Bug 1383879 - client ID should logged when SSL connection fails
Summary: client ID should logged when SSL connection fails
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: 3.9
Hardware: All
OS: All
medium
medium
Target Milestone: ---
Assignee: Mohit Agrawal
QA Contact:
URL:
Whiteboard:
Depends On: 1333885 1383882
Blocks: 1333912 1333913 1333914 1351878 1353429 1380275
TreeView+ depends on / blocked
 
Reported: 2016-10-12 03:44 UTC by Mohit Agrawal
Modified: 2017-03-08 10:23 UTC (History)
8 users (show)

Fixed In Version: glusterfs-3.9.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1333885
Environment:
Last Closed: 2017-03-08 10:23:55 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Mohit Agrawal 2016-10-12 03:44:21 UTC 
+++ This bug was initially created as a clone of Bug #1333885 +++

Description of problem:

when a client tries to connect using SSl, and the connection fails, the client identifier (either IP address or the hostname) should be logged to help identify which client was attempting the connect.

[2016-04-04 13:06:57.982869] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:06:57.983084] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-04-04 13:06:57.983276] E [socket.c:2388:socket_poller] 0-socket.management: server setup failed
[2016-04-04 13:07:00.987987] E [socket.c:352:ssl_setup_connection] 0-socket.management: SSL connect error
[2016-04-04 13:07:00.988203] E [socket.c:206:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the above logs ssl_setup_connection does not log the client identifier.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

--- Additional comment from Red Hat Bugzilla Rules Engine on 2016-05-06 18:18:05 EDT ---

This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. 

If this bug should be proposed for a different release, please manually change the proposed release flag.

--- Additional comment from Atin Mukherjee on 2016-07-01 01:34:35 EDT ---

Upstream patch http://review.gluster.org/14242 is now merged.

--- Additional comment from Red Hat Bugzilla Rules Engine on 2016-07-01 04:07:54 EDT ---

This bug is automatically being proposed for the current z-stream release of Red Hat Gluster Storage 3 by setting the release flag 'rhgs‑3.1.z' to '?'. 

If this bug should be proposed for a different release, please manually change the proposed release flag.

--- Additional comment from Atin Mukherjee on 2016-09-17 08:04:29 EDT ---

Upstream mainline : http://review.gluster.org/14242
Upstream 3.8 : http://review.gluster.org/14845

And the fix is available in rhgs-3.2.0 as part of rebase to GlusterFS 3.8.4.

--- Additional comment from errata-xmlrpc on 2016-09-20 08:53:59 EDT ---

Bug report changed to ON_QA status by Errata System.
A QE request has been submitted for advisory RHEA-2016:24863-02
https://errata.devel.redhat.com/advisory/24863

--- Additional comment from errata-xmlrpc on 2016-09-20 11:10:06 EDT ---

This bug has been dropped from advisory RHEA-2016:24863 by Atin Mukherjee (amukherj)

--- Additional comment from Byreddy on 2016-09-28 02:37:26 EDT ---

Client ID is not printing  when SSL connection is failed.

I am getting the below errors when SSL connection is failed with out Client ID:


<GLUSTERD_LOG_START>

[2016-09-28 06:29:16.490558] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:29:16.490703] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:29:16.490747] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed


[2016-09-28 06:30:03.726466] E [socket.c:2527:socket_poller] 0-socket.management: poll error on socket
[2016-09-28 06:30:28.076039] E [socket.c:353:ssl_setup_connection] 0-socket.management: SSL connect error (client: )
[2016-09-28 06:30:28.076197] E [socket.c:202:ssl_dump_error_stack] 0-socket.management:   error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[2016-09-28 06:30:28.076250] E [socket.c:2419:socket_poller] 0-socket.management: server setup failed

</GLUSTERD_LOG_END>

One more thing, Client ID is not printing for the successful SSL CONNECTION as well

getting below message,

[2016-09-28 06:09:24.279862] I [socket.c:346:ssl_setup_connection] 0-socket.management: SSL verification succeeded (client: )

Moving back to Assigned state.

--- Additional comment from Atin Mukherjee on 2016-10-03 00:34:50 EDT ---

Upstream patch http://review.gluster.org/15596 posted for review.
Comment 1 Worker Ant 2016-10-12 04:10:41 UTC 
REVIEW: http://review.gluster.org/15625 (socket: log the client identifier in ssl connect) posted (#1) for review on release-3.9 by MOHIT AGRAWAL (moagrawa)
Comment 2 Worker Ant 2017-01-10 06:32:55 UTC 
COMMIT: http://review.gluster.org/15625 committed in release-3.9 by Raghavendra G (rgowdapp) 
------
commit f23f7ad5ea452e5d3e9176f393d7dee2bbe843fc
Author: Mohit Agrawal <moagrawa>
Date:   Thu Sep 29 13:35:26 2016 +0530

    socket: log the client identifier in ssl connect
    
    Problem: client identifier is not logged in message in ssl_setup_connection
    
    Solutuion: In ssl_setup_connection xl_private is not available in rpc_transport
               so changed to this peerinfo.identifier.
    
    Backport of commit 2e23c62cc50037c8e61bcd9c04348409e7627181
    BUG: 1383879
    Signed-off-by: Mohit Agrawal <moagrawa>
    
    > BUG: 1380275
    > Change-Id: I05006a3d63e46de8c388298c22faa9a3329eb6f3
    > Signed-off-by: Mohit Agrawal <moagrawa>
    > Reviewed-on: http://review.gluster.org/15596
    > NetBSD-regression: NetBSD Build System <jenkins.org>
    > Smoke: Gluster Build System <jenkins.org>
    > CentOS-regression: Gluster Build System <jenkins.org>
    > Reviewed-by: Jeff Darcy <jdarcy>
    > Reviewed-by: Atin Mukherjee <amukherj>
    > Reviewed-by: Vijay Bellur <vbellur>
    > (cherry picked from commit 2e23c62cc50037c8e61bcd9c04348409e7627181)
    
    Change-Id: I904f267937e0e12b0b1e19027c017e5d979b8197
    Reviewed-on: http://review.gluster.org/15625
    Tested-by: MOHIT AGRAWAL <moagrawa>
    Reviewed-by: Atin Mukherjee <amukherj>
    Smoke: Gluster Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
Comment 3 Kaushal 2017-03-08 10:23:55 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.9.1, please open a new bug report.

glusterfs-3.9.1 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/gluster-users/2017-January/029725.html
[2] https://www.gluster.org/pipermail/gluster-users/
Note You need to log in before you can comment on or make changes to this bug.