Giter VIP home page Giter VIP logo

zeebe-connection-test's Introduction

zeebe-connection-test

CI

This repo provides the utilities to test connections (secure and insecure) to a running (remote) Zeebe instance.

To test secure communication bring your own certificates or generate what you need to communicate with Zeebe securely.

Requirements

  • Docker
  • openssl
  • NodeJS
  • npm

Installation

npm install

Usage

Use this package to perform various tests and test preparations:

Configure certificates

You can bring your own root certificate + server certificate / private key pair and store them in ./cert in the following format:

# ./cert/root.crt   - root certificate
# ./cert/server.crt - server certificate
# ./cert/server.key - server private key

Alternatively use the contained script to generate them for a particular COMMON_NAME.

Generate certificates

Generate a chain of trust, private keys and certificates for a particular COMMON_NAME.

Inputs

Name Description
COMMON_NAME Common name used in the generated server (wildcard) certificate. ZEEBE_HOSTNAME, the servers publicly visible host name must be a sub-domain of this common name matching *.COMMON_NAME (one level deep).

Script

# generate root certificate and server cert + private key into ./cert
#
# the server certificate has the wildcard pattern *.COMMON_NAME configured as an ALT_NAME
COMMON_NAME=example.com npm run generate-certs

Test: Secure connection to Zeebe

In this test we securely connect our client to a Zeebe instance via TLS. We validate the Zeebe server certificate through a shared chain of trust as we establish the connection.

Inputs

Name Description
ZEEBE_HOSTNAME Name under which the Zeebe instance is available in the network. A valid hostname must match the server certificates COMMON_NAME or configured wildcard pattern (i.e. *.COMMON_NAME) one level deep.
ZEEBE_PORT Port under which the Zeebe gateway is available, default is 26500
ZEEBE_ADDRESS Address to connect to, typically ZEEBE_HOSTNAME:ZEEBE_PORT

Script

If successful you should see zeebe-node, zbctl, and @camunda8/sdk print the current cluster topology.

# (once) ensure the configured hostname resolves to 127.0.0.1
ZEEBE_HOSTNAME=sub.example.com sh -c 'echo "127.0.0.1    $ZEEBE_HOSTNAME"' | sudo tee -a /etc/hosts

# start zeebe with security enabled
ZEEBE_HOSTNAME=sub.example.com docker compose up zeebe

# test with security enabled
ZEEBE_ADDRESS=sub.example.com:26500 npm run test:secure

To test with the Camunda Modeler pass the custom SSL root certificate use the --zeebe-ssl-certificate flag:

camunda-modeler --zeebe-ssl-certificate=cert/root.crt

Test: Secure connection to Zeebe via reverse proxy

Note: This is a variation of securely connecting, just so that Zeebe is hidden behind a reverse proxy.

In this test we securely connect our client to a reverse proxy via TLS. That proxy terminates the secured connection and forwards traffic to Zeebe gateway in plain text. We validate the proxy server certificate through a shared chain of trust as we establish the connection.

Inputs

Name Description
ZEEBE_HOSTNAME Name under which the Zeebe instance and reverse proxy are available in the network. A valid hostname must match the server certificates COMMON_NAME or configured wildcard pattern (i.e. *.COMMON_NAME) one level deep.
PROXY_PORT Port under which the reverse proxy is available, default is 443
ZEEBE_PORT Port under which the Zeebe gateway is available, default is 26500
ZEEBE_ADDRESS Address to connect to, typically ZEEBE_HOSTNAME:PROXY_PORT

Script

If successful you should see zeebe-node and zbctl print the current cluster topology.

# (once) ensure the configured hostname resolves to 127.0.0.1
ZEEBE_HOSTNAME=sub.example.com sh -c 'echo "127.0.0.1    $ZEEBE_HOSTNAME"' | sudo tee -a /etc/hosts

# start zeebe with security enabled
ZEEBE_HOSTNAME=sub.example.com docker compose --env-file .env.proxy up zeebe proxy

# test with security enabled
ZEEBE_ADDRESS=sub.example.com:443 npm run test:secure

To test with the Camunda Modeler pass the custom SSL root certificate use the --zeebe-ssl-certificate flag:

camunda-modeler --zeebe-ssl-certificate=cert/root.crt

Test: Insecure connection to Zeebe

In this test we connect to Zeebe in an insecure (plain text) fashion.

Inputs

Name Description
ZEEBE_HOSTNAME Name under which the Zeebe instance is available in the network.
ZEEBE_PORT Port under which the Zeebe gateway is available, default is 26500
ZEEBE_ADDRESS Address to connect to, typically ZEEBE_HOSTNAME:ZEEBE_PORT

Script

# (once) ensure the configured hostname resolves to 127.0.0.1
ZEEBE_HOSTNAME=sub.example.com sh -c 'echo "127.0.0.1    $ZEEBE_HOSTNAME"' | sudo tee -a /etc/hosts

# start with security disabled
ZEEBE_HOSTNAME=sub.example.com docker compose --env-file .env.insecure up zeebe

# test with security disabled
ZEEBE_ADDRESS=sub.example.com:26500 npm run test:insecure

Test in Docker

Inputs

Name Description
ZEEBE_HOSTNAME Name under which the Zeebe instance is available in the network.
ZEEBE_PORT Portunder which the Zeebe gateway is available, default is 26500

Script

If successful you should see zeebe-node, zbctl, and @camunda8/sdk print the current cluster topology.

# test with security enabled
ZEEBE_HOSTNAME=sub.example.com docker compose up

# test with security disabled
ZEEBE_HOSTNAME=sub.example.com docker compose --env-file .env.insecure up

Programmatically validate the output

Assert the correct output, i.e. by verifying correct cluster topology logs:

# the gateway version is produced twice as we test against `zebee-node` and `zbctl`
[ "$(npm run test:secure | grep '"gatewayVersion": "8.1.0"' -c)" = 2 ] || echo "error: missing output <gatewayVersion>"

What else?

There is a couple of things you can validate with the existing setup:

  • Verify pairs of certificates work
  • Verify different zeebe clients work
  • Verify certificates work in combination with a given host name

zeebe-connection-test's People

Contributors

barmac avatar nikku avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar avatar

zeebe-connection-test's Issues

Zeebe broker fails to start

I run the instructions for docker-compose setup:

npm ci
COMMON_NAME=example.com npm run generate-certs
ZEEBE_HOSTNAME=example.com docker-compose up

However, the test never completes. The Zeebe broker fails to start with the following log:

++ hostname -i
+ HOST=172.23.0.2
+ '[' false = true ']'
+ '[' false = true ']'
+ export ZEEBE_BROKER_NETWORK_HOST=0.0.0.0
+ ZEEBE_BROKER_NETWORK_HOST=0.0.0.0
+ export ZEEBE_BROKER_GATEWAY_CLUSTER_HOST=0.0.0.0
+ ZEEBE_BROKER_GATEWAY_CLUSTER_HOST=0.0.0.0
+ exec /usr/local/zeebe/bin/broker
  ______  ______   ______   ____    ______     ____    _____     ____    _  __  ______   _____  
 |___  / |  ____| |  ____| |  _ \  |  ____|   |  _ \  |  __ \   / __ \  | |/ / |  ____| |  __ \ 
    / /  | |__    | |__    | |_) | | |__      | |_) | | |__) | | |  | | | ' /  | |__    | |__) |
   / /   |  __|   |  __|   |  _ <  |  __|     |  _ <  |  _  /  | |  | | |  <   |  __|   |  _  / 
  / /__  | |____  | |____  | |_) | | |____    | |_) | | | \ \  | |__| | | . \  | |____  | | \ \ 
 /_____| |______| |______| |____/  |______|   |____/  |_|  \_\  \____/  |_|\_\ |______| |_|  \_\
                                                                                                
