[ovirt-devel] Fwd: SSO and the engine

You can also try downgrading the nss packages, see: https://bugzilla.redhat.com/show_bug.cgi?id=1415137#c15 On Fri, Jan 27, 2017 at 3:18 PM, Piotr Kliczewski <piotr.kliczewski(a)gmail.com&gt; wrote: > > I was too fast to send the update. I am able to login now but I see > core dump during host add: > > 2017-01-27 14:14:01,906+01 ERROR > [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-58) > [20086bed-e76d-42ef-9ab1-30c8e965374b] Failed to establish session > with host 'fedora': SSH session closed during connection > &#39;root(a)192.168.1.102&#39; > 2017-01-27 14:14:01,907+01 WARN > [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-58) > [20086bed-e76d-42ef-9ab1-30c8e965374b] Validation of action 'AddVds' > failed for user admin@internal-authz. Reasons: > VAR__ACTION__ADD,VAR__TYPE__HOST,$server > 192.168.1.102,VDS_CANNOT_CONNECT_TO_SERVER > # > # A fatal error has been detected by the Java Runtime Environment: > # > # SIGSEGV (0xb) at pc=0x00007f7c9d773734, pid=20890, > tid=0x00007f7c6c148700 > # > # JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build > 1.8.0_111-b16) > # Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64 > compressed oops) > # Problematic frame: > # C [libc.so.6+0x14a734] __memcpy_avx_unaligned+0x2c4 > # > # Failed to write core dump. Core dumps have been disabled. To enable > core dumping, try "ulimit -c unlimited" before starting Java again > # > # An error report file with more information is saved as: > # /tmp/hs_err_pid20890.log > # > # If you would like to submit a bug report, please visit: > # http://bugreport.java.com/bugreport/crash.jsp > # > ovirt-engine[20848] ERROR run:554 Error: process terminated with status > code -6 > > 2017-01-27 14:14:01,756+01 INFO > [org.apache.sshd.common.util.SecurityUtils] (default task-58) > BouncyCastle not registered, using the default JCE provider > 2017-01-27 14:14:01,870+01 INFO > [org.apache.sshd.client.session.ClientSessionImpl] > (sshd-SshClient[26c9f7da]-nio2-thread-1) Client session created > 2017-01-27 14:14:01,885+01 INFO > [org.apache.sshd.client.session.ClientSessionImpl] > (sshd-SshClient[26c9f7da]-nio2-thread-1) Server version string: > SSH-2.0-OpenSSH_7.2 > 2017-01-27 14:14:01,886+01 INFO > [org.apache.sshd.client.session.ClientSessionImpl] > (sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: server->client > aes128-ctr hmac-sha2-256 none > 2017-01-27 14:14:01,886+01 INFO > [org.apache.sshd.client.session.ClientSessionImpl] > (sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: client->server > aes128-ctr hmac-sha2-256 none > 2017-01-27 14:14:01,896+01 WARN > [org.apache.sshd.client.session.ClientSessionImpl] > (sshd-SshClient[26c9f7da]-nio2-thread-1) Exception caught: > java.security.ProviderException: java.lang.NegativeArraySizeException > at > sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147) > at > java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703) > [rt.jar:1.8.0_111] > at org.apache.sshd.common.kex.ECDH.getE(ECDH.java:59) > at > org.apache.sshd.client.kex.AbstractDHGClient.init(AbstractDHGClient.java:78) > at > org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:359) > at > org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295) > at > org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256) > at > org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731) > at > org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277) > at > org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187) > at > org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) > at java.security.AccessController.doPrivileged(Native Method) > [rt.jar:1.8.0_111] > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111] > at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) [rt.jar:1.8.0_111] > at > sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553) > [rt.jar:1.8.0_111] > at > sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276) > [rt.jar:1.8.0_111] > at > sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297) > [rt.jar:1.8.0_111] > at > java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420) > [rt.jar:1.8.0_111] > at > org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173) > at > org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:53) > at > org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:46) > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32) > at java.security.AccessController.doPrivileged(Native Method) > [rt.jar:1.8.0_111] > at > org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30) > at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111] > at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111] > at > sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) > [rt.jar:1.8.0_111] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > [rt.jar:1.8.0_111] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > [rt.jar:1.8.0_111] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111] > Caused by: java.lang.NegativeArraySizeException > at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) > at > sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128) > ... 32 more > > On Fri, Jan 27, 2017 at 1:56 PM, Piotr Kliczewski > <piotr.kliczewski(a)gmail.com&gt; wrote: > > Thank you Juan, It fixed my issue > > > > I updated java.security and changed: > > > > from > > > > jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 > > > > to > > > > jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH > > > > Thanks, > > Piotr > > > > On Fri, Jan 27, 2017 at 1:42 PM, Juan Hernández <jhernand(a)redhat.com&gt; > > wrote: > >> See this Piotr: > >> > >> > >> > >> http://post-office.corp.redhat.com/archives/rhev-devel/2017-January/msg00... > >> > >> Benny, may be worth publishing it to the upstream devel list. > >> > >> On 01/27/2017 01:35 PM, Piotr Kliczewski wrote: > >>> All, > >>> > >>> I pulled the latest source from master and rebuilt my engine. Every > >>> time I attempt to login I see: > >>> > >>> 2017-01-27 13:22:51,403+01 INFO > >>> [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default > >>> task-54) [] User admin@internal successfully logged