Bug 1380275 - client ID should logged when SSL connection fails
Summary: client ID should logged when SSL connection fails
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: mainline
Hardware: x86_64
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Mohit Agrawal
QA Contact:
URL:
Whiteboard:
Depends On: 1333885 1383879 1383882
Blocks: 1333912 1333913 1333914 1351878 1353429
TreeView+ depends on / blocked
 
Reported: 2016-09-29 07:41 UTC by Mohit Agrawal
Modified: 2019-11-14 09:02 UTC (History)
8 users (show)

Fixed In Version: glusterfs-3.10.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1333885
Environment:
Last Closed: 2017-03-06 17:28:10 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Mohit Agrawal 2016-09-29 07:41:50 UTC
+++ This bug was initially created as a clone of Bug #1333885 +++

Description of problem:

when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect.

[2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed
[2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the above logs ssl_setup_connection does not log the client identifier.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Red Hat Bugzilla Rules Engine on 2016-05-06 18:18:05 EDT ---

This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. 

If this bug should be proposed for a different release, please manually change the proposed release flag.

--- Additional comment from Atin Mukherjee on 2016-07-01 01:34:35 EDT ---

Upstream patch http://review.gluster.org/14242 is now merged.

--- Additional comment from Red Hat Bugzilla Rules Engine on 2016-07-01 04:07:54 EDT ---

This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. 

If this bug should be proposed for a different release, please manually change the proposed release flag.

--- Additional comment from Atin Mukherjee on 2016-09-17 08:04:29 EDT ---

Upstream mainline : http://review.gluster.org/14242
Upstream 3.8 : http://review.gluster.org/14845

And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4.

--- Additional comment from errata-xmlrpc on 2016-09-20 08:53:59 EDT ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHEA-2016:24863-02
https://errata.devel.redhat.com/advisory/24863

--- Additional comment from errata-xmlrpc on 2016-09-20 11:10:06 EDT ---

This bug has been dropped from advisory RHEA-2016:24863 by Atin Mukherjee (amukherj@redhat.com)

--- Additional comment from Byreddy on 2016-09-28 02:37:26 EDT ---

Client ID is not printing  when SSL connection is failed.

I am getting the below errors when SSL connection is failed with out Client ID:


<GLUSTERD_LOG_START>

[2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed


[2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket
[2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed

</GLUSTERD_LOG_END>

One more thing, Client ID is not printing for the successful SSL CONNECTION as well

getting below message,

[2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: )

Moving back to Assigned state.

Comment 1 Mohit Agrawal 2016-09-29 07:45:45 UTC
Hi,

  At the time of setup ssl connection there is no xl_private available in rpc_transport so it is not printing
  client uid.To log client ID peerinfo is a correct option. 
  

Regards
Mohit Agrawal

Comment 2 Worker Ant 2016-09-29 08:08:09 UTC
REVIEW: http://review.gluster.org/15596 (socket: log the client identifier in ssl connect) posted (#1) for review on master by MOHIT AGRAWAL (moagrawa@redhat.com)

Comment 3 Worker Ant 2016-10-05 17:28:34 UTC
COMMIT: http://review.gluster.org/15596 committed in master by Vijay Bellur (vbellur@redhat.com) 
------
commit 2e23c62cc50037c8e61bcd9c04348409e7627181
Author: Mohit Agrawal <moagrawa@redhat.com>
Date:   Thu Sep 29 13:35:26 2016 +0530

    socket: log the client identifier in ssl connect
    
    Problem: client identifier is not logged in message in ssl_setup_connection
    
    Solutuion: In ssl_setup_connection xl_private is not available in rpc_transport
               so changed to this peerinfo.identifier.
    
    BUG: 1380275
    Change-Id: I05006a3d63e46de8c388298c22faa9a3329eb6f3
    Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
    Reviewed-on: http://review.gluster.org/15596
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
    Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
    Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Comment 4 Shyamsundar 2017-03-06 17:28:10 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.10.0, please open a new bug report.

glusterfs-3.10.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/gluster-users/2017-February/030119.html
[2] https://www.gluster.org/pipermail/gluster-users/


Note You need to log in before you can comment on or make changes to this bug.