Bug 620441 - Luci connections to Ricci fail with SSL errors
Luci connections to Ricci fail with SSL errors
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: luci (Show other bugs)
6.0
All Linux
low Severity medium
: rc
: ---
Assigned To: Ryan McCabe
Cluster QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-02 10:30 EDT by Andrew Beekhof
Modified: 2016-04-26 10:57 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 652837 (view as bug list)
Environment:
Last Closed: 2010-11-22 13:35:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Beekhof 2010-08-02 10:30:40 EDT
Description of problem:

Seemingly at random, connections to ricci will begin failing with the SSL connection below.
Its unclear why, and is very hard to reproduce, but the work-around is to restart ricci on the affected cluster node.


13:51:01,044 ERROR [luci.lib.ricci_communicator] Unable to establish an SSL connection to pcmk-2:11111: _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/luci/lib/ricci_communicator.py", line 56, in __init__
    self.ss.connect((self.__hostname, self.__port))
  File "/usr/lib64/python2.6/ssl.py", line 309, in connect
    self.do_handshake()
  File "/usr/lib64/python2.6/ssl.py", line 293, in do_handshake
    self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
13:51:01,045 ERROR [luci.lib.db_helpers] Error communicating with ricci agent at pcmk-2:11111: Unable to establish an SSL connection to pcmk-2:11111: _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/luci/lib/db_helpers.py", line 86, in get_agent_for_cluster
    rc = RicciCommunicator(host, port)
  File "/usr/lib/python2.6/site-packages/luci/lib/ricci_communicator.py", line 68, in __init__
    raise RicciError, errmsg
RicciError: Unable to establish an SSL connection to pcmk-2:11111: _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


Version-Release number of selected component (if applicable):
  luci-0.22.3-1.auto1280502062.x86_64
  ricci-0.16.2-13.el6.x86_64
Comment 2 RHEL Product and Program Management 2010-08-02 10:48:02 EDT
This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **
Comment 5 Jan Pokorný 2010-08-20 08:45:20 EDT
Quite reliable (but not 100%) way how to reproduce this is to make two requests doing some change (e.g. changing number of votes per node) at around the same moment, each from separate session. Tested with each such session running in completely separate instance of web browser (i.e. two different web browsers).
After a few tries at most, the problem should occur.
Comment 6 Ryan McCabe 2010-11-12 17:09:21 EST
This is caused by ricci (see ClientInstance.cpp:236):

    if (max_reached) {
        // socket is non-blocking, couple bytes should be able
        // to go out, if not, who cares
        sock.send("overload - come back later");
        throw String("maximum number of clients reached");
    }

that message is sent before the SSL setup is done, hence the error message in the luci logs. We should fix ricci to not send this string. Also need to investigate why connections to ricci are lingering.

Note You need to log in before you can comment on or make changes to this bug.