Bug 1020908 - [notifier] SSL without AUTH not possible
[notifier] SSL without AUTH not possible
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-notification-service (Show other bugs)
Unspecified Unspecified
unspecified Severity low
: ---
: 3.4.0
Assigned To: Yair Zaslavsky
Pavel Stehlik
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-10-18 09:43 EDT by Jiri Belka
Modified: 2017-02-14 08:08 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-11-07 13:28:03 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jiri Belka 2013-10-18 09:43:10 EDT
Description of problem:
I do not want to discuss if it is wise or not, but the fact is, it is not possible.

FYI SSL here means dedicated port, not STARTTLS. Please ignore that I have 587 as port there, OK? (notifier is broken anyway to accept any other port, BZ1020900).

Yes docs says when MAIL_ENABLE_SSL is true, you have to have MAIL_USER and MAIL_PASSWORD defined. But really? Why? What about internal smtp which do not need AUTH?

Description of problem:

#>> scenario 1 (ssl no auth, MAIL_USER undefined, service dead)

# cat /etc/ovirt-engine/notifier/notifier.conf

# /etc/init.d/ovirt-engine-notifier status
ovirt-engine-notifier dead but pid file exists

Service is dead. MAIL_USER must be set when SSL is enabled or when password is set.

2013-10-18 14:53:31,874 ERROR [org.ovirt.engine.core.notifier.Notifier] Failed to run the event notification service. 
java.lang.IllegalArgumentException: MAIL_USER must be set when SSL is enabled or when password is set
        at org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender.setCommonProperties(JavaMailSender.java:86)
        at org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender.<init>(JavaMailSender.java:41)
        at org.ovirt.engine.core.notifier.utils.sender.mail.EventSenderMailImpl.<init>(EventSenderMailImpl.java:37)
        at org.ovirt.engine.core.notifier.methods.NotificationMethodFactoryEmailImpl.<init>(NotificationMethodFactoryEmailImpl.java:17)
        at org.ovirt.engine.core.notifier.methods.NotificationMethodMapBuilder.createMethodsMapper(NotificationMethodMapBuilder.java:69)
        at org.ovirt.engine.core.notifier.NotificationService.initMethodMapper(NotificationService.java:209)
        at org.ovirt.engine.core.notifier.NotificationService.initConfigurationProperties(NotificationService.java:83)
        at org.ovirt.engine.core.notifier.NotificationService.<init>(NotificationService.java:59)
        at org.ovirt.engine.core.notifier.Notifier.main(Notifier.java:108)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.modules.Module.run(Module.java:292)
        at org.jboss.modules.Main.main(Main.java:455)
2013-10-18 14:53:31,924 INFO  [org.ovirt.engine.core.notifier.Notifier] Preparing for shutdown after receiving signal 
2013-10-18 14:53:31,924 INFO  [org.ovirt.engine.core.notifier.Notifier] Event Notification service was shutdown

##> scenario 2 (ssl no auth, MAIL_USER defined, service runs)

# cat /etc/ovirt-engine/notifier/notifier.conf

# /etc/init.d/ovirt-engine-notifier status
ovirt-engine-notifier (pid  22935) is running...

Service runs. So I defined just MAIL_USER, but again sending does not work...

2013-10-18 15:03:07,354 ERROR [org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender] Failed to send message  from ovirt@jb-rh33.rhev.lab.eng.brq.redhat.com to jbelka@redhat.com with subject Issue Solved Notification. (jb-rh33.rhev.lab.eng.brq.redhat.com), [Migration completed (VM: jb-w8-x86, Source: dell-r210ii-03, Destination: dell-r210ii-13, Duration: 44 sec).] due to to error: failed to connect, no password specified?
javax.mail.AuthenticationFailedException: failed to connect, no password specified?
        at javax.mail.Service.connect(Service.java:329)
        at javax.mail.Service.connect(Service.java:176)
        at javax.mail.Service.connect(Service.java:125)
        at org.ovirt.engine.core.notifier.utils.sender.mail.JavaMailSender.send(JavaMailSender.java:160)
        at org.ovirt.engine.core.notifier.utils.sender.mail.EventSenderMailImpl.send(EventSenderMailImpl.java:79)
        at org.ovirt.engine.core.notifier.NotificationService.processEvents(NotificationService.java:263)
        at org.ovirt.engine.core.notifier.NotificationService.run(NotificationService.java:120)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:724)


SSL with AUTH (MAIL_USER and MAIL_PASSWORD defined) works but I don't want to put my password into config, especially if it would _NOT_ be needed for my smtp server.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. have no MAIL_USER defined, restart notifier
2. have MAIL_USER defined but not MAIL_PASSWORD, restart notifier

Actual results:
1. service dead, MAIL_USER *must* be defined
2. service runs, but does not send

Expected results:
do not force me to use SSL with AUTH. Give me gun to shoot my foot, ok?

Additional info:
why is it dead for missing MAIL_USER but running for missing MAIL_PASSWORD? this is odd.
Comment 1 Barak 2013-10-20 08:00:25 EDT
Arthur ?
Comment 2 Arthur Berezin 2013-11-07 10:51:51 EST
95% of users who secure their mail servers do with with SSL+auth,there's no real point in doing one without the other. 

Besides that, our role as virtualization management software is to build mechanisms that protect users from possible vulnerabilities so I don't think we should let users to shoot in their foot.
Comment 3 Barak 2013-11-07 13:28:03 EST
Per comment #2 moving status to CLOSED NOTABUG
Comment 4 Jiri Belka 2013-11-08 02:41:30 EST
And that's reason why there is knob to EncryptHostCommunication=false in engine-config. But... your decision.

Note You need to log in before you can comment on or make changes to this bug.