Bug 620441 - Luci connections to Ricci fail with SSL errors
Summary: Luci connections to Ricci fail with SSL errors
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: luci
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Ryan McCabe
QA Contact: Cluster QE
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-02 14:30 UTC by Andrew Beekhof
Modified: 2016-04-26 14:57 UTC (History)
2 users (show)

(edit)
Clone Of:
: 652837 (view as bug list)
(edit)
Last Closed: 2010-11-22 18:35:20 UTC


Attachments (Terms of Use)

Description Andrew Beekhof 2010-08-02 14:30:40 UTC
Description of problem:

Seemingly at random, connections to ricci will begin failing with the SSL connection below.
Its unclear why, and is very hard to reproduce, but the work-around is to restart ricci on the affected cluster node.


13:51:01,044 ERROR [luci.lib.ricci_communicator] Unable to establish an SSL connection to pcmk-2:11111: _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/luci/lib/ricci_communicator.py", line 56, in __init__
    self.ss.connect((self.__hostname, self.__port))
  File "/usr/lib64/python2.6/ssl.py", line 309, in connect
    self.do_handshake()
  File "/usr/lib64/python2.6/ssl.py", line 293, in do_handshake
    self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
13:51:01,045 ERROR [luci.lib.db_helpers] Error communicating with ricci agent at pcmk-2:11111: Unable to establish an SSL connection to pcmk-2:11111: _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/luci/lib/db_helpers.py", line 86, in get_agent_for_cluster
    rc = RicciCommunicator(host, port)
  File "/usr/lib/python2.6/site-packages/luci/lib/ricci_communicator.py", line 68, in __init__
    raise RicciError, errmsg
RicciError: Unable to establish an SSL connection to pcmk-2:11111: _ssl.c:480: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


Version-Release number of selected component (if applicable):
  luci-0.22.3-1.auto1280502062.x86_64
  ricci-0.16.2-13.el6.x86_64

Comment 2 RHEL Product and Program Management 2010-08-02 14:48:02 UTC
This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **

Comment 5 Jan Pokorný [poki] 2010-08-20 12:45:20 UTC
Quite reliable (but not 100%) way how to reproduce this is to make two requests doing some change (e.g. changing number of votes per node) at around the same moment, each from separate session. Tested with each such session running in completely separate instance of web browser (i.e. two different web browsers).
After a few tries at most, the problem should occur.

Comment 6 Ryan McCabe 2010-11-12 22:09:21 UTC
This is caused by ricci (see ClientInstance.cpp:236):

    if (max_reached) {
        // socket is non-blocking, couple bytes should be able
        // to go out, if not, who cares
        sock.send("overload - come back later");
        throw String("maximum number of clients reached");
    }

that message is sent before the SSL setup is done, hence the error message in the luci logs. We should fix ricci to not send this string. Also need to investigate why connections to ricci are lingering.


Note You need to log in before you can comment on or make changes to this bug.