[ovirt-devel] Fwd: SSO and the engine
Piotr Kliczewski
piotr.kliczewski at gmail.com
Fri Jan 27 13:57:25 UTC 2017
I downgraded jdk and it did not help.
My dnf says when I attempt to install as in the link:
No package nss-3.27.0-1.1.fc25.x86_64 available.
No package nss-softokn-3.27.0-1.0.fc25.x86_64 available.
No package nss-softokn-freebl-3.27.0-1.0.fc25.x86_64 available.
No package nss-sysinit-3.27.0-1.1.fc25.x86_64 available.
No package nss-tools-3.27.0-1.1.fc25.x86_64 available.
No package nss-util-3.27.0-1.0.fc25.x86_64 available.
I am not able to downgrade nss due to conflicts with other packages.:
On Fri, Jan 27, 2017 at 2:23 PM, Benny Zlotnik <bzlotnik at redhat.com> wrote:
> You can also try downgrading the nss packages, see:
> https://bugzilla.redhat.com/show_bug.cgi?id=1415137#c15
>
> On Fri, Jan 27, 2017 at 3:18 PM, Piotr Kliczewski
> <piotr.kliczewski at gmail.com> wrote:
>>
>> I was too fast to send the update. I am able to login now but I see
>> core dump during host add:
>>
>> 2017-01-27 14:14:01,906+01 ERROR
>> [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-58)
>> [20086bed-e76d-42ef-9ab1-30c8e965374b] Failed to establish session
>> with host 'fedora': SSH session closed during connection
>> 'root at 192.168.1.102'
>> 2017-01-27 14:14:01,907+01 WARN
>> [org.ovirt.engine.core.bll.hostdeploy.AddVdsCommand] (default task-58)
>> [20086bed-e76d-42ef-9ab1-30c8e965374b] Validation of action 'AddVds'
>> failed for user admin at internal-authz. Reasons:
>> VAR__ACTION__ADD,VAR__TYPE__HOST,$server
>> 192.168.1.102,VDS_CANNOT_CONNECT_TO_SERVER
>> #
>> # A fatal error has been detected by the Java Runtime Environment:
>> #
>> # SIGSEGV (0xb) at pc=0x00007f7c9d773734, pid=20890,
>> tid=0x00007f7c6c148700
>> #
>> # JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build
>> 1.8.0_111-b16)
>> # Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64
>> compressed oops)
>> # Problematic frame:
>> # C [libc.so.6+0x14a734] __memcpy_avx_unaligned+0x2c4
>> #
>> # Failed to write core dump. Core dumps have been disabled. To enable
>> core dumping, try "ulimit -c unlimited" before starting Java again
>> #
>> # An error report file with more information is saved as:
>> # /tmp/hs_err_pid20890.log
>> #
>> # If you would like to submit a bug report, please visit:
>> # http://bugreport.java.com/bugreport/crash.jsp
>> #
>> ovirt-engine[20848] ERROR run:554 Error: process terminated with status
>> code -6
>>
>> 2017-01-27 14:14:01,756+01 INFO
>> [org.apache.sshd.common.util.SecurityUtils] (default task-58)
>> BouncyCastle not registered, using the default JCE provider
>> 2017-01-27 14:14:01,870+01 INFO
>> [org.apache.sshd.client.session.ClientSessionImpl]
>> (sshd-SshClient[26c9f7da]-nio2-thread-1) Client session created
>> 2017-01-27 14:14:01,885+01 INFO
>> [org.apache.sshd.client.session.ClientSessionImpl]
>> (sshd-SshClient[26c9f7da]-nio2-thread-1) Server version string:
>> SSH-2.0-OpenSSH_7.2
>> 2017-01-27 14:14:01,886+01 INFO
>> [org.apache.sshd.client.session.ClientSessionImpl]
>> (sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: server->client
>> aes128-ctr hmac-sha2-256 none
>> 2017-01-27 14:14:01,886+01 INFO
>> [org.apache.sshd.client.session.ClientSessionImpl]
>> (sshd-SshClient[26c9f7da]-nio2-thread-1) Kex: client->server
>> aes128-ctr hmac-sha2-256 none
>> 2017-01-27 14:14:01,896+01 WARN
>> [org.apache.sshd.client.session.ClientSessionImpl]
>> (sshd-SshClient[26c9f7da]-nio2-thread-1) Exception caught:
>> java.security.ProviderException: java.lang.NegativeArraySizeException
>> at
>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147)
>> at
>> java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
>> [rt.jar:1.8.0_111]
>> at org.apache.sshd.common.kex.ECDH.getE(ECDH.java:59)
>> at
>> org.apache.sshd.client.kex.AbstractDHGClient.init(AbstractDHGClient.java:78)
>> at
>> org.apache.sshd.common.session.AbstractSession.doHandleMessage(AbstractSession.java:359)
>> at
>> org.apache.sshd.common.session.AbstractSession.handleMessage(AbstractSession.java:295)
>> at
>> org.apache.sshd.client.session.ClientSessionImpl.handleMessage(ClientSessionImpl.java:256)
>> at
>> org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:731)
>> at
>> org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:277)
>> at
>> org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:54)
>> at
>> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:187)
>> at
>> org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:173)
>> at
>> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
>> at java.security.AccessController.doPrivileged(Native Method)
>> [rt.jar:1.8.0_111]
>> at
>> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
>> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111]
>> at sun.nio.ch.Invoker.invokeDirect(Invoker.java:157) [rt.jar:1.8.0_111]
