Openjdk 1.8.0 在容器中启用 FIPs 时失败。

huangapple go评论96阅读模式
英文:

Openjdk 1.8.0 failing when FIPs enabled in container

问题

下午好,

我有一个Java应用程序,在启用FIPS的Kubernetes节点上部署时出现故障。在启动时,我收到以下错误:

org.springframework.beans.factory.BeanCreationException: Error occurred reading security configuration; nested exception is java.io.IOException: java.security.KeyStoreException: JCEKS not found
java.security.NoSuchAlgorithmException: JCEKS KeyStore not available

从阅读 https://bugzilla.redhat.com/show_bug.cgi?id=1759335,看起来这个“问题”是在openjdk 1.8.0中引入的,但根据redhat的说法,它不被视为错误。期望使用NSS密钥库数据库而不是文件密钥库。

这是一个Java容器应用程序,它使用自己的cacerts文件运行。我尝试将cacerts重新创建为JCEKS密钥库,但收到JCEKS未找到的错误。

您有关如何使容器化的Java应用程序在运行OpenJDK 1.8.0的FIPS启用节点上运行的想法吗?

我已尝试设置:

JDK_JAVA_OPTIONS='-Dcom.redhat.fips=false'
-Dcom.redhat.fips=false

但没有成功,仍然收到相同的错误。

英文:

Good afternoon,

I have a java application that is failing to deploy on FIPS enabled Kubernetes node. I get the following error on startup:

 org.springframework.beans.factory.BeanCreationException: Error occured reading security configuration; nested exception is java.io.IOException: java.security.KeyStoreException: JCEKS not found
 java.security.NoSuchAlgorithmException: JCEKS KeyStore not available

From reading https://bugzilla.redhat.com/show_bug.cgi?id=1759335, it appears that this "issue" was introduced in openjdk 1.8.0 but is not considered a bug according to redhat. The expectation is to use the NSS keystore database instead of a file keystore.

This is a java container app that runs with its own cacerts file. I tried to recreate the cacerts as a JCEKS keystore but receive an error of JCEKS not found.

Thoughts on how I can make a containerized java application run on a FIPS enabled node while running OpenJDK 1.8.0?

I have tried to set:

 JDK_JAVA_OPTIONS='-Dcom.redhat.fips=false'
 -Dcom.redhat.fips=false

without luck and still recieve the same error.

答案1

得分: 0

需要将这些“-Dcom”选项添加到JAVA_TOOLS_OPTIONS中才能使其正常工作。

英文:

Needed to post those -Dcom options into JAVA_TOOLS_OPTIONS to get this to work.

huangapple
  • 本文由 发表于 2023年7月11日 04:25:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76657105.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定