Cannot start Gerrit 3.6.1 container on machine running FIPS

38 views

Skip to first unread message

Chad Hollman

unread,

Sep 27, 2022, 12:01:41 PM9/27/22

to Repo and Gerrit Discussion

After pulling down gerritcodereview/gerrit:3.6.1 and trying to create a container from it, I get the following:

Initializing Gerrit site ...

Generating SSH host key ... rsa... ed25519...ED25519 keys are not allowed in FIPS mode

ecdsa 256... ecdsa 384... ecdsa 521... done

Initialized /var/gerrit

Exception in thread "main" com.google.inject.CreationException: Unable to create injector, see the following errors:

1) [Guice/ErrorInjectingConstructor]: XsrfException: Invalid private key

at AuthConfig.<init>(AuthConfig.java:72)

at AuthConfig.class(AuthConfig.java:72)

at ExternalIdKeyFactory$ConfigImpl.<init>(ExternalIdKeyFactory.java:42)

\_ for 1st parameter authConfig

at ExternalIdKeyFactory$ConfigImpl.class(ExternalIdKeyFactory.java:42)

while locating ExternalIdKeyFactory$ConfigImpl

at ExternalIdKeyFactory.<init>(ExternalIdKeyFactory.java:55)

\_ for 1st parameter config

at ExternalIdKeyFactory.class(ExternalIdKeyFactory.java:55)

at ExternalIdFactory.<init>(ExternalIdFactory.java:39)

\_ for 1st parameter externalIdKeyFactory

at ExternalIdFactory.class(ExternalIdFactory.java:39)

at ExternalIdReader.<init>(ExternalIdReader.java:82)

\_ for 4th parameter externalIdFactory

at ExternalIdReader.class(ExternalIdReader.java:57)

at ExternalIds.<init>(ExternalIds.java:47)

\_ for 1st parameter externalIdReader

at ExternalIds.class(ExternalIds.java:47)

at AccountCacheImpl.<init>(AccountCacheImpl.java:89)

\_ for 1st parameter externalIds

at AccountCacheImpl$1.configure(AccountCacheImpl.java:68)

\_ installed by: BatchProgramModule -> AccountCacheImpl$1

while locating AccountCacheImpl

at AccountIndexerImpl.<init>(AccountIndexerImpl.java:63)

\_ for 1st parameter byIdCache

while locating AccountIndexerImpl annotated with @UniqueAnnotations$Internal(value=1)

at IndexModule.getAccountIndexer(IndexModule.java:186)

\_ installed by: LuceneIndexModule -> IndexModule

while locating AccountIndexer

Learn more:

https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR

Caused by: XsrfException: Invalid private key

at SignedToken.newMac(SignedToken.java:165)

...

I find if I go back to a docker image of gerritcodereview/gerrit:3.1.16 I can get a gerrit container to start successfully. This is not ideal however because I now have gerrit 3.6.1 natively installed and would like to migrate it to a container instance.

Reply all

Reply to author

Forward

0 new messages