Bug 1030906
| Summary: | 500 error is seen when change password for jenkins admin user. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Johnny Liu <jialiu> | ||||
| Component: | Containers | Assignee: | Brenton Leanhardt <bleanhar> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | libra bugs <libra-bugs> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 2.0.0 | CC: | libra-onpremise-devel, lmeyer, mmasters | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1031145 1035113 (view as bug list) | Environment: | |||||
| Last Closed: | 2015-11-23 14:25:46 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1031145 | ||||||
| Bug Blocks: | 1035113 | ||||||
| Attachments: |
|
||||||
|
Description
Johnny Liu
2013-11-15 10:46:38 UTC
I tracked this down to x86_64 vs i686 JVM. That is the _only_ jenkins difference between Online and OSE 2.0 beta right now. Unfortunately, it's pretty complicated to have both versions installed side by side since yum tries to prevent it. Here's what I did: On a devenv: * Find the i686 deps that need to be installed repoquery --requires --installed --resolve java-1.7.0-openjdk On an OSE 2.0 beta machine: * use yumdownloader to download all the packages manually * rpm ivh all the deps * rpm -Uvh --force to install the jvm packages alongside the x86_64 version * "alternatives --config java" to switch between * "/etc/alternatives/jre/bin/java -version" to sanity check since that's what jenkins uses * restart jenkins When I run with the 32 bit JVM changing the password works. With 64 bit I see the stack trace. The most interesting parts of the strace trace are: Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD at sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method) at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:795) ... 75 more I'll attach the full trace. Created attachment 824637 [details]
stack trace
Upstream is fixed... can this perhaps make it into 2.0.3? I'm pretty sure upstream fixed it by hacking /usr/lib/jvm/jre-1.7.0-openjdk/lib/security/java.security in the devenv tooling and puppet (for Online). It still exists in Origin. The best we could do now is a kbase article. That's a good idea for 2.0.3. According to bug 1031145 comment 3, the problem was the line in /usr/lib/jvm/jre-1.7.0-openjdk/lib/security/java.security that enabled sun.security.pkcs11.SunPKCS11, and the fix was to comment out that line. When I check today, I see that that line is commented out in the java.security file that the java-1.7.0-openjdk package ships. Therefore I believe that the problem has been fixed upstream. QE, would you please check whether the error still occurs? Note for engineering: If the problem is fixed upstream, we can remove the related workarounds in Puppet and devenv. Verified this bug with 2.2/2015-09-23.1, and PASS. After password change, everything is working well, no 500 error is seen. This fix is available in OpenShift Enterprise 3.1. |