Trusted proxy configuration via conjur.yml config file

Hello everyone!

We are trying to configure trusted proxy with configuration file /etc/conjur/config/conjur.yml as is described in [Configure Trusted Proxies](https://Configure Trusted Proxies)

evoke configuration show returns that configuration is OK. However evoke configuration apply return an error: “error: bignum too big to convert into `long’”

root@ae453470742f:/# vi /etc/conjur/config/conjur.yml
root@ae453470742f:/# evoke configuration show
---
trusted_proxies:
  value:
  - 10.6.138.12
  source: yml
authenticators:
  value:
  - authn
  - authn-k8s/follower-prod
  - authn-k8s/follower-nprod
  - authn-k8s/follower-gen
  source: env

root@ae453470742f:/# evoke configuration apply
error: bignum too big to convert into `long'

root@ae453470742f:/#

Do someone know what this message means and how to solve it?
Thanks!

Lukas

Hi @Luckhass ,

Sorry to hear you’re hitting this issue. I’m not certain what the error means, but it may be that an index into an array is too large for some reason.

I wasn’t able to reproduce this locally, but I’m wondering if you’d be able to reproduce the problem, and then collect the container logs for the evoke configuration apply command? I’m hoping that might give us some clues.

-Dane

Hi @Luckhass ,

What version of Conjur are you using?

There was a fix for this sort of error that went into Conjur v1.12.0.
The PR for this is: Set Puma Process Tag by micahlee · Pull Request #2291 · cyberark/conjur · GitHub
but the problem was initially reported here: Fix "evoke configuration apply" error in RHEL by orenbm · Pull Request #2289 · cyberark/conjur · GitHub

-Dane

Hi @dane

Thank You for these links!
I compared content of the configuration/apply.rb file inside container with the PR that you mentioned (Fix "evoke configuration apply" error in RHEL by orenbm · Pull Request #2289 · cyberark/conjur · GitHub). It looks that Conjur Enterprise version 12.2.0 doesn’t contain this fix.

Here is the part of the content from apply.rb file from the Conjur Enterprise v12.2.0:

 def server_pid
        cmd = "ps -ef | grep puma | grep -v grep | grep -v cluster | " \
              "grep conjur | awk '{print $2}' | tr -d '\n'"
        stdout, _ = @command_runner.capture2(cmd)
        stdout.to_i

Here is missing “grep -v evoke” part. I appended it manually and then it worked.

I’m not sure with versioning opensource conjur and enterprise. However the documentation for version 12.2.0 is describing “configuration apply” feature (Manage Conjur Configuration).
Now I know that it is only from v12.3.0.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.