2023-02-16 07:24:30.250 [] [main] INFO 
      io.camunda.zeebe.broker.StandaloneBroker - Starting StandaloneBroker v8.1.0 using Java 17.0.3 on 2dd96c7530cf with PID 7 (/usr/local/zeebe/lib/camunda-zeebe-8.1.0.jar started by root in /usr/local/zeebe)
2023-02-16 07:24:30.256 [] [main] DEBUG
      io.camunda.zeebe.broker.StandaloneBroker - Running with Spring Boot v2.7.4, Spring v5.3.23
2023-02-16 07:24:30.257 [] [main] INFO 
      io.camunda.zeebe.broker.StandaloneBroker - The following 1 profile is active: "broker"
2023-02-16 07:24:31.392 [] [main] INFO 
      org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat initialized with port(s): 9600 (http)
2023-02-16 07:24:31.403 [] [main] INFO 
      org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-0.0.0.0-9600"]
2023-02-16 07:24:31.404 [] [main] INFO 
      org.apache.catalina.core.StandardService - Starting service [Tomcat]
2023-02-16 07:24:31.405 [] [main] INFO 
      org.apache.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.65]
2023-02-16 07:24:31.534 [] [main] INFO 
      org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
2023-02-16 07:24:31.534 [] [main] INFO 
      org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext - Root WebApplicationContext: initialization completed in 1234 ms
2023-02-16 07:24:32.363 [] [main] INFO 
      org.springframework.boot.actuate.endpoint.web.EndpointLinksResolver - Exposing 8 endpoint(s) beneath base path '/actuator'
2023-02-16 07:24:32.387 [] [main] INFO 
      org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-9600"]
2023-02-16 07:24:32.404 [] [main] INFO 
      org.springframework.boot.web.embedded.tomcat.TomcatWebServer - Tomcat started on port(s): 9600 (http) with context path ''
2023-02-16 07:24:32.421 [] [main] INFO 
      io.camunda.zeebe.broker.StandaloneBroker - Started StandaloneBroker in 2.506 seconds (JVM running for 3.364)
2023-02-16 07:24:32.460 [] [main] INFO 
      io.camunda.zeebe.broker.system - Version: 8.1.0
2023-02-16 07:24:32.524 [] [main] INFO 
      io.camunda.zeebe.broker.system - Starting broker 0 with configuration {
  "network" : {
    "host" : "0.0.0.0",
    "portOffset" : 0,
    "maxMessageSize" : "4MB",
    "advertisedHost" : "0.0.0.0",
    "commandApi" : {
      "host" : "0.0.0.0",
      "port" : 26501,
      "advertisedHost" : "0.0.0.0",
      "advertisedPort" : 26501,
      "address" : "0.0.0.0:26501",
      "advertisedAddress" : "0.0.0.0:26501"
    },
    "internalApi" : {
      "host" : "0.0.0.0",
      "port" : 26502,
      "advertisedHost" : "0.0.0.0",
      "advertisedPort" : 26502,
      "address" : "0.0.0.0:26502",
      "advertisedAddress" : "0.0.0.0:26502"
    },
    "security" : {
      "enabled" : false,
      "certificateChainPath" : null,
      "privateKeyPath" : null
    },
    "maxMessageSizeInBytes" : 4194304
  },
  "cluster" : {
    "initialContactPoints" : [ ],
    "partitionIds" : [ 1 ],
    "nodeId" : 0,
    "partitionsCount" : 1,
    "replicationFactor" : 1,
    "clusterSize" : 1,
    "clusterName" : "zeebe-cluster",
    "heartbeatInterval" : "PT0.25S",
    "electionTimeout" : "PT2.5S",
    "membership" : {
      "broadcastUpdates" : false,
      "broadcastDisputes" : true,
      "notifySuspect" : false,
      "gossipInterval" : "PT0.25S",
      "gossipFanout" : 2,
      "probeInterval" : "PT1S",
      "probeTimeout" : "PT0.1S",
      "suspectProbes" : 3,
      "failureTimeout" : "PT10S",
      "syncInterval" : "PT10S"
    },
    "raft" : {
      "enablePriorityElection" : true
    },
    "messageCompression" : "NONE"
  },
  "threads" : {
    "cpuThreadCount" : 2,
    "ioThreadCount" : 2
  },
  "data" : {
    "directory" : "/usr/local/zeebe/data",
    "logSegmentSize" : "512MB",
    "snapshotPeriod" : "PT15M",
    "logIndexDensity" : 100,
    "diskUsageMonitoringEnabled" : true,
    "diskUsageReplicationWatermark" : 0.99,
    "diskUsageCommandWatermark" : 0.97,
    "diskUsageMonitoringInterval" : "PT1S",
    "backup" : {
      "store" : "NONE",
      "s3" : {
        "bucketName" : null,
        "endpoint" : null,
        "region" : null,
        "accessKey" : null,
        "secretKey" : null
      }
    },
    "logSegmentSizeInBytes" : 536870912,
    "freeDiskSpaceCommandWatermark" : 4557684449,
