Server still works, but can't shutdown properly
9 views
Skip to first unread message
Lance Raymond
May 5, 2021, 1:13:20 PM5/5/21
to Payara Forum
Morning all, have a few production servers, and recently when I try to
stop a service, I am getting the following error;
./asadmin stop-domain production
NCLS-ADMIN-00010
NCLS-ADMIN-00010
CLI306: Warning - The server located at /opt/payara5/glassfish/domains/production is not running.
No domains are currently running.
Command stop-domain failed.
However, you can see that it is;
root@p1:/opt/payara5/bin# ps aux |grep payara
root 17333 45.4 5.2 3109936 410412 pts/0 Sl 16:54 0:19 /usr/lib/jvm/java-8-openjdk-amd64/bin/java -cp /opt/payara5/glassfish/modules/glassfish.jar -XX:+UnlockDiagnosticVMOptions -XX:NewRatio=2 -Xmx512m -Xbootclasspath/p:/opt/payara5/glassfish/lib/grizzly-npn-bootstrap-1.8.1.jar -server -javaagent:/opt/payara5/glassfish/lib/monitor/flashlight-agent.jar -Djavax.xml.accessExternalSchema=all -Djavax.net.ssl.trustStore=/opt/payara5/glassfish/domains/production/config/cacerts.jks -Djdk.tls.rejectClientInitiatedRenegotiation=true -Djdk.corba.allowOutputStreamSubclass=true -Dfelix.fileinstall.dir=/opt/payara5/glassfish/modules/autostart/ -Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall -Dcom.sun.aas.installRoot=/opt/payara5/glassfish -Dfelix.fileinstall.poll=5000 -Djava.security.policy=/opt/payara5/glassfish/domains/production/config/server.policy -Djava.endorsed.dirs=/opt/payara5/glassfish/modules/endorsed:/opt/payara5/glassfish/lib/endorsed -Dosgi.shell.telnet.maxconn=1 -Dfelix.fileinstall.bundles.startTransient=true -Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory -Dfelix.fileinstall.log.level=2 -Djavax.net.ssl.keyStore=/opt/payara5/glassfish/domains/production/config/keystore.jks -Djava.security.auth.login.config=/opt/payara5/glassfish/domains/production/config/login.conf -Dfelix.fileinstall.disableConfigSave=false -Dorg.glassfish.grizzly.DEFAULT_MEMORY_MANAGER=org.glassfish.grizzly.memory.HeapMemoryManager -Dfelix.fileinstall.bundles.new.start=true -Dcom.sun.aas.instanceRoot=/opt/payara5/glassfish/domains/production -Dosgi.shell.telnet.port=6666 -Dgosh.args=--nointeractive -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Dorg.jboss.weld.serialization.beanIdentifierIndexOptimization=false -Dosgi.shell.telnet.ip=127.0.0.1 -DANTLR_USE_DIRECT_CLASS_LOADING=true -Djava.awt.headless=true -Dcom.ctc.wstx.returnNullForDefaultNamespace=true -Djava.ext.dirs=/usr/lib/jvm/java-8-openjdk-amd64/lib/ext:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext:/opt/payara5/glassfish/domains/production/lib/ext -Djdbc.drivers=org.h2.Driver -Dorg.glassfish.grizzly.nio.DefaultSelectorHandler.force-selector-spin-detection=true -Djava.library.path=/opt/payara5/glassfish/lib:/usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib com.sun.enterprise.glassfish.bootstrap.ASMain -upgrade false -domaindir /opt/payara5/glassfish/domains/production -read-stdin true -asadmin-args --host,,,localhost,,,--port,,,4848,,,--secure=false,,,--terse=false,,,--extraterse=false,,,--echo=false,,,--interactive=true,,,--autoname=false,,,start-domain,,,--verbose=false,,,--watchdog=false,,,--debug=false,,,--domaindir,,,/opt/payara5/glassfish/domains,,,production -domainname production -instancename server -type DAS -verbose false -asadmin-classpath /opt/payara5/glassfish/lib/client/appserver-cli.jar -debug false -asadmin-classname com.sun.enterprise.admin.cli.AdminMain -watchdog false
If I kill that PID, it will start and work fine again, but trying to see what the issue is. I did see this in the logs on startup "javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" Looking at the keytool and the cacerts file, there are a lot of certificates, 2 recently expired, but I don't think I have ever generated, and believe that they just came with the original download.
So, is there a new file I can just download, can I disable SSL completely (and use secure-admin), as this is behind a load balancer that does the SSL and talks direct via HTTP?
