Hello,
Perhaps an issue on SSL/TLS requirement. Check difference of the file
below (now and after the update)
JAVA_HOME/jre/lib/security/java.security
Particularly the keys:
jdk.certpath.disabledAlgorithms
and
jdk.tls.legacyAlgorithms
Also, check the keystore contains the ssl keys with the keytool command (from
the updated packages). Can you read-it, check the key size, etc.
====
Some reference:
http://www.oracle.com/technetwork/java/javase/6u17-141447.html
6861062 java classes_security Disable MD2 in certificate
chain validation
http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html
Default x.509 Certificates Have Longer Key Length
Starting from 7u40, the use of x.509 certificates with RSA keys less
than 1024 bits in length is restricted. This restriction is applied via
the Java Security property, jdk.certpath.disabledAlgorithms. The default
value of jdk.certpath.disabledAlgorithms is now as follows:
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
In order to avoid the compatibility issue, users who use X.509
certificates with RSA keys less than 1024 bits, are recommended to
update their certificates with stronger keys. As a workaround, at their
own risk, users can adjust the key size to permit smaller key sizes
through the security property jdk.certpath.disabledAlgorithms.
=====
On 31/08/2015 12:11, Nux! wrote:
Rajani,
Yes, you read right.
The rpm changelog shows:
Tue Jul 28 2015 Andrew Hughes <gnu.and...@redhat.com> - 1:1.6.0.36-1.13.8.1
- Update tarball to fix TCK regression (PR2565)
- Resolves: rhbz#1235150
* Wed Jul 22 2015 Andrew Hughes <gnu.and...@redhat.com> - 1:1.6.0.36-1.13.8.0
- Update to IcedTea 1.13.8
- Update no_pr2125.patch to work against new version.
- Resolves: rhbz#1235150
Nothing dramatic, though I do not have permission to read those bugzilla
entries.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
From: "Rajani Karuturi" <raj...@apache.org>
To: dev@cloudstack.apache.org
Sent: Monday, 31 August, 2015 11:59:04
Subject: Re: Hypervisors disconnected - java.io.IOException Fail to init SSL
java.io.IOException: Connection closed with
-1 on reading size
If I am reading it right, java 1.7 has no version change and 1.6 is changed
from 1.6.0.35 to 16.0.36 which caused the failure
Interestingly, I do not see release notes for 1.6.0_36
http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
~Rajani
On Mon, Aug 31, 2015 at 4:09 PM, Nux! <n...@li.nux.ro> wrote:
Rajani,
Sure:
Downgrade java-1.6.0-openjdk-1:1.6.0.35-1.13.7.1.el6_6.x86_64 @base
Downgraded 1:1.6.0.36-1.13.8.1.el6_7.x86_64
@updates
Downgrade java-1.7.0-openjdk-1:1.7.0.85-2.6.1.3.el6_6.x86_64
@updates
Downgraded 1:1.7.0.85-2.6.1.3.el6_7.x86_64
@updates
Downgrade java-1.7.0-openjdk-devel-1:1.7.0.85-2.6.1.3.el6_6.x86_64
@updates
Downgraded 1:1.7.0.85-2.6.1.3.el6_7.x86_64
@updates
The differences seem trivial and there's always the risk it may not have
been the java change at all doing this, but I do not know what else could
have triggered it.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
From: "Rajani Karuturi" <raj...@apache.org>
To: dev@cloudstack.apache.org
Sent: Monday, 31 August, 2015 11:21:45
Subject: Re: Hypervisors disconnected - java.io.IOException Fail to init
SSL java.io.IOException: Connection closed with
-1 on reading size
Hi Lucian,
Can you share the point release numbers of java before and after the
upgrade? (May be that would help us find the issue.)
~Rajani
On Mon, Aug 31, 2015 at 3:42 PM, Nux! <n...@li.nux.ro> wrote:
A downgrade of both java-1.6.0-openjdk and java-1.7.0-openjdk followed
by
a reboot of the management server seems to have fixed it, but it's not a
solution I like very much.
Anyone has any clues as to what causes that error?
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
From: "Nux!" <n...@li.nux.ro>
To: "dev" <dev@cloudstack.apache.org>
Sent: Monday, 31 August, 2015 10:58:16
Subject: Hypervisors disconnected - java.io.IOException Fail to init
SSL
java.io.IOException: Connection closed with -1
on reading size
Hi,
Has anyone seen this before and can translate to English? The logs
don't
say
much, it's obviously SSL related somehow.
The agent says:
java.io.IOException: SSL: Fail to init SSL! java.io.IOException:
Connection
closed with -1 on reading size.
at com.cloud.utils.nio.NioClient.init(NioClient.java:87)
at com.cloud.utils.nio.NioConnection.run(NioConnection.java:111)
at java.lang.Thread.run(Thread.java:745)
2015-08-31 10:27:56,315 INFO [utils.nio.NioClient]
(Agent-Selector:null)
Connecting to 192.168.168.2:8250
2015-08-31 10:28:06,333 ERROR [utils.nio.NioConnection]
(Agent-Selector:null)
Unable to initialize the threads.
java.io.IOException: SSL: Fail to init SSL! java.io.IOException:
Connection
closed with -1 on reading size.
at com.cloud.utils.nio.NioClient.init(NioClient.java:87)
at com.cloud.utils.nio.NioConnection.run(NioConnection.java:111)
at java.lang.Thread.run(Thread.java:745)
openssl s_client -connect 192.168.168.2:8250 just hangs with
"CONNECTED(00000003)"
This happened after a java openjdk (1.6.0 and 1.7.0) and httpd updates
from
CentOs6.
Obviously the hypervisors are in disconnected state and no VM
operation
is
possible etc.
Thoughts?
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