in with scopes: > >>> ovirt-app-admin ovirt-app-api ovirt-app-portal > >>> ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all > >>> ovirt-ext=token-info:authz-search > >>> ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate > >>> ovirt-ext=token:password-access > >>> # > >>> # A fatal error has been detected by the Java Runtime Environment: > >>> # > >>> # SIGSEGV (0xb) at pc=0x00007f514eb45734, pid=2519, > >>> tid=0x00007f51119a6700 > >>> # > >>> # JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build > >>> 1.8.0_111-b16) > >>> # Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64 > >>> compressed oops) > >>> # Problematic frame: > >>> # C [libc.so.6+0x14a734] __memcpy_avx_unaligned+0x2c4 > >>> # > >>> # Failed to write core dump. Core dumps have been disabled. To enable > >>> core dumping, try "ulimit -c unlimited" before starting Java again > >>> # > >>> # An error report file with more information is saved as: > >>> # /tmp/hs_err_pid2519.log > >>> # > >>> # If you would like to submit a bug report, please visit: > >>> # http://bugreport.java.com/bugreport/crash.jsp > >>> # > >>> ovirt-engine[2471] ERROR run:554 Error: process terminated with status > >>> code -6 > >>> > >>> I enabled ssl debug to find: > >>> > >>> 2017-01-27 13:22:37,641+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, fatal error: 80: problem unwrapping net record > >>> 2017-01-27 13:22:37,642+01 INFO [stdout] (default I/O-2) > >>> java.lang.RuntimeException: java.lang.NegativeArraySizeException > >>> 2017-01-27 13:22:37,642+01 INFO [stdout] (default I/O-2) %% > >>> Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL] > >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, SEND TLSv1.2 ALERT: fatal, description = internal_error > >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, WRITE: TLSv1.2 Alert, length = 2 > >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, called closeInbound() > >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, fatal: engine already closed. Rethrowing > >>> javax.net.ssl.SSLException: Inbound closed before receiving peer's > >>> close_notify: possible truncation attack? > >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, called closeOutbound() > >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default > >>> I/O-2, closeOutboundInternal() > >>> 2017-01-27 13:22:37,644+01 INFO [stdout] (default task-1) default > >>> task-1, received EOFException: error > >>> 2017-01-27 13:22:37,644+01 INFO [stdout] (default task-1) default > >>> task-1, handling exception: javax.net.ssl.SSLHandshakeException: > >>> Remote host closed connection during handshake > >>> 2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) default > >>> task-1, SEND TLSv1.2 ALERT: fatal, description = handshake_failure > >>> 2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) default > >>> task-1, WRITE: TLSv1.2 Alert, length = 2 > >>> 2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) [Raw > >>> write]: length = 7 > >>> 2017-01-27 13:22:37,647+01 INFO [stdout] (default task-1) 0000: 15 03 > >>> 03 00 02 02 28 ......( > >>> 2017-01-27 13:22:37,647+01 INFO [stdout] (default task-1) default > >>> task-1, called closeSocket() > >>> 2017-01-27 13:22:37,644+01 ERROR [org.xnio.nio] (default I/O-2) > >>> XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1@6d665208 > >>> failed with an exception: java.lang.RuntimeException: > >>> java.lang.NegativeArraySizeException > >>> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) > >>> [jsse.jar:1.8.0_111] > >>> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) > >>> [jsse.jar:1.8.0_111] > >>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > >>> [rt.jar:1.8.0_111] > >>> at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:742) > >>> at > >>> io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:639) > >>> at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63) > >>> at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1035) > >>> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588) > >>> [xnio-nio-3.4.0.Final.jar:3.4.0.Final] > >>> at org.xnio.nio.WorkerThread.run(WorkerThread.java:468) > >>> [xnio-nio-3.4.0.Final.jar:3.4.0.Final] > >>> Caused by: java.security.ProviderException: > >>> java.lang.NegativeArraySizeException > >>> at > >>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147) > >>> at > >>> java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703) > >>> [rt.jar:1.8.0_111] > >>> at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:64) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1432) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1219) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1023) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738) > >>> [jsse.jar:1.8.0_111] > >>> at > >>> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221) > >>> [jsse.jar:1.8.0_111] > >>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) > >>> [jsse.jar:1.8.0_111] > >>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) > >>> [jsse.jar:1.8.0_111] > >>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) > >>> [jsse.jar:1.8.0_111] > >>> at java.security.AccessController.doPrivileged(Native Method) > >>> [rt.jar:1.8.0_111] > >>> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) > >>> [jsse.jar:1.8.0_111] > >>> at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1023) > >>> at > >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > >>> [rt.jar:1.8.0_111] > >>> at > >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > >>> [rt.jar:1.8.0_111] > >>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111] > >>> Caused by: java.lang.NegativeArraySizeException > >>> at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method) > >>> at > >>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128) > >>> ... 16 more > >>> > >>> Are we aware of the issue? Is there any workaround? > >>> > >>> I am using fedora 24 with all recent updates applied. > >>> > >>> Thanks, > >>> Piotr > >>> > >>> > >>> > >>> _______________________________________________ > >>> Devel mailing list > >>> Devel(a)ovirt.org > >>> http://lists.ovirt.org/mailman/listinfo/devel > >>> > >>