-
Type: Improvement
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: 7.10, 8.10, 9.10, 10.1, 10.2
-
Fix Version/s: QualifiedToSchedule
-
Component/s: nuxeoctl start/stop/admin
Currently the JAVA_OPTS parameter only apply to the Nuxeo process that is launched by the launcher. However as the Launcher does some checks on the underlying DB like MongoDB, it is sometimes necessary to configure the java truststore to be able to connect on a MongoDB server configured in SSL with certificates.
As the JAVA_OPTS of the nuxeo process is not adapted for the launcher, we should add a LAUNCHER_JAVA_OPTS to be able to configure that at the launcher level. In nuxeoctl we would have:
"$JAVA" "-Xbootclasspath/a:$JAVA_TOOLS" $MODULE_OPTS $LAUNCHER_DEBUG $LAUNCHER_JAVA_OPTS "-Dlauncher.java.opts=$JAVA_OPTS" "-Dnuxeo.home=$NUXEO_HOME" "-Dnuxeo.conf=$NUXEO_CONF" "-Dnuxeo.log.dir=$LOG_DIR" -jar "$TMPLAUNCHER" "$@"
Current workaround are:
- use the LAUNCHER_DEBUG instead (but it activate more logging in the nuxeoctl script)
- Modify directly the default $JAVA_HOME/jre/lib/security/cacerts file (not possible in Docker environment as we are not root)
- deactivate the mongodb check at startup
- is related to
-
NXP-26072 Enable use of a custom MongoDB Client TrustStore for in-flight encryption
- Resolved