Unable to start Omada Controller 5.3.1 with openjdk-17-jre

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Unable to start Omada Controller 5.3.1 with openjdk-17-jre

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Unable to start Omada Controller 5.3.1 with openjdk-17-jre
Unable to start Omada Controller 5.3.1 with openjdk-17-jre
2022-06-13 23:19:44 - last edited 2022-06-17 07:54:39

I am the maintainer of the mbentley/omada-controller Docker image and when using the Omada Controller 5.3.1, I notice that when I try to utilize a newer version of OpenJDK JRE, specifically 17, that the controller fails to start.  Based on the readme included wit the Linux tarball, it says `1. Install Java 8 or above`.  It's not specific on what it needs exactly so I figured that 17 would be fine.  When the controller starts, I am getting an error:

 

Exception in thread "main" java.lang.IllegalAccessError: class com.tplink.smb.omada.system.api.a.a (in unnamed module @0x62bd2070) cannot access class sun.security.x509.X509CertImpl (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x62bd2070
        at com.tplink.smb.omada.system.api.a.a.a(SourceFile:260)
        at com.tplink.smb.omada.starter.OmadaBootstrap.a(SourceFile:545)
        at com.tplink.smb.omada.starter.OmadaBootstrap.e(SourceFile:259)
        at com.tplink.smb.omada.starter.OmadaLinuxMain.a(SourceFile:84)
        at com.tplink.smb.omada.starter.OmadaLinuxMain.main(SourceFile:36)

 

I found a workaround but I am not sure if there are any security implications of adding the JVM arg --add-opens=java.base/sun.security.x509=ALL-UNNAMED

as it describes and it adds a not-insignificant amount of adaptations to the scripts that power the image.  The issue only seems to come up if I am taking my own PEM certs and creating a JKS.  Using the default certs seems to be fine.

 

The reason that I would like to use openjdk-17's JRE is that it includes support for cgroupsv2 support for containers which was added in v15 but Ubuntu 20.04 jumps from openjdk-11 to openjdk-16.

  0      
  0      
#1
Options
1 Accepted Solution
Re:Unable to start Omada Controller 5.3.1 with openjdk-17-jre-Solution
2022-06-17 07:54:20 - last edited 2022-06-17 07:54:39

Dear @mbentley,

 

mbentley wrote

Doing further testing, this error does not come up with 5.0.30 or 5.1.7; the controller starts fine.

 

Thank you so much for investing the time to post the issue on the community!

 

The issue you reported has been submitted to the R&D team for checking, and it's confirmed to be fixed in the next Controller v5.4. 

 

To get a notification for new controller version release, welcome to subscribe to this post ~

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  1  
  1  
#3
Options
3 Reply
Re:Unable to start Omada Controller 5.3.1 with openjdk-17-jre
2022-06-13 23:39:25 - last edited 2022-06-13 23:39:42

Doing further testing, this error does not come up with 5.0.30 or 5.1.7; the controller starts fine.

  0  
  0  
#2
Options
Re:Unable to start Omada Controller 5.3.1 with openjdk-17-jre-Solution
2022-06-17 07:54:20 - last edited 2022-06-17 07:54:39

Dear @mbentley,

 

mbentley wrote

Doing further testing, this error does not come up with 5.0.30 or 5.1.7; the controller starts fine.

 

Thank you so much for investing the time to post the issue on the community!

 

The issue you reported has been submitted to the R&D team for checking, and it's confirmed to be fixed in the next Controller v5.4. 

 

To get a notification for new controller version release, welcome to subscribe to this post ~

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  1  
  1  
#3
Options
Re:Unable to start Omada Controller 5.3.1 with openjdk-17-jre
2022-06-17 15:37:19

  @Fae - thank you for the quick triage!

  0  
  0  
#4
Options