Hide Forgot
Description of problem: When virt-who run in rhevh7.2, configure virt-who run at vdsm mode, virt-who failed to get host/guest mapping info from VDSM as "SSLError: sslv3 alert handshake failure" Version-Release number of selected component (if applicable): Rhev-hypervisor7-7.2-20160302.1 virt-who-0.14-9.el7.noarch vdsm-4.17.23-0.el7ev.noarch subscription-manager-1.10.14-10.el7.x86_64 python-rhsm-1.13.2-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install Rhev-hypervisor7-7.2-20160302.1, Register it to satellite6.1 2. Start vdsm service and configure virt-who run at vdsm mode [root@localhost admin]# cat /etc/sysconfig/virt-who | grep -v ^# | grep -v ^$ VIRTWHO_DEBUG=1 VIRTWHO_INTERVAL=5 VIRTWHO_VDSM=1 [root@localhost admin]# service virt-who restart Redirecting to /bin/systemctl restart virt-who.service 3. Check virt-who's log 2016-03-14 05:46:55,833 ERROR: Virt backend 'env/cmdline' fails with exception: Traceback (most recent call last): File "/usr/share/virt-who/virt/virt.py", line 301, in run self._run() File "/usr/share/virt-who/virt/virt.py", line 332, in _run report = self._get_report() File "/usr/share/virt-who/virt/virt.py", line 276, in _get_report return DomainListReport(self.config, self.listDomains()) File "/usr/share/virt-who/virt/vdsm/vdsm.py", line 123, in listDomains response = self.server.list(True) File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request verbose=self.__verbose File "/usr/lib64/python2.7/site-packages/M2Crypto/m2xmlrpclib.py", line 49, in request h.endheaders() File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 58, in connect sock.connect((self.host, self.port)) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect ret = self.connect_ssl() File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl return m2.ssl_connect(self.ssl, self._timeout) SSLError: sslv3 alert handshake failure 4. Check vdsmd service's status [root@localhost admin]# service vdsmd status Redirecting to /bin/systemctl status vdsmd.service ● vdsmd.service - Virtual Desktop Server Manager Loaded: loaded (/usr/lib/systemd/system/vdsmd.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2016-03-11 07:38:31 UTC; 2 days ago Main PID: 17315 (vdsm) CGroup: /system.slice/vdsmd.service ├─17315 /usr/bin/python /usr/share/vdsm/vdsm └─17459 /usr/libexec/ioprocess --read-pipe-fd 54 --write-pipe-fd 53 --max-threads 10 --max-queued-requests 10 Mar 14 06:45:49 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:45:54 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:45:59 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:05 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:10 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:15 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:20 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:25 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:30 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Mar 14 06:46:35 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number Actual results: Virt-who can't get host/guest mapping info in vdsm mode Meanwhile, when start virt-who service, virt-who failed to communicate with vdsm. Expected results: Virt-who can get host/guest mapping info successfully.it also shouldn't show any error when virt-who communicate with vdsm. Additional info:
virt-who tries to use SSLv3 which is now disabled. This issue is now addressed upstream: https://github.com/virt-who/virt-who/commit/b5673a4121d30887464723bc65574d494b82756a
It will be fixed in RHEL-7.3. virt-who will be rebased to latest upstream version that contains fix for this issue.
This bug can be reproduced in rhev-hypervisor7-ng-3.6-20160506.0 build ----------log------------------- # virt-who --vdsm -d -o 2016-05-11 22:26:31,567 INFO: Using configuration "env/cmdline" ("vdsm" mode) 2016-05-11 22:26:31,654 ERROR: Virt backend 'env/cmdline' fails with exception: Traceback (most recent call last): File "/usr/share/virt-who/virt/virt.py", line 301, in run self._run() File "/usr/share/virt-who/virt/virt.py", line 332, in _run report = self._get_report() File "/usr/share/virt-who/virt/virt.py", line 276, in _get_report return DomainListReport(self.config, self.listDomains()) File "/usr/share/virt-who/virt/vdsm/vdsm.py", line 123, in listDomains response = self.server.list(True) File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request verbose=self.__verbose File "/usr/lib64/python2.7/site-packages/M2Crypto/m2xmlrpclib.py", line 49, in request h.endheaders() File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders self._send_output(message_body) File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output self.send(msg) File "/usr/lib64/python2.7/httplib.py", line 797, in send self.connect() File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 58, in connect sock.connect((self.host, self.port)) File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect ret = self.connect_ssl() File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl return m2.ssl_connect(self.ssl, self._timeout) SSLError: sslv3 alert handshake failure
Mithun, if the customer wants the fix earlier than in 7.3, feel free to propose this bug for z-stream fix.
Since this bug is blocker for RHEV 3.6 and RHEV 4.0, how can we deliver the fix? This bug is not approved for fixing in RHEL-7.2 (yet?). Is there some process to fix it only for RHEV?
Fixed in virt-who-0.17-1.el7.
Verified with virt-who-0.14-9.el7_2.1, # rpm -Uvh virt-who-0.14-9.el7_2.1.noarch.rpm Preparing... ################################# [100%] Updating / installing... 1:virt-who-0.14-9.el7_2.1 ################################# [ 50%] Cleaning up / removing... 2:virt-who-0.14-9.el7 ################################# [100%] # virt-who --vdsm -d 2016-06-13 00:51:07,516 INFO: Using configuration "env/cmdline" ("vdsm" mode) 2016-06-13 00:51:07,516 DEBUG: Starting infinite loop with 3600 seconds interval 2016-06-13 00:51:07,609 DEBUG: Authenticating with certificate: /etc/pki/consumer/cert.pem 2016-06-13 00:51:07,828 INFO: Sending domain info: [] 2016-06-13 00:51:09,411 INFO: virt-who guest list update successful ^C2016-06-13 00:51:13,683 DEBUG: virt-who shut down started
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2387.html