Bug 1317372 - [RHEVH7.2] Virt-who can't work at vdsm mode as "SSLError: sslv3 alert handshake failure"
[RHEVH7.2] Virt-who can't work at vdsm mode as "SSLError: sslv3 alert handsha...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virt-who (Show other bugs)
7.2
x86_64 All
urgent Severity urgent
: rc
: ---
Assigned To: Radek Novacek
Eko
: ZStream
Depends On:
Blocks: 1172230 1203710 1254282 1337819
  Show dependency treegraph
 
Reported: 2016-03-14 02:54 EDT by Liushihui
Modified: 2016-11-30 19:36 EST (History)
13 users (show)

See Also:
Fixed In Version: virt-who-0.17-1.el7
Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1337819 (view as bug list)
Environment:
Last Closed: 2016-11-04 01:08:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2328601 None None None 2016-05-18 14:07 EDT

  None (edit)
Description Liushihui 2016-03-14 02:54:02 EDT
Description of problem:
When virt-who run in rhevh7.2, configure virt-who run at vdsm mode, virt-who failed to get host/guest mapping info from VDSM as "SSLError: sslv3 alert handshake failure"

Version-Release number of selected component (if applicable):
Rhev-hypervisor7-7.2-20160302.1
virt-who-0.14-9.el7.noarch
vdsm-4.17.23-0.el7ev.noarch
subscription-manager-1.10.14-10.el7.x86_64
python-rhsm-1.13.2-1.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Install Rhev-hypervisor7-7.2-20160302.1, Register it to satellite6.1
2. Start vdsm service and configure virt-who run at vdsm mode
[root@localhost admin]# cat /etc/sysconfig/virt-who  | grep -v ^# | grep -v ^$
VIRTWHO_DEBUG=1
VIRTWHO_INTERVAL=5
VIRTWHO_VDSM=1
[root@localhost admin]# service virt-who restart
Redirecting to /bin/systemctl restart  virt-who.service
3. Check virt-who's log
2016-03-14 05:46:55,833 ERROR: Virt backend 'env/cmdline' fails with exception:
Traceback (most recent call last):
  File "/usr/share/virt-who/virt/virt.py", line 301, in run
    self._run()
  File "/usr/share/virt-who/virt/virt.py", line 332, in _run
    report = self._get_report()
  File "/usr/share/virt-who/virt/virt.py", line 276, in _get_report
    return DomainListReport(self.config, self.listDomains())
  File "/usr/share/virt-who/virt/vdsm/vdsm.py", line 123, in listDomains
    response = self.server.list(True)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.7/site-packages/M2Crypto/m2xmlrpclib.py", line 49, in request
    h.endheaders()
  File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 797, in send
    self.connect()
  File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 58, in connect
    sock.connect((self.host, self.port))
  File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
    ret = self.connect_ssl()
  File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
    return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert handshake failure
4. Check vdsmd service's status
[root@localhost admin]# service vdsmd status
Redirecting to /bin/systemctl status  vdsmd.service
● vdsmd.service - Virtual Desktop Server Manager
   Loaded: loaded (/usr/lib/systemd/system/vdsmd.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2016-03-11 07:38:31 UTC; 2 days ago
 Main PID: 17315 (vdsm)
   CGroup: /system.slice/vdsmd.service
           ├─17315 /usr/bin/python /usr/share/vdsm/vdsm
           └─17459 /usr/libexec/ioprocess --read-pipe-fd 54 --write-pipe-fd 53 --max-threads 10 --max-queued-requests 10

Mar 14 06:45:49 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:45:54 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:45:59 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:05 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:10 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:15 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:20 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:25 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:30 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number
Mar 14 06:46:35 localhost vdsm[17315]: vdsm ProtocolDetector.SSLHandshakeDispatcher ERROR Error during handshake: wrong version number


Actual results:
Virt-who can't get host/guest mapping info in vdsm mode Meanwhile, when start virt-who service, virt-who failed to communicate with vdsm.