    "freeDiskSpaceReplicationWatermark" : 1519228150
  },
  "exporters" : { },
  "gateway" : {
    "network" : {
      "host" : "0.0.0.0",
      "port" : 26500,
      "minKeepAliveInterval" : "PT30S"
    },
    "cluster" : {
      "initialContactPoints" : [ "0.0.0.0:26502" ],
      "requestTimeout" : "PT15S",
      "clusterName" : "zeebe-cluster",
      "memberId" : "gateway",
      "host" : "0.0.0.0",
      "advertisedHost" : "0.0.0.0",
      "port" : 26502,
      "advertisedPort" : 26502,
      "membership" : {
        "broadcastUpdates" : false,
        "broadcastDisputes" : true,
        "notifySuspect" : false,
        "gossipInterval" : "PT0.25S",
        "gossipFanout" : 2,
        "probeInterval" : "PT1S",
        "probeTimeout" : "PT0.1S",
        "suspectProbes" : 3,
        "failureTimeout" : "PT10S",
        "syncInterval" : "PT10S"
      },
      "security" : {
        "enabled" : false,
        "certificateChainPath" : null,
        "privateKeyPath" : null
      },
      "messageCompression" : "NONE"
    },
    "threads" : {
      "managementThreads" : 1
    },
    "security" : {
      "enabled" : true,
      "certificateChainPath" : "/usr/local/zeebe/server.crt",
      "privateKeyPath" : "/usr/local/zeebe/server.key"
    },
    "longPolling" : {
      "enabled" : true
    },
    "interceptors" : [ ],
    "initialized" : true,
    "enable" : true
  },
  "backpressure" : {
    "enabled" : true,
    "algorithm" : "VEGAS",
    "aimd" : {
      "requestTimeout" : "PT1S",
      "initialLimit" : 100,
      "minLimit" : 1,
      "maxLimit" : 1000,
      "backoffRatio" : 0.9
    },
    "fixed" : {
      "limit" : 20
    },
    "vegas" : {
      "alpha" : 3,
      "beta" : 6,
      "initialLimit" : 20
    },
    "gradient" : {
      "minLimit" : 10,
      "initialLimit" : 20,
      "rttTolerance" : 2.0
    },
    "gradient2" : {
      "minLimit" : 10,
      "initialLimit" : 20,
      "rttTolerance" : 2.0,
      "longWindow" : 600
    }
  },
  "experimental" : {
    "maxAppendsPerFollower" : 2,
    "maxAppendBatchSize" : "32KB",
    "disableExplicitRaftFlush" : false,
    "rocksdb" : {
      "columnFamilyOptions" : { },
      "enableStatistics" : false,
      "memoryLimit" : "512MB",
      "maxOpenFiles" : -1,
      "maxWriteBufferNumber" : 6,
      "minWriteBufferNumberToMerge" : 3,
      "ioRateBytesPerSecond" : 0,
      "disableWal" : false
    },
    "raft" : {
      "requestTimeout" : "PT5S",
      "maxQuorumResponseTimeout" : "PT0S",
      "minStepDownFailureCount" : 3,
      "preferSnapshotReplicationThreshold" : 100,
      "preallocateSegmentFiles" : true
    },
    "partitioning" : {
      "scheme" : "ROUND_ROBIN",
      "fixed" : [ ]
    },
    "queryApi" : {
      "enabled" : false
    },
    "consistencyChecks" : {
      "enablePreconditions" : false,
      "enableForeignKeyChecks" : false,
      "settings" : {
        "enablePreconditions" : false,
        "enableForeignKeyChecks" : false
      }
    },
    "features" : {
      "enableYieldingDueDateChecker" : false,
      "enableActorMetrics" : false,
      "enableBackup" : false
    },
    "maxAppendBatchSizeInBytes" : 32768
  },
  "executionMetricsExporterEnabled" : false
}
2023-02-16 07:24:32.529 [Broker-0-Startup] [Broker-0-zb-actors-1] DEBUG
      io.camunda.zeebe.broker.system - Startup was called with context: io.camunda.zeebe.broker.bootstrap.BrokerStartupContextImpl@73b3b340
2023-02-16 07:24:32.530 [Broker-0-Startup] [Broker-0-zb-actors-1] INFO 
      io.camunda.zeebe.broker.system - Startup Cluster Services (Start)
2023-02-16 07:24:32.675 [] [netty-messaging-event-epoll-server-0] INFO 
      io.atomix.cluster.messaging.impl.NettyMessagingService - TCP server listening for connections on 0.0.0.0:26502
2023-02-16 07:24:32.680 [] [netty-messaging-event-epoll-server-0] INFO 
      io.atomix.cluster.messaging.impl.NettyMessagingService - Started messaging service bound to [0.0.0.0:26502], advertising 0.0.0.0:26502, and using plaintext
2023-02-16 07:24:32.701 [] [netty-unicast-event-nio-client-0] INFO 
      io.atomix.cluster.messaging.impl.NettyUnicastService - UDP server listening for connections on 0.0.0.0:26502
2023-02-16 07:24:32.702 [] [atomix-cluster-0] INFO 
