Description of problem: when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect. [2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error [2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed [2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error [2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number In the above logs ssl_setup_connection does not log the client identifier. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Upstream patch http://review.gluster.org/14242 is now merged.
Upstream mainline : http://review.gluster.org/14242 Upstream 3.8 : http://review.gluster.org/14845 And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4.
Client ID is not printing when SSL connection is failed. I am getting the below errors when SSL connection is failed with out Client ID: <GLUSTERD_LOG_START> [2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: ) [2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed [2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket [2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: ) [2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed </GLUSTERD_LOG_END> One more thing, Client ID is not printing for the successful SSL CONNECTION as well getting below message, [2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: ) Moving back to Assigned state.
Upstream patch http://review.gluster.org/15596 posted for review.
Upstream mainline : http://review.gluster.org/15596 Upstream 3.8 : http://review.gluster.org/15624 Downstream patch : https://code.engineering.redhat.com/gerrit/#/c/86906/ All the patches are merged now. We should be able to move this bug for reverification once the next build is in place.
added BZ to erratum: https://errata.devel.redhat.com/advisory/24866 moving to ON_QA
Verified this bug using the build - 3.8.4-3. I am seeing the SSL connection error with client ID in the glusterd log when client failed to mount the volume. [2016-10-28 07:00:04.434145] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: CLIENT_IP:1023) [2016-10-28 07:00:04.434305] E [socket.c:202:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-10-28 07:00:04.434349] E [socket.c:2436:socket_poller] 0-socket.management: server setup failed Moving to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0486.html