+++ This bug was initially created as a clone of Bug #1333885 +++ Description of problem: when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect. [2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error [2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed [2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error [2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number In the above logs ssl_setup_connection does not log the client identifier. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: --- Additional comment from Red Hat Bugzilla Rules Engine on 2016-05-06 18:18:05 EDT --- This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. If this bug should be proposed for a different release, please manually change the proposed release flag. --- Additional comment from Atin Mukherjee on 2016-07-01 01:34:35 EDT --- Upstream patch http://review.gluster.org/14242 is now merged. --- Additional comment from Red Hat Bugzilla Rules Engine on 2016-07-01 04:07:54 EDT --- This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. If this bug should be proposed for a different release, please manually change the proposed release flag. --- Additional comment from Atin Mukherjee on 2016-09-17 08:04:29 EDT --- Upstream mainline : http://review.gluster.org/14242 Upstream 3.8 : http://review.gluster.org/14845 And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4. --- Additional comment from errata-xmlrpc on 2016-09-20 08:53:59 EDT --- Bug report changed to ON_QA status by Errata System. A QE request has been submitted for advisory RHEA-2016:24863-02 https://errata.devel.redhat.com/advisory/24863 --- Additional comment from errata-xmlrpc on 2016-09-20 11:10:06 EDT --- This bug has been dropped from advisory RHEA-2016:24863 by Atin Mukherjee (amukherj) --- Additional comment from Byreddy on 2016-09-28 02:37:26 EDT --- Client ID is not printing when SSL connection is failed. I am getting the below errors when SSL connection is failed with out Client ID: <GLUSTERD_LOG_START> [2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: ) [2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed [2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket [2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: ) [2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number [2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed </GLUSTERD_LOG_END> One more thing, Client ID is not printing for the successful SSL CONNECTION as well getting below message, [2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: ) Moving back to Assigned state.
Hi, At the time of setup ssl connection there is no xl_private available in rpc_transport so it is not printing client uid.To log client ID peerinfo is a correct option. Regards Mohit Agrawal
REVIEW: http://review.gluster.org/15596 (socket: log the client identifier in ssl connect) posted (#1) for review on master by MOHIT AGRAWAL (moagrawa)
COMMIT: http://review.gluster.org/15596 committed in master by Vijay Bellur (vbellur) ------ commit 2e23c62cc50037c8e61bcd9c04348409e7627181 Author: Mohit Agrawal <moagrawa> Date: Thu Sep 29 13:35:26 2016 +0530 socket: log the client identifier in ssl connect Problem: client identifier is not logged in message in ssl_setup_connection Solutuion: In ssl_setup_connection xl_private is not available in rpc_transport so changed to this peerinfo.identifier. BUG: 1380275 Change-Id: I05006a3d63e46de8c388298c22faa9a3329eb6f3 Signed-off-by: Mohit Agrawal <moagrawa> Reviewed-on: http://review.gluster.org/15596 NetBSD-regression: NetBSD Build System <jenkins.org> Smoke: Gluster Build System <jenkins.org> CentOS-regression: Gluster Build System <jenkins.org> Reviewed-by: Jeff Darcy <jdarcy> Reviewed-by: Atin Mukherjee <amukherj> Reviewed-by: Vijay Bellur <vbellur>
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.10.0, please open a new bug report. glusterfs-3.10.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://lists.gluster.org/pipermail/gluster-users/2017-February/030119.html [2] https://www.gluster.org/pipermail/gluster-users/