      io.atomix.cluster.discovery.BootstrapDiscoveryProvider - Local node Node{id=0, address=0.0.0.0:26502} joined the bootstrap service
2023-02-16 07:24:32.707 [] [atomix-cluster-0] INFO 
      io.atomix.cluster.protocol.SwimMembershipProtocol - Started
2023-02-16 07:24:32.708 [] [atomix-cluster-0] INFO 
      io.atomix.cluster.impl.DefaultClusterMembershipService - Started cluster membership service for member Member{id=0, address=0.0.0.0:26502, properties={}}
2023-02-16 07:24:32.709 [] [atomix-cluster-0] INFO 
      io.atomix.cluster.messaging.impl.DefaultClusterCommunicationService - Started
2023-02-16 07:24:32.711 [] [atomix-cluster-0] INFO 
      io.atomix.cluster.messaging.impl.DefaultClusterEventService - Started
2023-02-16 07:24:32.712 [Broker-0-Startup] [Broker-0-zb-actors-0] INFO 
      io.camunda.zeebe.broker.system - Startup Disk Space Usage Monitor
2023-02-16 07:24:32.714 [Broker-0-Startup] [Broker-0-zb-actors-0] INFO 
      io.camunda.zeebe.broker.system - Startup Health Monitor
2023-02-16 07:24:32.716 [Broker-0-Startup] [Broker-0-zb-actors-0] INFO 
      io.camunda.zeebe.broker.system - Startup Broker Admin Interface
2023-02-16 07:24:32.718 [Broker-0-Startup] [Broker-0-zb-actors-0] INFO 
      io.camunda.zeebe.broker.system - Startup API Messaging Service
2023-02-16 07:24:32.730 [] [netty-messaging-event-epoll-server-0] INFO 
      io.atomix.cluster.messaging.impl.NettyMessagingService - TCP server listening for connections on 0.0.0.0:26501
2023-02-16 07:24:32.731 [] [netty-messaging-event-epoll-server-0] INFO 
      io.atomix.cluster.messaging.impl.NettyMessagingService - Started messaging service bound to [0.0.0.0:26501], advertising 0.0.0.0:26501, and using plaintext
2023-02-16 07:24:32.732 [Broker-0-Startup] [Broker-0-zb-actors-1] DEBUG
      io.camunda.zeebe.broker.system - Bound API to [0.0.0.0:26501], using advertised address 0.0.0.0:26501 
2023-02-16 07:24:32.733 [Broker-0-Startup] [Broker-0-zb-actors-1] INFO 
      io.camunda.zeebe.broker.system - Startup Broker Transport
2023-02-16 07:24:32.739 [Broker-0-Startup] [Broker-0-zb-actors-1] INFO 
      io.camunda.zeebe.broker.system - Startup Command API
2023-02-16 07:24:32.754 [Broker-0-Startup] [Broker-0-zb-actors-1] INFO 
      io.camunda.zeebe.broker.system - Startup Embedded Gateway
2023-02-16 07:24:32.913 [Broker-0-Startup] [Broker-0-zb-actors-1] WARN 
      io.camunda.zeebe.broker.system - Aborting startup process due to exception during step Embedded Gateway
java.lang.IllegalArgumentException: File does not contain valid private key: /usr/local/zeebe/server.key
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:386) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.execute(ActorJob.java:45) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorTask.execute(ActorTask.java:119) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.executeCurrentTask(ActorThread.java:106) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.doWork(ActorThread.java:87) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.run(ActorThread.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1181) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
... 24 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at java.security.KeyFactory.generatePrivate(Unknown Source) ~[?:?]
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1179) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
... 24 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(Unknown Source) ~[?:?]
at sun.security.pkcs.PKCS8Key.<init>(Unknown Source) ~[?:?]
at sun.security.ec.ECPrivateKeyImpl.<init>(Unknown Source) ~[jdk.crypto.ec:?]
at sun.security.ec.ECKeyFactory.implGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at java.security.KeyFactory.generatePrivate(Unknown Source) ~[?:?]
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1179) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
... 24 more
2023-02-16 07:24:32.926 [] [main] ERROR
      io.camunda.zeebe.broker.system - Failed to start broker 0!
java.util.concurrent.ExecutionException: Startup failed in the following steps: [Embedded Gateway]. See suppressed exceptions for details.
at io.camunda.zeebe.scheduler.future.CompletableActorFuture.get(CompletableActorFuture.java:142) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.CompletableActorFuture.get(CompletableActorFuture.java:109) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.FutureUtil.join(FutureUtil.java:21) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.CompletableActorFuture.join(CompletableActorFuture.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.Broker.internalStart(Broker.java:101) ~[zeebe-broker-8.1.0.jar:8.1.0]
at io.camunda.zeebe.util.LogUtil.doWithMDC(LogUtil.java:23) ~[zeebe-util-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.Broker.start(Broker.java:83) ~[zeebe-broker-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.StandaloneBroker.run(StandaloneBroker.java:92) ~[camunda-zeebe-8.1.0.jar:8.1.0]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:771) ~[spring-boot-2.7.4.jar:2.7.4]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:755) ~[spring-boot-2.7.4.jar:2.7.4]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.7.4.jar:2.7.4]
at io.camunda.zeebe.broker.StandaloneBroker.main(StandaloneBroker.java:82) ~[camunda-zeebe-8.1.0.jar:8.1.0]
Caused by: io.camunda.zeebe.scheduler.startup.StartupProcessException: Startup failed in the following steps: [Embedded Gateway]. See suppressed exceptions for details.
at io.camunda.zeebe.scheduler.startup.StartupProcess.aggregateExceptionsSynchronized(StartupProcess.java:282) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.startup.StartupProcess.completeStartupFutureExceptionallySynchronized(StartupProcess.java:183) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.startup.StartupProcess.lambda$proceedWithStartupSynchronized$3(StartupProcess.java:167) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.FutureContinuationRunnable.run(FutureContinuationRunnable.java:33) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:94) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.execute(ActorJob.java:45) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorTask.execute(ActorTask.java:119) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.executeCurrentTask(ActorThread.java:106) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.doWork(ActorThread.java:87) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.run(ActorThread.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
Suppressed: io.camunda.zeebe.scheduler.startup.StartupProcessStepException: Bootstrap step Embedded Gateway failed
at io.camunda.zeebe.scheduler.startup.StartupProcess.completeStartupFutureExceptionallySynchronized(StartupProcess.java:185) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.startup.StartupProcess.lambda$proceedWithStartupSynchronized$3(StartupProcess.java:167) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.FutureContinuationRunnable.run(FutureContinuationRunnable.java:33) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:94) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.execute(ActorJob.java:45) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorTask.execute(ActorTask.java:119) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.executeCurrentTask(ActorThread.java:106) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.doWork(ActorThread.java:87) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.run(ActorThread.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /usr/local/zeebe/server.key
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:386) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1181) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at java.security.KeyFactory.generatePrivate(Unknown Source) ~[?:?]
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1179) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(Unknown Source) ~[?:?]
at sun.security.pkcs.PKCS8Key.<init>(Unknown Source) ~[?:?]
at sun.security.ec.ECPrivateKeyImpl.<init>(Unknown Source) ~[jdk.crypto.ec:?]
at sun.security.ec.ECKeyFactory.implGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at java.security.KeyFactory.generatePrivate(Unknown Source) ~[?:?]
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1179) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
2023-02-16 07:24:32.934 [] [main] INFO 
      org.springframework.boot.autoconfigure.logging.ConditionEvaluationReportLoggingListener - 

Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
2023-02-16 07:24:32.953 [] [main] ERROR
      org.springframework.boot.SpringApplication - Application run failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:774) ~[spring-boot-2.7.4.jar:2.7.4]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:755) ~[spring-boot-2.7.4.jar:2.7.4]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) ~[spring-boot-2.7.4.jar:2.7.4]
at io.camunda.zeebe.broker.StandaloneBroker.main(StandaloneBroker.java:82) ~[camunda-zeebe-8.1.0.jar:8.1.0]
Caused by: io.camunda.zeebe.util.exception.UncheckedExecutionException: Failed to start broker
at io.camunda.zeebe.broker.Broker.internalStart(Broker.java:110) ~[zeebe-broker-8.1.0.jar:8.1.0]
at io.camunda.zeebe.util.LogUtil.doWithMDC(LogUtil.java:23) ~[zeebe-util-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.Broker.start(Broker.java:83) ~[zeebe-broker-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.StandaloneBroker.run(StandaloneBroker.java:92) ~[camunda-zeebe-8.1.0.jar:8.1.0]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:771) ~[spring-boot-2.7.4.jar:2.7.4]
... 3 more
Caused by: java.util.concurrent.ExecutionException: Startup failed in the following steps: [Embedded Gateway]. See suppressed exceptions for details.
at io.camunda.zeebe.scheduler.future.CompletableActorFuture.get(CompletableActorFuture.java:142) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.CompletableActorFuture.get(CompletableActorFuture.java:109) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.FutureUtil.join(FutureUtil.java:21) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.CompletableActorFuture.join(CompletableActorFuture.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.Broker.internalStart(Broker.java:101) ~[zeebe-broker-8.1.0.jar:8.1.0]
at io.camunda.zeebe.util.LogUtil.doWithMDC(LogUtil.java:23) ~[zeebe-util-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.Broker.start(Broker.java:83) ~[zeebe-broker-8.1.0.jar:8.1.0]
at io.camunda.zeebe.broker.StandaloneBroker.run(StandaloneBroker.java:92) ~[camunda-zeebe-8.1.0.jar:8.1.0]
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:771) ~[spring-boot-2.7.4.jar:2.7.4]
... 3 more
Caused by: io.camunda.zeebe.scheduler.startup.StartupProcessException: Startup failed in the following steps: [Embedded Gateway]. See suppressed exceptions for details.
at io.camunda.zeebe.scheduler.startup.StartupProcess.aggregateExceptionsSynchronized(StartupProcess.java:282) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.startup.StartupProcess.completeStartupFutureExceptionallySynchronized(StartupProcess.java:183) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.startup.StartupProcess.lambda$proceedWithStartupSynchronized$3(StartupProcess.java:167) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.FutureContinuationRunnable.run(FutureContinuationRunnable.java:33) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:94) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.execute(ActorJob.java:45) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorTask.execute(ActorTask.java:119) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.executeCurrentTask(ActorThread.java:106) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.doWork(ActorThread.java:87) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.run(ActorThread.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
Suppressed: io.camunda.zeebe.scheduler.startup.StartupProcessStepException: Bootstrap step Embedded Gateway failed
at io.camunda.zeebe.scheduler.startup.StartupProcess.completeStartupFutureExceptionallySynchronized(StartupProcess.java:185) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.startup.StartupProcess.lambda$proceedWithStartupSynchronized$3(StartupProcess.java:167) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.future.FutureContinuationRunnable.run(FutureContinuationRunnable.java:33) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:94) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.execute(ActorJob.java:45) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorTask.execute(ActorTask.java:119) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.executeCurrentTask(ActorThread.java:106) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.doWork(ActorThread.java:87) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorThread.run(ActorThread.java:198) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
Caused by: java.lang.IllegalArgumentException: File does not contain valid private key: /usr/local/zeebe/server.key
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:386) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
Caused by: java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1181) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at java.security.KeyFactory.generatePrivate(Unknown Source) ~[?:?]
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1179) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more
Caused by: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
at sun.security.pkcs.PKCS8Key.decode(Unknown Source) ~[?:?]
at sun.security.pkcs.PKCS8Key.<init>(Unknown Source) ~[?:?]
at sun.security.ec.ECPrivateKeyImpl.<init>(Unknown Source) ~[jdk.crypto.ec:?]
at sun.security.ec.ECKeyFactory.implGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(Unknown Source) ~[jdk.crypto.ec:?]
at java.security.KeyFactory.generatePrivate(Unknown Source) ~[?:?]
at io.netty.handler.ssl.SslContext.getPrivateKeyFromByteBuffer(SslContext.java:1179) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContext.toPrivateKey(SslContext.java:1133) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:384) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.keyManager(SslContextBuilder.java:326) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.netty.handler.ssl.SslContextBuilder.forServer(SslContextBuilder.java:68) ~[netty-handler-4.1.82.Final.jar:4.1.82.Final]
at io.grpc.netty.GrpcSslContexts.forServer(GrpcSslContexts.java:105) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:697) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.grpc.netty.NettyServerBuilder.useTransportSecurity(NettyServerBuilder.java:68) ~[grpc-netty-1.49.1.jar:1.49.1]
at io.camunda.zeebe.gateway.Gateway.setSecurityConfig(Gateway.java:187) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.applySecurityConfigurationIfEnabled(Gateway.java:131) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.createAndStartServer(Gateway.java:119) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at io.camunda.zeebe.gateway.Gateway.lambda$start$1(Gateway.java:98) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.concurrent.CompletableFuture.uniWhenComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.postComplete(Unknown Source) ~[?:?]
at java.util.concurrent.CompletableFuture.complete(Unknown Source) ~[?:?]
at io.camunda.zeebe.gateway.Gateway.lambda$submitActorToActivateJobs$2(Gateway.java:202) ~[zeebe-gateway-8.1.0.jar:8.1.0]
at java.util.function.Consumer.lambda$andThen$0(Unknown Source) ~[?:?]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:172) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$ActorBuilder$1.accept(Actor.java:156) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.Actor$1.onActorStarted(Actor.java:88) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
at io.camunda.zeebe.scheduler.ActorJob.invoke(ActorJob.java:92) ~[zeebe-scheduler-8.1.0.jar:8.1.0]
... 5 more

