install location
> > /data/apps/payara/appserver:
> >
> > lib/nadmin start-local-instance --node localhost-production --

> > sync normal instance-production-1
> >
> > The command start-instance failed for: instance-production-1
> > Command start-deployment-group failed.
> >
> > Any idea ?

> > Where is physically stored the masterpass when using --
> > savemasterpassword=true ?
>
> --
> You received this message because you are subscribed to the Google
> Groups "Payara Forum" group.
> To unsubscribe from this group and stop receiving emails from it,

> send an email to payara-forum...@googlegroups.com.
> To view this discussion on the web, visit

> https://groups.google.com/d/msgid/payara-forum/7752c825-d038-4f82-9f79-b120136801c5%40googlegroups.com

[theirman]

with a chmod 644 --> fail

with a chmod 777 --> fail

> send an email to payara...@googlegroups.com.

[theirman]

New tests without changing my configuration: (for now, the deployment group only contains the instance-production-1 instance)

• I start the "instance-production-1" instance --> OK

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-local-instance --node localhost-production --sync normal instance-production-1

CLI801 Instance is already synchronized

Waiting for instance-production-1 to start .............
Successfully started the instance: instance-production-1
instance Location: /data/apps/payara/appserver/glassfish/nodes/localhost-production/instance-production-1
Log File: /data/apps/payara/appserver/glassfish/nodes/localhost-production/instance-production-1/logs/server.log
Admin Port: 24848
Command start-local-instance executed successfully.

• I stop the "group-production" group --> OK, stop the instance contained in the group

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} stop-deployment-group group-production
Command stop-deployment-group executed successfully.

• I try to start the group --> KO, refuses to start the instance

bash-4.2$ ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-deployment-group group-

production
remote failure: instance-production-1: Could not start instance instance-production-1 on node localhost-production (localhost).

Command failed on node localhost-production (localhost): Enter master password (3) attempt(s) remain)>IOException reading password.
Command start-local-instance failed.

The Master Password is required to start the domain.  No console, no prompting possible.  You should either create the domain with --savemasterpassword=true or provide a password file with the --passwordfile option.