This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1256427 - unable to write 'random state'
unable to write 'random state'
Status: CLOSED EOL
Product: OpenShift Online
Classification: Red Hat
Component: Documentation (Show other bugs)
2.x
x86_64 Windows
low Severity low
: ---
: ---
Assigned To: brice
Vikram Goyal
Vikram Goyal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-24 10:34 EDT by M.M
Modified: 2016-09-21 23:27 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-21 23:27:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description M.M 2015-08-24 10:34:18 EDT
Description of problem:
Error when trying to create a private key and CSR using the command line in openshift.

[abc-xyz.rhcloud.com data]\> openssl genrsa -des3 -out myserverkey.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
.............+++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for myserverkey.key:

How reproducible:
Follow the command line on openshift documentation to generate the private key and CSR. It will result in the above error

Steps to Reproduce:
1. Access openshift SSH / Command line
2. Run openssl genrsa -des3 -out example.com.key 2048

Actual results:
.+++
.............+++
unable to write 'random state'
e is 65537 (0x10001)

Expected results:
......++++++
...................++++++
e is 65537 (0x10001)
Comment 1 Timothy Williams 2015-08-24 16:40:15 EDT
This is expected behavior.

You are not allowed to create additional files at the root of your home directory. The openssl command will attempt to create the file $HOME/.rnd. When it cannot be created, the error you are seeing is reported.

This has never been allowed and is not a recent change. Could you please provide a link to the documentation you reference where this command is instructed to be run inside of a gear?

The key can still be created successfully if you specify a path where you have write persmissions, such as $OPENSHIFT_DATA_DIR/, for the .rnd file and your key file:

> export RANDFILE=$OPENSHIFT_DATA_DIR/.rnd
> openssl genrsa -des3 -out $OPENSHIFT_DATA_DIR/myserverkey.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
.............................................+++
e is 65537 (0x10001)
Enter pass phrase for /var/lib/openshift/55d72c2d5a00089d700003cb/app-root/data//mykey.key:
Comment 2 M.M 2015-08-24 20:50:50 EDT
I have tried creating the private key and the csr in the data directory many times earlier. Followed the steps mentioned in this openshift documentation: https://developers.openshift.com/en/managing-domains-ssl.html. When I was creating the private and csr keys I did a cd into $OPENSHIFT_DATA_DIR and ran the commands there - so it should have tried creating the files in it's current directory which was the data directory. So even when in data directory it tries to create the randfile in the home directory - now is that causing the trouble or something?

The lines that I followed are 

For creating the private key: openssl genrsa -des3 -out example.com.key 2048 (This will fail with the unable to write 'random state' error) ... well, unless you precede this line with export RANDFILE=$OPENSHIFT_DATA_DIR/.rnd I guess)

For generating the csr: openssl req -new -key example.com.key -out example.com.csr

The method that you described works and I have been told about that method earlier - one that starts with randfile
Comment 3 Timothy Williams 2015-08-25 10:39:10 EDT
Thanks for the additional information.

OpenSSL does not attempt to create the 'random state' file in the current working directory. By default, it always creates this file in the user's home directory. 

We'll fix the documentation to instruct developers to properly create the CSR from within their gear.
Comment 4 brice 2016-09-21 23:27:05 EDT
Closing this as it's close to the EOL for v2.

Note You need to log in before you can comment on or make changes to this bug.