>> at
>> sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:553)
>> [rt.jar:1.8.0_111]
>> at
>> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
>> [rt.jar:1.8.0_111]
>> at
>> sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
>> [rt.jar:1.8.0_111]
>> at
>> java.nio.channels.AsynchronousSocketChannel.read(AsynchronousSocketChannel.java:420)
>> [rt.jar:1.8.0_111]
>> at
>> org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:173)
>> at
>> org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:53)
>> at
>> org.apache.sshd.common.io.nio2.Nio2Connector$1.onCompleted(Nio2Connector.java:46)
>> at
>> org.apache.sshd.common.io.nio2.Nio2CompletionHandler$1.run(Nio2CompletionHandler.java:32)
>> at java.security.AccessController.doPrivileged(Native Method)
>> [rt.jar:1.8.0_111]
>> at
>> org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:30)
>> at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:126) [rt.jar:1.8.0_111]
>> at sun.nio.ch.Invoker$2.run(Invoker.java:218) [rt.jar:1.8.0_111]
>> at
>> sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
>> [rt.jar:1.8.0_111]
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> [rt.jar:1.8.0_111]
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> [rt.jar:1.8.0_111]
>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
>> Caused by: java.lang.NegativeArraySizeException
>> at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
>> at
>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
>> ... 32 more
>>
>> On Fri, Jan 27, 2017 at 1:56 PM, Piotr Kliczewski
>> <piotr.kliczewski at gmail.com> wrote:
>> > Thank you Juan, It fixed my issue
>> >
>> > I updated java.security and changed:
>> >
>> > from
>> >
>> > jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
>> >
>> > to
>> >
>> > jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768, EC, ECDHE, ECDH
>> >
>> > Thanks,
>> > Piotr
>> >
>> > On Fri, Jan 27, 2017 at 1:42 PM, Juan Hernández <jhernand at redhat.com>
>> > wrote:
>> >> See this Piotr:
>> >>
>> >>
>> >>
>> >> http://post-office.corp.redhat.com/archives/rhev-devel/2017-January/msg00269.html
>> >>
>> >> Benny, may be worth publishing it to the upstream devel list.
>> >>
>> >> On 01/27/2017 01:35 PM, Piotr Kliczewski wrote:
>> >>> All,
>> >>>
>> >>> I pulled the latest source from master and rebuilt my engine. Every
>> >>> time I attempt to login I see:
>> >>>
>> >>> 2017-01-27 13:22:51,403+01 INFO
>> >>> [org.ovirt.engine.core.sso.utils.AuthenticationUtils] (default
>> >>> task-54) [] User admin at internal successfully logged in with scopes:
>> >>> ovirt-app-admin ovirt-app-api ovirt-app-portal
>> >>> ovirt-ext=auth:sequence-priority=~ ovirt-ext=revoke:revoke-all
>> >>> ovirt-ext=token-info:authz-search
>> >>> ovirt-ext=token-info:public-authz-search ovirt-ext=token-info:validate
>> >>> ovirt-ext=token:password-access
>> >>> #
>> >>> # A fatal error has been detected by the Java Runtime Environment:
>> >>> #
>> >>> # SIGSEGV (0xb) at pc=0x00007f514eb45734, pid=2519,
>> >>> tid=0x00007f51119a6700
>> >>> #
>> >>> # JRE version: OpenJDK Runtime Environment (8.0_111-b16) (build
>> >>> 1.8.0_111-b16)
>> >>> # Java VM: OpenJDK 64-Bit Server VM (25.111-b16 mixed mode linux-amd64
>> >>> compressed oops)
>> >>> # Problematic frame:
>> >>> # C [libc.so.6+0x14a734] __memcpy_avx_unaligned+0x2c4
>> >>> #
>> >>> # Failed to write core dump. Core dumps have been disabled. To enable
>> >>> core dumping, try "ulimit -c unlimited" before starting Java again
>> >>> #
>> >>> # An error report file with more information is saved as:
>> >>> # /tmp/hs_err_pid2519.log
>> >>> #
>> >>> # If you would like to submit a bug report, please visit:
>> >>> # http://bugreport.java.com/bugreport/crash.jsp
>> >>> #
>> >>> ovirt-engine[2471] ERROR run:554 Error: process terminated with status
>> >>> code -6
>> >>>
>> >>> I enabled ssl debug to find:
>> >>>
>> >>> 2017-01-27 13:22:37,641+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, fatal error: 80: problem unwrapping net record
>> >>> 2017-01-27 13:22:37,642+01 INFO [stdout] (default I/O-2)
>> >>> java.lang.RuntimeException: java.lang.NegativeArraySizeException
>> >>> 2017-01-27 13:22:37,642+01 INFO [stdout] (default I/O-2) %%
>> >>> Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
>> >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, SEND TLSv1.2 ALERT: fatal, description = internal_error
>> >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, WRITE: TLSv1.2 Alert, length = 2
>> >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, called closeInbound()
>> >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, fatal: engine already closed. Rethrowing
>> >>> javax.net.ssl.SSLException: Inbound closed before receiving peer's
>> >>> close_notify: possible truncation attack?
