Bug 1333885

Summary: client ID should logged when SSL connection fails
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Raghavendra Bhat <rabhat>
Component: coreAssignee: Mohit Agrawal <moagrawa>
Status: CLOSED ERRATA QA Contact: Byreddy <bsrirama>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rhgs-3.1CC: amukherj, bugs, mchangir, moagrawa, rcyriac, rhinduja, rhs-bugs
Target Milestone: ---   
Target Release: RHGS 3.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.8.4-3 Doc Type: Bug Fix
Doc Text:
When a client attempted to connect using SSL and the connection failed, the client identifier was not part of the log message. The client identifier is now included in the log message to make it easier to determine which client was attempting to connect.
 Story Points: ---
Clone Of:
: 1333912 1333913 1333914 1380275 1383879 1383882 (view as bug list) Environment:
Last Closed: 2017-03-23 05:30:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1333912, 1333913, 1333914, 1351515, 1351530, 1351878, 1353429, 1380275, 1383879, 1383882    

Description Raghavendra Bhat 2016-05-06 14:40:15 UTC 
Description of problem:

when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect.

[2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed
[2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the above logs ssl_setup_connection does not log the client identifier.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Atin Mukherjee 2016-07-01 05:34:35 UTC 
Upstream patch http://review.gluster.org/14242 is now merged.
Comment 4 Atin Mukherjee 2016-09-17 12:04:29 UTC 
Upstream mainline : http://review.gluster.org/14242
Upstream 3.8 : http://review.gluster.org/14845

And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4.
Comment 7 Byreddy 2016-09-28 06:37:26 UTC 
Client ID is not printing  when SSL connection is failed.

I am getting the below errors when SSL connection is failed with out Client ID:


<GLUSTERD_LOG_START>

[2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed


[2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket
[2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed

</GLUSTERD_LOG_END>

One more thing, Client ID is not printing for the successful SSL CONNECTION as well

getting below message,

[2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: )

Moving back to Assigned state.
Comment 8 Atin Mukherjee 2016-10-03 04:34:50 UTC 
Upstream patch http://review.gluster.org/15596 posted for review.
Comment 9 Atin Mukherjee 2016-10-12 12:11:44 UTC 
Upstream mainline : http://review.gluster.org/15596
Upstream 3.8 : http://review.gluster.org/15624
Downstream patch : https://code.engineering.redhat.com/gerrit/#/c/86906/

All the patches are merged now. We should be able to move this bug for reverification once the next build is in place.
Comment 10 Milind Changire 2016-10-25 04:36:09 UTC 
added BZ to erratum: https://errata.devel.redhat.com/advisory/24866
moving to ON_QA
Comment 11 Byreddy 2016-10-28 07:20:59 UTC 
Verified this bug using the build - 3.8.4-3.

I am seeing the SSL connection error with client ID in the glusterd log when client failed to mount the volume.

[2016-10-28 07:00:04.434145] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: CLIENT_IP:1023)
[2016-10-28 07:00:04.434305] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-10-28 07:00:04.434349] E [socket.c:2436:socket_poller] 0-socket.management: server setup failed


Moving to verified state.
Comment 15 errata-xmlrpc 2017-03-23 05:30:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0486.html