Bug 1473295
| Summary: | vdsm with python/ssl ssl_implementation cannot connect to engine | ||
|---|---|---|---|
| Product: | [oVirt] vdsm | Reporter: | Jiri Belka <jbelka> |
| Component: | General | Assignee: | Piotr Kliczewski <pkliczew> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jiri Belka <jbelka> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.19.23 | CC: | bugs, lveyde, mperina, oourfali, pkliczew, pstehlik |
| Target Milestone: | ovirt-4.1.5 | Keywords: | Regression |
| Target Release: | 4.19.27 | Flags: | rule-engine:
ovirt-4.1+
rule-engine: blocker+ |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 4.19.25 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-23 08:03:34 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1412552 | ||
Same on EL 7.4. 3.6 vdsm was working fine, though. Reducing severity as default configuration works. This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP. INFO: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason: [Open patch attached] For more info please contact: infra Moving back to post, as master patch is still not merged while 4.1 patch was merged by mistake ok, vdsm-4.19.26-1.el7ev.x86_64 active and Up in engine (ovirt-engine-4.1.5.2-0.1.el7.noarch) # grep ^ssl_implementation /etc/vdsm/vdsm.conf ssl_implementation = ssl # systemctl is-active vdsmd active |
Description of problem: 'ssl_implementation = ssl' in vdsm.conf causes vdsm not to be able to connect to engine. please note this is not default value (default is m2crypto). ~~~ 2017-07-20 14:16:14,483+0200 ERROR (Reactor thread) [vds.dispatcher] uncaptured python exception, closing channel <yajsonrpc.betterAsyncore.Dispatcher connected ('::ffff:10.34.63.75', 40334, 0, 0) at 0x3777ef0> (<class 'socket.error'>:Address family not supported by protocol [/usr/lib64/python2.7/asyncore.py|readwrite|110] [/usr/lib64/python2.7/asyncore.py|handle_write_event|468] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|handle_write|70] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|_delegate_call|143] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|handle_write|223] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handle_io|233] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_verify_host|247] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|compare_names|259]) (betterAsyncore:154) ... 2017-07-20 14:18:54,284+0200 ERROR (Reactor thread) [vds.dispatcher] uncaptured python exception, closing channel <yajsonrpc.betterAsyncore.Dispatcher ('::1', 42670, 0, 0) at 0x3782b90> (<class 'ssl.SSLError'>:[SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:579) [/usr/lib64/python2.7/asyncore.py|readwrite|108] [/usr/lib64/python2.7/asyncore.py|handle_read_event|449] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|handle_read|67] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|_delegate_call|143] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|handle_read|220] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handle_io|230] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handshake|263] [/usr/lib64/python2.7/ssl.py|do_handshake|833]) (betterAsyncore:154) Version-Release number of selected component (if applicable): redhat-release-server-7.3-7.el7.x86_64 openssl-1.0.1e-60.el7_3.1.x86_64 python-2.7.5-48.el7.x86_64 vdsm-4.19.23-1.el7ev.x86_64 How reproducible: 100% Steps to Reproduce: 1. install el 7.3 and change vdsm.conf to 'ssl' for 'ssl_implementation' 2. 3. Actual results: vdsm cannot connect to engine Expected results: should work Additional info: