You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by al...@apache.org on 2016/07/19 11:22:35 UTC
[1/2] brooklyn-docs git commit: BROOKLYN-218: document nss upgrade to
avoid KeyException
Repository: brooklyn-docs
Updated Branches:
refs/heads/master 9bf6f4622 -> 8567739e2
BROOKLYN-218: document nss upgrade to avoid KeyException
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/3930fc33
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/3930fc33
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/3930fc33
Branch: refs/heads/master
Commit: 3930fc3314190c6c57bb0d1def2ba6d2c73c8698
Parents: 218ec13
Author: Aled Sage <al...@gmail.com>
Authored: Tue Jul 12 19:54:56 2016 +0100
Committer: Aled Sage <al...@gmail.com>
Committed: Tue Jul 19 12:20:33 2016 +0100
----------------------------------------------------------------------
guide/ops/production-installation.md | 1 +
guide/ops/troubleshooting/deployment.md | 52 ++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/3930fc33/guide/ops/production-installation.md
----------------------------------------------------------------------
diff --git a/guide/ops/production-installation.md b/guide/ops/production-installation.md
index 12f25e8..3748712 100644
--- a/guide/ops/production-installation.md
+++ b/guide/ops/production-installation.md
@@ -31,6 +31,7 @@ Then configure the server as follows:
* create a `~/.brooklyn` directory on the host with `$ mkdir ~/.brooklyn`
* check your `iptables` or other firewall service, making sure that incoming connections on port 8443 is not blocked
* check that the [linux kernel entropy]({{ site.path.website }}/documentation/increase-entropy.html) is sufficient
+* ensure external libraries are up-to-date, including `nss` for SSL.
### <a id="download"></a>Download Apache Brooklyn
http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/3930fc33/guide/ops/troubleshooting/deployment.md
----------------------------------------------------------------------
diff --git a/guide/ops/troubleshooting/deployment.md b/guide/ops/troubleshooting/deployment.md
index 38b6c5e..9cfc4af 100644
--- a/guide/ops/troubleshooting/deployment.md
+++ b/guide/ops/troubleshooting/deployment.md
@@ -75,6 +75,58 @@ There are many possible reasons for this ssh failure, which include:
A very useful debug configuration is to set `destroyOnFailure` to false. This will allow ssh failures to
be more easily investigated.
+#### java.security.KeyException when Provisioning VM
+
+The exception `java.security.KeyException` can be thrown when jclouds is attempting the SSL handshake,
+to make cloud API calls. This can happen if the version of nss is older than 3.16 - the nss package
+includes the ssl library.
+
+To fix this on CentOS, run:
+
+{% highlight bash %}
+sudo yum upgrade nss
+{% endhighlight %}
+
+For a discussion of investigating this kind of issue, see this [Backslasher blog](http://blog.backslasher.net/java-ssl-crash.html).
+
+The full stacktrace is shown below:
+
+{% highlight java %}
+Caused by: javax.net.ssl.SSLException: java.security.ProviderException: java.security.KeyException
+ at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
+ at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
+ at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1906)
+ at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1889)
+ at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1410)
+ at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
+ at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
+ at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
+ at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
+ at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1258)
+ at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
+ at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.writePayloadToConnection(JavaUrlHttpCommandExecutorService.java:294)
+ at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(JavaUrlHttpCommandExecutorService.java:170)
+ at org.jclouds.http.internal.JavaUrlHttpCommandExecutorService.convert(JavaUrlHttpCommandExecutorService.java:64)
+ at org.jclouds.http.internal.BaseHttpCommandExecutorService.invoke(BaseHttpCommandExecutorService.java:95)
+ ... 64 more
+Caused by: java.security.ProviderException: java.security.KeyException
+ at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:147)
+ at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:703)
+ at sun.security.ssl.ECDHCrypt.<init>(ECDHCrypt.java:77)
+ at sun.security.ssl.ClientHandshaker.serverKeyExchange(ClientHandshaker.java:721)
+ at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:281)
+ at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
+ at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
+ at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
+ at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
+ at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
+ ... 74 more
+Caused by: java.security.KeyException
+ at sun.security.ec.ECKeyPairGenerator.generateECKeyPair(Native Method)
+ at sun.security.ec.ECKeyPairGenerator.generateKeyPair(ECKeyPairGenerator.java:128)
+ ... 83 more
+{% endhighlight %}
+
## Timeout Waiting For Service-Up
[2/2] brooklyn-docs git commit: This closes #89
Posted by al...@apache.org.
This closes #89
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/8567739e
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/8567739e
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/8567739e
Branch: refs/heads/master
Commit: 8567739e2e87fe4fe1261b8bc63123824732a0f6
Parents: 9bf6f46 3930fc3
Author: Aled Sage <al...@gmail.com>
Authored: Tue Jul 19 12:20:57 2016 +0100
Committer: Aled Sage <al...@gmail.com>
Committed: Tue Jul 19 12:20:57 2016 +0100
----------------------------------------------------------------------
guide/ops/production-installation.md | 1 +
guide/ops/troubleshooting/deployment.md | 52 ++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
----------------------------------------------------------------------