英文:
Openjdk 1.8.0 failing when FIPs enabled in container
问题
下午好,
我有一个Java应用程序,在启用FIPS的Kubernetes节点上部署时出现故障。在启动时,我收到以下错误:
org.springframework.beans.factory.BeanCreationException: Error occurred reading security configuration; nested exception is java.io.IOException: java.security.KeyStoreException: JCEKS not found
java.security.NoSuchAlgorithmException: JCEKS KeyStore not available
从阅读 https://bugzilla.redhat.com/show_bug.cgi?id=1759335,看起来这个“问题”是在openjdk 1.8.0中引入的,但根据redhat的说法,它不被视为错误。期望使用NSS密钥库数据库而不是文件密钥库。
这是一个Java容器应用程序,它使用自己的cacerts文件运行。我尝试将cacerts重新创建为JCEKS密钥库,但收到JCEKS未找到的错误。
您有关如何使容器化的Java应用程序在运行OpenJDK 1.8.0的FIPS启用节点上运行的想法吗?
我已尝试设置:
JDK_JAVA_OPTIONS='-Dcom.redhat.fips=false'
-Dcom.redhat.fips=false
但没有成功,仍然收到相同的错误。
英文:
Good afternoon,
I have a java application that is failing to deploy on FIPS enabled Kubernetes node. I get the following error on startup:
org.springframework.beans.factory.BeanCreationException: Error occured reading security configuration; nested exception is java.io.IOException: java.security.KeyStoreException: JCEKS not found
java.security.NoSuchAlgorithmException: JCEKS KeyStore not available
From reading https://bugzilla.redhat.com/show_bug.cgi?id=1759335, it appears that this "issue" was introduced in openjdk 1.8.0 but is not considered a bug according to redhat. The expectation is to use the NSS keystore database instead of a file keystore.
This is a java container app that runs with its own cacerts file. I tried to recreate the cacerts as a JCEKS keystore but receive an error of JCEKS not found.
Thoughts on how I can make a containerized java application run on a FIPS enabled node while running OpenJDK 1.8.0?
I have tried to set:
JDK_JAVA_OPTIONS='-Dcom.redhat.fips=false'
-Dcom.redhat.fips=false
without luck and still recieve the same error.
答案1
得分: 0
需要将这些“-Dcom”选项添加到JAVA_TOOLS_OPTIONS中才能使其正常工作。
英文:
Needed to post those -Dcom options into JAVA_TOOLS_OPTIONS to get this to work.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论