Expected results:
Virt-who can get host/guest mapping info successfully.it also shouldn't show any error when virt-who communicate with vdsm.

Additional info:
Comment 2 Radek Novacek 2016-03-15 04:43:17 EDT
virt-who tries to use SSLv3 which is now disabled. This issue is now addressed upstream: https://github.com/virt-who/virt-who/commit/b5673a4121d30887464723bc65574d494b82756a
Comment 4 Radek Novacek 2016-05-03 02:17:32 EDT
It will be fixed in RHEL-7.3. virt-who will be rebased to latest upstream version that contains fix for this issue.
Comment 5 Eko 2016-05-12 00:23:12 EDT
This bug can be reproduced in rhev-hypervisor7-ng-3.6-20160506.0 build

----------log-------------------
# virt-who --vdsm -d -o
2016-05-11 22:26:31,567 INFO: Using configuration "env/cmdline" ("vdsm" mode)
2016-05-11 22:26:31,654 ERROR: Virt backend 'env/cmdline' fails with exception:
Traceback (most recent call last):
  File "/usr/share/virt-who/virt/virt.py", line 301, in run
    self._run()
  File "/usr/share/virt-who/virt/virt.py", line 332, in _run
    report = self._get_report()
  File "/usr/share/virt-who/virt/virt.py", line 276, in _get_report
    return DomainListReport(self.config, self.listDomains())
  File "/usr/share/virt-who/virt/vdsm/vdsm.py", line 123, in listDomains
    response = self.server.list(True)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.7/xmlrpclib.py", line 1587, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.7/site-packages/M2Crypto/m2xmlrpclib.py", line 49, in request
    h.endheaders()
  File "/usr/lib64/python2.7/httplib.py", line 975, in endheaders
    self._send_output(message_body)
  File "/usr/lib64/python2.7/httplib.py", line 835, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.7/httplib.py", line 797, in send
    self.connect()
  File "/usr/lib64/python2.7/site-packages/M2Crypto/httpslib.py", line 58, in connect
    sock.connect((self.host, self.port))
  File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
    ret = self.connect_ssl()
  File "/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
    return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert handshake failure
Comment 6 Radek Novacek 2016-05-12 02:53:07 EDT
Mithun, if the customer wants the fix earlier than in 7.3, feel free to propose this bug for z-stream fix.
Comment 7 Radek Novacek 2016-05-12 02:55:34 EDT
Since this bug is blocker for RHEV 3.6 and RHEV 4.0, how can we deliver the fix? This bug is not approved for fixing in RHEL-7.2 (yet?). Is there some process to fix it only for RHEV?
Comment 10 Radek Novacek 2016-05-17 09:01:22 EDT
Fixed in virt-who-0.17-1.el7.
Comment 16 Eko 2016-06-13 00:54:27 EDT
Verified with virt-who-0.14-9.el7_2.1,

# rpm -Uvh virt-who-0.14-9.el7_2.1.noarch.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:virt-who-0.14-9.el7_2.1          ################################# [ 50%]
Cleaning up / removing...
   2:virt-who-0.14-9.el7              ################################# [100%]

# virt-who --vdsm -d
2016-06-13 00:51:07,516 INFO: Using configuration "env/cmdline" ("vdsm" mode)
2016-06-13 00:51:07,516 DEBUG: Starting infinite loop with 3600 seconds interval
2016-06-13 00:51:07,609 DEBUG: Authenticating with certificate: /etc/pki/consumer/cert.pem
2016-06-13 00:51:07,828 INFO: Sending domain info: []
2016-06-13 00:51:09,411 INFO: virt-who guest list update successful
^C2016-06-13 00:51:13,683 DEBUG: virt-who shut down started
Comment 18 errata-xmlrpc 2016-11-04 01:08:23 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2387.html

Note You need to log in before you can comment on or make changes to this bug.