Bug 1812824 - [RHEL-8.1]-DH ciphers disabled info flooding glusterd log messages on a SSl enabled setup
Summary: [RHEL-8.1]-DH ciphers disabled info flooding glusterd log messages on a SSl e...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: glusterfs
Version: rhgs-3.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: RHGS 3.5.z Batch Update 2
Assignee: Mohit Agrawal
QA Contact: Upasana
URL:
Whiteboard:
Depends On:
Blocks: 1812835
TreeView+ depends on / blocked
 
Reported: 2020-03-12 09:52 UTC by Upasana
Modified: 2023-09-14 05:54 UTC (History)
8 users (show)

Fixed In Version: glusterfs-6.0-32
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1812835 (view as bug list)
Environment:
Last Closed: 2020-06-16 06:19:39 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2572 0 None None None 2020-06-16 06:19:56 UTC

Description Upasana 2020-03-12 09:52:28 UTC 
Description of problem:
======================
The below messages are flooding glusterd logs on a SSL enabled setup , with IO's running

[2020-03-12 09:39:08.483364] I [socket.c:4299:ssl_setup_connection_params] 0-socket.management: SSL support on the I/O path is ENABLED
[2020-03-12 09:39:08.483384] I [socket.c:4302:ssl_setup_connection_params] 0-socket.management: SSL support for glusterd is ENABLED
[2020-03-12 09:39:08.483391] I [socket.c:4312:ssl_setup_connection_params] 0-socket.management: using certificate depth 1
[2020-03-12 09:39:08.483754] I [socket.c:4357:ssl_setup_connection_params] 0-socket.management: failed to open /etc/ssl/dhparam.pem, DH ciphers are disabled


Version-Release number of selected component (if applicable):
=============================================================
glusterfs-6.0-30.el8rhgs.x86_64

How reproducible:
=================
Always 


Steps to Reproduce:
1.On a setup configure SSL ,mount the volume and start IO's
2.Check glusterd logs


Actual results:
===============
The glusterd logs are flooded with these messages 
[root@rhsqa3 glusterfs]# cat glusterd.log |grep 'failed to open /etc/ssl/dhparam.pem, DH ciphers are disabled'|wc -l
11893



Expected results:
=================
It would be good if these messages from 'INFO' to "DEBUG"


Additional info:
================
Came across https://bugzilla.redhat.com/show_bug.cgi?id=1626319 where these messages were moved from 'ERROR' to 'INFO'
Comment 2 Nag Pavan Chilakam 2020-03-12 10:01:25 UTC 
move below log to Debug mode:
[2020-03-12 09:39:08.483754] I [socket.c:4357:ssl_setup_connection_params] 0-socket.management: failed to open /etc/ssl/dhparam.pem, DH ciphers are disabled

and reduce the frequency or move to debug mode below logs too:
Important Note: let us make sure we keep below message as Info mode, when we setup ssl first time, or post reboot of node or restart of glusterd.
In other cases we can move to debug mode
[2020-03-12 09:39:08.483364] I [socket.c:4299:ssl_setup_connection_params] 0-socket.management: SSL support on the I/O path is ENABLED
[2020-03-12 09:39:08.483384] I [socket.c:4302:ssl_setup_connection_params] 0-socket.management: SSL support for glusterd is ENABLED
[2020-03-12 09:39:08.483391] I [socket.c:4312:ssl_setup_connection_params] 0-socket.management: using certificate depth 1
Comment 14 errata-xmlrpc 2020-06-16 06:19:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2572
Comment 15 Red Hat Bugzilla 2023-09-14 05:54:16 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days
Note You need to log in before you can comment on or make changes to this bug.