Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install * Certificate tasks need better error handling #9

Open
5 tasks done
jborean93 opened this issue Nov 30, 2023 · 0 comments
Open
5 tasks done

Install * Certificate tasks need better error handling #9

jborean93 opened this issue Nov 30, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@jborean93
Copy link

Checklist

  • I have verified this is the correct repository for opening this issue.
  • I have verified no other issues exist related to my problem.
  • I have verified this is not an issue for a specific package.
  • I have verified this issue is not security related.
  • I confirm I am using official, and not unofficial, or modified, Chocolatey products.

What You Are Seeing?

There are two tasks that create a Java keystore which need a bit more TLC around error handling. I had to spend some time trying to figure out why the web service was failing as the task thought it was successful but in reality it failed running some keytool commands.

My recommendation is to wrap each keytool invocation like

$keytool = '...'

$keytoolArgs = @('-list', '-v', '-storetype', 'PKCS12', 'keystore', $CertificatePath)

$stdout = $null
$stderr = . { $dataToPipe | & $keytool @keytoolArgs | Set-Variable stdout } 2>&1 | ForEach-Object ToString
if ($LASTEXITCODE) {
    $Ansible.Result = @{
        stdout = $stdout -join "`n"
        stderr = $stderr -join "`n"
        rc = $LASTEXITCODE
        msg = "Keytool failed to do ..., see stdout/stderr/rc for more detail"
    }
    $Ansible.Failed = $true
    return
}

# Repeat for the remaining keytool invocations

This avoids the stderr lines being reported as error records and you are now explicitly checking that keytool works and emitting the output if it failed. You could also look at just running it through separate win_command calls which might be a bit slower but it add automatic rc validation and captures the output for you explicitly.

What is Expected?

The tasks fail if any of the keytool.exe command failed.

How Did You Get This To Happen?

I used #8 to generate a self signed certificate with the AES encryption algorithm. This is unsupported by keytool that ships with Nexus but the task ignored any errors and continued on.

System Details

N/A

Installed Packages

N/A

Output Log

The task contains a lot of ErrorRecords due to stderr lines being written as an error record. While this doesn't contain the failure it shows how many error records are generated.


TASK [Install Jenkins Certificate] ***************************************************************************************************************************************************
task path: /home/jborean/dev/c4b-ansible/setup-jenkins.yml:112
changed: [ccm_server] =>
    changed: true
    debug: []
    error:
    -   category_info:
            activity: ''
            category: NotSpecified
            category_id: 0
            reason: RemoteException
            target_name: 'Enter keystore password:  '
            target_type: String
        error_details: null
        exception: null
        fully_qualified_error_id: NativeCommandError
        output: |-
            keytool.exe : Enter keystore password:
            At line:12 char:42
            + ... ePassword | & $KeyTool -list -v -storetype PKCS12 -keystore $Certific ...
            +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                + CategoryInfo          : NotSpecified: (Enter keystore password:  :String) [], RemoteException
                + FullyQualifiedErrorId : NativeCommandError
        pipeline_iteration_info:
        - 1
        - 0
        script_stack_trace: 'at <ScriptBlock>, <No file>: line 12'
        target_object: 'Enter keystore password:  '
    -   category_info:
            activity: ''
            category: NotSpecified
            category_id: 0
            reason: RemoteException
            target_name: Importing keystore C:\choco-setup\jenkins.pfx to C:\ProgramData\Jenkins\.jenkins\keystore.jks...
            target_type: String
        error_details: null
        exception: null
        fully_qualified_error_id: NativeCommandError
        output: |-
            keytool.exe : Importing keystore C:\choco-setup\jenkins.pfx to C:\ProgramData\Jenkins\.jenkins\keystore.jks...
            At line:14 char:1
            + & $KeyTool -importkeystore -srckeystore $CertificatePath -srcstoretyp ...
            + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                + CategoryInfo          : NotSpecified: (Importing keyst...keystore.jks...:String) [], RemoteException
                + FullyQualifiedErrorId : NativeCommandError
        pipeline_iteration_info:
        - 0
        - 0
        script_stack_trace: 'at <ScriptBlock>, <No file>: line 14'
        target_object: Importing keystore C:\choco-setup\jenkins.pfx to C:\ProgramData\Jenkins\.jenkins\keystore.jks...
    -   category_info:
            activity: ''
            category: NotSpecified
            category_id: 0
            reason: RemoteException
            target_name: ''
            target_type: String
        error_details: null
        exception: null
        fully_qualified_error_id: NativeCommandErrorMessage
        output: ""
        pipeline_iteration_info:
        - 0
        - 0
        script_stack_trace: 'at <ScriptBlock>, <No file>: line 14'
        target_object: ''
    -   category_info:
            activity: ''
            category: NotSpecified
            category_id: 0
            reason: RemoteException
            target_name: 'Warning:'
            target_type: String
        error_details: null
        exception: null
        fully_qualified_error_id: NativeCommandErrorMessage
        output: |-
            Warning:
        pipeline_iteration_info:
        - 0
        - 0
        script_stack_trace: 'at <ScriptBlock>, <No file>: line 14'
        target_object: 'Warning:'
    -   category_info:
            activity: ''
            category: NotSpecified
            category_id: 0
            reason: RemoteException
            target_name: The JKS keystore uses a proprietary format. It is recommended
                to migrate to PKCS12 which is an industry standard format using "keytool
                -importkeystore -srckeystore C:\ProgramData\Jenkins\.jenkins\keystore.jks
                -destkeystore C:\ProgramData\Jenkins\.jenkins\keystore.jks -deststoretype
                pkcs12".
            target_type: String
        error_details: null
        exception: null
        fully_qualified_error_id: NativeCommandErrorMessage
        output: |-
            The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format
            using "keytool -importkeystore -srckeystore C:\ProgramData\Jenkins\.jenkins\keystore.jks -destkeystore
            C:\ProgramData\Jenkins\.jenkins\keystore.jks -deststoretype pkcs12".
        pipeline_iteration_info:
        - 0
        - 0
        script_stack_trace: 'at <ScriptBlock>, <No file>: line 15'
        target_object: The JKS keystore uses a proprietary format. It is recommended to
            migrate to PKCS12 which is an industry standard format using "keytool -importkeystore
            -srckeystore C:\ProgramData\Jenkins\.jenkins\keystore.jks -destkeystore C:\ProgramData\Jenkins\.jenkins\keystore.jks
            -deststoretype pkcs12".
    host_err: ''
    host_out: ''
    information: []
    output: []
    result: {}
    verbose: []
    warning: []

Additional Context

No response
@jborean93 jborean93 added the bug Something isn't working label Nov 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jborean93