Bug 1383882

Summary: client ID should logged when SSL connection fails
Product: [Community] GlusterFS Reporter: Mohit Agrawal <moagrawa>
Component: coreAssignee: Mohit Agrawal <moagrawa>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.8CC: amukherj, bsrirama, bugs, moagrawa, rabhat, rcyriac, rhinduja, rhs-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: glusterfs-3.8.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1333885 Environment:
Last Closed: 2016-10-20 14:04:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1333885    
Bug Blocks: 1333912, 1333913, 1333914, 1351878, 1353429, 1380275, 1383879    

Description Mohit Agrawal 2016-10-12 03:46:05 UTC 
+++ This bug was initially created as a clone of Bug #1333885 +++

Description of problem:

when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect.

[2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed
[2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the above logs ssl_setup_connection does not log the client identifier.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Red Hat Bugzilla Rules Engine on 2016-05-06 18:18:05 EDT ---

This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. 

If this bug should be proposed for a different release, please manually change the proposed release flag.

--- Additional comment from Atin Mukherjee on 2016-07-01 01:34:35 EDT ---

Upstream patch http://review.gluster.org/14242 is now merged.

--- Additional comment from Red Hat Bugzilla Rules Engine on 2016-07-01 04:07:54 EDT ---

This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. 

If this bug should be proposed for a different release, please manually change the proposed release flag.

--- Additional comment from Atin Mukherjee on 2016-09-17 08:04:29 EDT ---

Upstream mainline : http://review.gluster.org/14242
Upstream 3.8 : http://review.gluster.org/14845

And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4.

--- Additional comment from errata-xmlrpc on 2016-09-20 08:53:59 EDT ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHEA-2016:24863-02
https://errata.devel.redhat.com/advisory/24863

--- Additional comment from errata-xmlrpc on 2016-09-20 11:10:06 EDT ---

This bug has been dropped from advisory RHEA-2016:24863 by Atin Mukherjee (amukherj)

--- Additional comment from Byreddy on 2016-09-28 02:37:26 EDT ---

Client ID is not printing  when SSL connection is failed.

I am getting the below errors when SSL connection is failed with out Client ID:


<GLUSTERD_LOG_START>

[2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed


[2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket
[2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed

</GLUSTERD_LOG_END>

One more thing, Client ID is not printing for the successful SSL CONNECTION as well

getting below message,

[2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: )

Moving back to Assigned state.

--- Additional comment from Atin Mukherjee on 2016-10-03 00:34:50 EDT ---

Upstream patch http://review.gluster.org/15596 posted for review.
Comment 1 Worker Ant 2016-10-12 04:07:52 UTC 
REVIEW: http://review.gluster.org/15624 (socket: log the client identifier in ssl connect) posted (#1) for review on release-3.8 by MOHIT AGRAWAL (moagrawa)
Comment 2 Worker Ant 2016-10-12 10:57:54 UTC 
REVIEW: http://review.gluster.org/15624 (socket: log the client identifier in ssl connect) posted (#2) for review on release-3.8 by MOHIT AGRAWAL (moagrawa)
Comment 3 Worker Ant 2016-10-12 11:09:16 UTC 
COMMIT: http://review.gluster.org/15624 committed in release-3.8 by Niels de Vos (ndevos) 
------
commit a52e5df8e60b67ed1558569184be7ea3d233e235
Author: Mohit Agrawal <moagrawa>
Date:   Thu Sep 29 13:35:26 2016 +0530

    socket: log the client identifier in ssl connect
    
    Problem: client identifier is not logged in message in ssl_setup_connection
    
    Solutuion: In ssl_setup_connection xl_private is not available in rpc_transport
               so changed to this peerinfo.identifier.
    
    > BUG: 1380275
    > Change-Id: I05006a3d63e46de8c388298c22faa9a3329eb6f3
    > Signed-off-by: Mohit Agrawal <moagrawa>
    > Reviewed-on: http://review.gluster.org/15596
    > NetBSD-regression: NetBSD Build System <jenkins.org>
    > Smoke: Gluster Build System <jenkins.org>
    > CentOS-regression: Gluster Build System <jenkins.org>
    > Reviewed-by: Jeff Darcy <jdarcy>
    > Reviewed-by: Atin Mukherjee <amukherj>
    > Reviewed-by: Vijay Bellur <vbellur>
    > (cherry picked from commit 2e23c62cc50037c8e61bcd9c04348409e7627181)
    
    Change-Id: Iad08817ee2c2828a08bc22e78c273390562ae9fb
    BUG: 1383882
    Signed-off-by: Mohit Agrawal <moagrawa>
    Reviewed-on: http://review.gluster.org/15624
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Niels de Vos <ndevos>
    Smoke: Gluster Build System <jenkins.org>
Comment 4 Niels de Vos 2016-10-20 14:04:15 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.8.5, please open a new bug report.

glusterfs-3.8.5 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] https://www.gluster.org/pipermail/announce/2016-October/000061.html
[2] https://www.gluster.org/pipermail/gluster-users/