If I need to do anything else, feel free to suggest.
Thanks much!
./asadmin stop-domain production
NCLS-ADMIN-00010
NCLS-ADMIN-00010
CLI306: Warning - The server located at /opt/payara5/glassfish/domains/production is not running.
No domains are currently running.
Command stop-domain failed.
However, you can see that it is;
root@p1:/opt/payara5/bin# ps aux |grep payara
root 17333 45.4 5.2 3109936 410412 pts/0 Sl 16:54 0:19 /usr/lib/jvm/java-8-openjdk-amd64/bin/java -cp /opt/payara5/glassfish/modules/glassfish.jar -XX:+UnlockDiagnosticVMOptions -XX:NewRatio=2 -Xmx512m -Xbootclasspath/p:/opt/payara5/glassfish/lib/grizzly-npn-bootstrap-1.8.1.jar -server -javaagent:/opt/payara5/glassfish/lib/monitor/flashlight-agent.jar -Djavax.xml.accessExternalSchema=all -Djavax.net.ssl.trustStore=/opt/payara5/glassfish/domains/production/config/cacerts.jks -Djdk.tls.rejectClientInitiatedRenegotiation=true -Djdk.corba.allowOutputStreamSubclass=true -Dfelix.fileinstall.dir=/opt/payara5/glassfish/modules/autostart/ -Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.shell.remote,org.apache.felix.fileinstall -Dcom.sun.aas.installRoot=/opt/payara5/glassfish -Dfelix.fileinstall.poll=5000 -Djava.security.policy=/opt/payara5/glassfish/domains/production/config/server.policy -Djava.endorsed.dirs=/opt/payara5/glassfish/modules/endorsed:/opt/payara5/glassfish/lib/endorsed -Dosgi.shell.telnet.maxconn=1 -Dfelix.fileinstall.bundles.startTransient=true -Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory -Dfelix.fileinstall.log.level=2 -Djavax.net.ssl.keyStore=/opt/payara5/glassfish/domains/production/config/keystore.jks -Djava.security.auth.login.config=/opt/payara5/glassfish/domains/production/config/login.conf -Dfelix.fileinstall.disableConfigSave=false -Dorg.glassfish.grizzly.DEFAULT_MEMORY_MANAGER=org.glassfish.grizzly.memory.HeapMemoryManager -Dfelix.fileinstall.bundles.new.start=true -Dcom.sun.aas.instanceRoot=/opt/payara5/glassfish/domains/production -Dosgi.shell.telnet.port=6666 -Dgosh.args=--nointeractive -Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as -Dorg.jboss.weld.serialization.beanIdentifierIndexOptimization=false -Dosgi.shell.telnet.ip=127.0.0.1 -DANTLR_USE_DIRECT_CLASS_LOADING=true -Djava.awt.headless=true -Dcom.ctc.wstx.returnNullForDefaultNamespace=true -Djava.ext.dirs=/usr/lib/jvm/java-8-openjdk-amd64/lib/ext:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/ext:/opt/payara5/glassfish/domains/production/lib/ext -Djdbc.drivers=org.h2.Driver -Dorg.glassfish.grizzly.nio.DefaultSelectorHandler.force-selector-spin-detection=true -Djava.library.path=/opt/payara5/glassfish/lib:/usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib com.sun.enterprise.glassfish.bootstrap.ASMain -upgrade false -domaindir /opt/payara5/glassfish/domains/production -read-stdin true -asadmin-args --host,,,localhost,,,--port,,,4848,,,--secure=false,,,--terse=false,,,--extraterse=false,,,--echo=false,,,--interactive=true,,,--autoname=false,,,start-domain,,,--verbose=false,,,--watchdog=false,,,--debug=false,,,--domaindir,,,/opt/payara5/glassfish/domains,,,production -domainname production -instancename server -type DAS -verbose false -asadmin-classpath /opt/payara5/glassfish/lib/client/appserver-cli.jar -debug false -asadmin-classname com.sun.enterprise.admin.cli.AdminMain -watchdog false
If I kill that PID, it will start and work fine again, but trying to see what the issue is. I did see this in the logs on startup "javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)" Looking at the keytool and the cacerts file, there are a lot of certificates, 2 recently expired, but I don't think I have ever generated, and believe that they just came with the original download.
So, is there a new file I can just download, can I disable SSL completely (and use secure-admin), as this is behind a load balancer that does the SSL and talks direct via HTTP?
If I need to do anything else, feel free to suggest.
Thanks much!
Reply all
Reply to author
Forward
0 new messages