>> >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, called closeOutbound()
>> >>> 2017-01-27 13:22:37,643+01 INFO [stdout] (default I/O-2) default
>> >>> I/O-2, closeOutboundInternal()
>> >>> 2017-01-27 13:22:37,644+01 INFO [stdout] (default task-1) default
>> >>> task-1, received EOFException: error
>> >>> 2017-01-27 13:22:37,644+01 INFO [stdout] (default task-1) default
>> >>> task-1, handling exception: javax.net.ssl.SSLHandshakeException:
>> >>> Remote host closed connection during handshake
>> >>> 2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) default
>> >>> task-1, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
>> >>> 2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) default
>> >>> task-1, WRITE: TLSv1.2 Alert, length = 2
>> >>> 2017-01-27 13:22:37,645+01 INFO [stdout] (default task-1) [Raw
>> >>> write]: length = 7
>> >>> 2017-01-27 13:22:37,647+01 INFO [stdout] (default task-1) 0000: 15 03
>> >>> 03 00 02 02 28 ......(
>> >>> 2017-01-27 13:22:37,647+01 INFO [stdout] (default task-1) default
>> >>> task-1, called closeSocket()
>> >>> 2017-01-27 13:22:37,644+01 ERROR [org.xnio.nio] (default I/O-2)
>> >>> XNIO000011: Task io.undertow.protocols.ssl.SslConduit$5$1 at 6d665208
>> >>> failed with an exception: java.lang.RuntimeException:
>> >>> java.lang.NegativeArraySizeException
>> >>> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1429)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
>> >>> [rt.jar:1.8.0_111]
>> >>> at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:742)
>> >>> at
>> >>> io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:639)
>> >>> at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
>> >>> at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1035)
>> >>> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:588)
>> >>> [xnio-nio-3.4.0.Final.jar:3.4.0.Final]
>> >>> at org.xnio.nio.WorkerThread.run(WorkerThread.java:468)
>> >>> [xnio-nio-3.4.0.Final.jar:3.4.0.Final]
>> >>> Caused by: java.security.ProviderException:
>> >>> java.lang.NegativeArraySizeException
>> >>> at
>> >>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147)
>> >>> at
>> >>> java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
>> >>> [rt.jar:1.8.0_111]
>> >>> at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:64)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.ServerHandshaker.setupEphemeralECDHKeys(ServerHandshaker.java:1432)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.ServerHandshaker.trySetCipherSuite(ServerHandshaker.java:1219)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1023)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at
>> >>> sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at java.security.AccessController.doPrivileged(Native Method)
>> >>> [rt.jar:1.8.0_111]
>> >>> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
>> >>> [jsse.jar:1.8.0_111]
>> >>> at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1023)
>> >>> at
>> >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>> >>> [rt.jar:1.8.0_111]
>> >>> at
>> >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>> >>> [rt.jar:1.8.0_111]
>> >>> at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_111]
>> >>> Caused by: java.lang.NegativeArraySizeException
>> >>> at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
>> >>> at
>> >>> sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
>> >>> ... 16 more
>> >>>
>> >>> Are we aware of the issue? Is there any workaround?
>> >>>
>> >>> I am using fedora 24 with all recent updates applied.
>> >>>
>> >>> Thanks,
>> >>> Piotr
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Devel mailing list
>> >>> Devel at ovirt.org
>> >>> http://lists.ovirt.org/mailman/listinfo/devel
>> >>>
>> >>
>
>
More information about the Devel
mailing list