Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Java Programming

[#SERVER-32] hiera-eyaml does not work on Puppet Server

advertisement 
[SERVER-32] hiera-eyaml does not work on Puppet Server Created: 2014/10/03
Updated:
2014/10/07 Resolved: 2014/10/06
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Closed
Puppet Server
None
None
Type:
Reporter:
Resolution:
Labels:
Remaining
Estimate:
Time Spent:
Original
Estimate:
Story
Kevin Corcoran
Fixed
None
Not Specified
Attachments:
None
Priority:
Assignee:
Votes:
Normal
Unassigned
0
Not Specified
Not Specified
eyaml-error.txt
Issue Links:
Duplicate
Relates
relates to SERVER-24 Gem command not working if ~puppet !=... Closed
Template:
customfield_10700 true
Description
When puppet-server is configured to use hiera-eyaml and an agent run commences which
triggers the hiera-eyaml backend to read an encrypted string from a .yaml file, the catalog
request fails, and the following error is logged on the server:
2014-10-03 13:51:06,402 DEBUG [puppet-server] hiera():
[eyaml_backend]: Found mysecret in common
2014-10-03 13:51:06,403 DEBUG [puppet-server] hiera():
[eyaml_backend]: Attempting to decrypt
java.security.InvalidKeyException: Illegal key size
at
javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1024)
at javax.crypto.Cipher.init(Cipher.java:1345)
at javax.crypto.Cipher.init(Cipher.java:1282)
at
org.jruby.ext.openssl.impl.PKCS7.dataDecode(PKCS7.java:793)
at
org.jruby.ext.openssl.impl.PKCS7.decrypt(PKCS7.java:506)
at org.jruby.ext.openssl.PKCS7.decrypt(PKCS7.java:638)
See the attached file for the full error log.
This is caused by https://github.com/jruby/jruby/issues/2018
Comments
Comment by Nick Howes [ 2014/10/06 ]
Hello, reporting from Kevin Corcoran's comment on ... I don't seem to have had any problems
using keys generated with eyaml createkeys.
I'm running CentOS 7 and OpenJDK 7:
java version "1.7.0_65"
OpenJDK Runtime Environment (rhel-2.5.1.2.el7_0-x86_64 u65b17)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)
JRuby bundles BouncyCastle for SSL stuff, so the first item here seems relevant:
http://www.bouncycastle.org/wiki/display/JA1/Frequently+Asked+Questions
I wonder if your test machine's JDK/JRE is missing the policy files that allow the higher
strength keys? You could try downloading and installing the JCE Unlimited Strength policy
files from the Oracle website to the machine and see if that makes any difference.
Comment by Kevin Corcoran [ 2014/10/06 ]
Nick Howes - thank you so much! That is, indeed, the cause of this problem. You have saved
me a lot of work, and I'm very grateful!
Comment by Lindsey Smith [ 2014/10/06 ]
Thanks Nick Howes!
Comment by Christopher Price [ 2014/10/07 ]
I think we should document it for OSS, and file a follow-up ticket to see if we can get it
working with an Oracle JDK. Historically we've supported Oracle JDK for our JVM apps for
OSS. (Kevin Corcoran is correct that it is a non-issue for PE, though.) Would be nice to get
someone from CS/PS to validate since they raised the original concerns. Zachary Smith
interested?
Generated at Tue Feb 09 21:05:34 PST 2016 using JIRA 6.4.12#64027sha1:e3691cc1283c0f3cef6d65d3ea82d47743692b57.
Related documents
SampleHWSubmission
SampleHWSubmission
Homework due 12/22
Homework due 12/22
abstract
abstract
Binary Addition and Ceaser Shifts
Binary Addition and Ceaser Shifts
MCA (R+LE) 4th semester (Sessional (Minor I) Examination, April
MCA (R+LE) 4th semester (Sessional (Minor I) Examination, April
John Smith - Office of Experiential Learning
John Smith - Office of Experiential Learning
Name A Beautiful Mind Use your mathematical genius to decode
Name A Beautiful Mind Use your mathematical genius to decode
Name: : : _____ Secret Codes Encryption is used by spies, secret
Name: : : _____ Secret Codes Encryption is used by spies, secret
MonoAlphapetic substitution cryptanalysis example
MonoAlphapetic substitution cryptanalysis example
Download
advertisement