Description of problem: 'ssl_implementation = ssl' in vdsm.conf causes vdsm not to be able to connect to engine. please note this is not default value (default is m2crypto). ~~~ 2017-07-20 14:16:14,483+0200 ERROR (Reactor thread) [vds.dispatcher] uncaptured python exception, closing channel <yajsonrpc.betterAsyncore.Dispatcher connected ('::ffff:10.34.63.75', 40334, 0, 0) at 0x3777ef0> (<class 'socket.error'>:Address family not supported by protocol [/usr/lib64/python2.7/asyncore.py|readwrite|110] [/usr/lib64/python2.7/asyncore.py|handle_write_event|468] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|handle_write|70] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|_delegate_call|143] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|handle_write|223] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handle_io|233] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_verify_host|247] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|compare_names|259]) (betterAsyncore:154) ... 2017-07-20 14:18:54,284+0200 ERROR (Reactor thread) [vds.dispatcher] uncaptured python exception, closing channel <yajsonrpc.betterAsyncore.Dispatcher ('::1', 42670, 0, 0) at 0x3782b90> (<class 'ssl.SSLError'>:[SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:579) [/usr/lib64/python2.7/asyncore.py|readwrite|108] [/usr/lib64/python2.7/asyncore.py|handle_read_event|449] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|handle_read|67] [/usr/lib/python2.7/site-packages/yajsonrpc/betterAsyncore.py|_delegate_call|143] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|handle_read|220] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handle_io|230] [/usr/lib/python2.7/site-packages/vdsm/sslutils.py|_handshake|263] [/usr/lib64/python2.7/ssl.py|do_handshake|833]) (betterAsyncore:154) Version-Release number of selected component (if applicable): redhat-release-server-7.3-7.el7.x86_64 openssl-1.0.1e-60.el7_3.1.x86_64 python-2.7.5-48.el7.x86_64 vdsm-4.19.23-1.el7ev.x86_64 How reproducible: 100% Steps to Reproduce: 1. install el 7.3 and change vdsm.conf to 'ssl' for 'ssl_implementation' 2. 3. Actual results: vdsm cannot connect to engine Expected results: should work Additional info:
Same on EL 7.4. 3.6 vdsm was working fine, though.
Reducing severity as default configuration works.
This bug report has Keywords: Regression or TestBlocker. Since no regressions or test blockers are allowed between releases, it is also being identified as a blocker for this release. Please resolve ASAP.
INFO: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason: [Open patch attached] For more info please contact: infra
Moving back to post, as master patch is still not merged while 4.1 patch was merged by mistake
ok, vdsm-4.19.26-1.el7ev.x86_64 active and Up in engine (ovirt-engine-4.1.5.2-0.1.el7.noarch) # grep ^ssl_implementation /etc/vdsm/vdsm.conf ssl_implementation = ssl # systemctl is-active vdsmd active