Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IllegalStateException: Unable to register SSL bundle after 3.3.8 or 3.4.2 #43989

Closed
bclozel opened this issue Jan 28, 2025 · 3 comments
Closed

IllegalStateException: Unable to register SSL bundle after 3.3.8 or 3.4.2 #43989

bclozel opened this issue Jan 28, 2025 · 3 comments
Assignees
@bclozel
Labels
status: forward-port An issue tracking the forward-port of a change made in an earlier branch type: regression A regression from a previous release
Milestone
3.4.3

Comments

@bclozel
Copy link
Member

bclozel commented Jan 28, 2025

Forward port of issue #43966 to 3.4.x.
@bclozel bclozel added status: forward-port An issue tracking the forward-port of a change made in an earlier branch type: regression A regression from a previous release labels Jan 28, 2025
@bclozel bclozel added this to the 3.4.3 milestone Jan 28, 2025
@bclozel bclozel self-assigned this Jan 28, 2025
@bclozel
Copy link
Member Author

bclozel commented Jan 28, 2025

Closed with e01a23b

@bclozel bclozel closed this as completed Jan 28, 2025
@bclozel bclozel mentioned this issue Jan 28, 2025
Closed
@Netyyyy Netyyyy mentioned this issue Feb 22, 2025
Closed
@natansnt
Copy link

Hi everyone,

I'm developing a spring boot application with 3.4.3v, hosted in a k8s cluster and certificate generation by CertManager.
The k8s creates a symlink between the Secret and the POD, using timestamped directories, as described by @TazBruce in the issue #43966 .

This commit e01a23b fixed the hot reload to symlinks, but the file watcher detects the changes just one time.

When the certificate is removed/recreated/renewed for the first time, the change is detected (OK!). But all the subsequent changes in this file are ignored.

I think the problem occours because the WatchKey behavior.

The JavaDoc in java.nio.file.WatchKey class says:

 A watch key is created when a watchable object is registered with a watch
service. The key remains valid until:

1. It is cancelled, explicitly, by invoking its {@link #cancel cancel} method, or
2. Cancelled implicitly, because the object is no longer accessible, or
3.  By {@link WatchService#close closing} the watch service.

The WatchKey must be valid for acumulate the directory related events.

The WatcherThread.register(Registration) method creates a WatchKey for the directory passed as argument (Line 153). So, the object WatchKey have the address for the original directory. In execution time, the thread collects all the directory related events provided by WatchKey and execute the updateBundleHandler callback registered, if any events are found. As mentioned in article presented in #43966 , when the new certificate is generated by CertManager, the original timestamped directory is deleted and a new one is created and set to the symlink.

In this case, does the WatchKey object becomes invalid?

@wilkinsona
Copy link
Member

@natansnt comments on closed issues are likely to fall through the cracks. To stop that from happening, please open a new issue with a minimal example that reproduces the problem. A test based on those that @bclozel added in e01a23b would be ideal.

@wilkinsona wilkinsona mentioned this issue Mar 20, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

Labels
status: forward-port An issue tracking the forward-port of a change made in an earlier branch type: regression A regression from a previous release
Projects
None yet
Milestone
3.4.3
Development

No branches or pull requests
3 participants
@bclozel @wilkinsona @natansnt