Openssl version:

❯ openssl version
OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)

Upgrading `zeebe-node` breaks library completely

Describe the issue

Recent versions of zeebe-node don't handshake anymore (camunda-community-hub/zeebe-client-node-js#290). In fact they simply terminate (no exit code, no error).

Steps to reproduce

Works with [email protected] (frozen deps)

Ensure secure communication works in both zeebe-node and zbctl:

git clone [email protected]:barmac/zeebe-tls-connection-test.git
npm ci
npm generate-certs
docker-compose --env-file .env.insecure up
npm run test:insecure

You'll see the topology printed by both zeebe-node and zbctl.

Fails with upgraded zeebe-node

Now upgrade zeebe-node to latest:

npm install zeebe-node@latest

And execute the same connection test again:

ZEEBE_ADDRESS=test.test.localhost:26500 npm run test:secure

You'll see the topology printed by zbctl. zeebe-node simply terminates. No error, no non-zero exit code.

Broker logs

zeebe_broker                                 | 2023-01-25 17:34:32.759 [] [grpc-default-worker-ELG-5-3] WARN                                                                                                           
zeebe_broker                                 |       io.grpc.netty.NettyServerHandler - Stream Error                                                                                                                   
zeebe_broker                                 | io.netty.handler.codec.http2.Http2Exception$StreamException: Stream closed before write could take place                                    
zeebe_broker                                 |  at io.netty.handler.codec.http2.Http2Exception.streamError(Http2Exception.java:173) ~[netty-codec-http2-4.1.82.Final.jar:4.1.82.Final]

zeebe-node logs

(Before unconditional termination).

...
D 2023-01-25T17:34:32.741Z | channel | (1) dns:test.test.localhost:26500 createRetryingCall [1] method="/gateway_protocol.Gateway/Topology"
D 2023-01-25T17:34:32.741Z | channel | (1) dns:test.test.localhost:26500 createLoadBalancingCall [2] method="/gateway_protocol.Gateway/Topology"
D 2023-01-25T17:34:32.741Z | channel | (1) dns:test.test.localhost:26500 callRefTimer.ref | configSelectionQueue.length=0 pickQueue.length=1
D 2023-01-25T17:34:32.751Z | subchannel | (2) 127.0.0.1:26500 CONNECTING -> READY
D 2023-01-25T17:34:32.751Z | channel | (1) dns:test.test.localhost:26500 callRefTimer.unref | configSelectionQueue.length=0 pickQueue.length=0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.