Project

General

Profile

Bug #9983

qpid rejected un-encrypted connection

Added by Andrew Lau over 5 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Sorry, not sure if this is a bug however katello 2.2 install my logs are filled with many references to not being able to connect to the qpid server with a reference to encryption.

Apr 1 08:17:48 katello1 pulp: pulp.server.async.scheduler:ERROR: could not connect to localhost:27017: [Errno 111] Connection refused
Apr 1 08:17:50 katello1 kernel: httpd1060: segfault at 58 ip 00007f14772b7ee5 sp 00007f144a1f9d10 error 4 in libpython2.6.so.1.0[7f14771e7000+15d000]
Apr 1 08:17:53 katello1 qpidd1548: 2015-04-01 08:17:53 [Security] error Rejected un-encrypted connection.
Apr 1 08:17:53 katello1 qpidd1548: 2015-04-01 08:17:53 [Protocol] error Connection qpid.127.0.0.1:5672-127.0.0.1:49296 closed by error: connection-forced: Connection must be encrypted.(320)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) consumer: Connection to broker lost. Trying to re-establish the connection...
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) Traceback (most recent call last):
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/worker/consumer.py", line 278, in start
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) blueprint.start(self)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/bootsteps.py", line 123, in start
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) step.start(parent)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/worker/consumer.py", line 821, in start
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) c.loop(*c.loop_args())
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/worker/loops.py", line 72, in asynloop
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) next(loop)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/kombu/async/hub.py", line 324, in create_loop
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) cb(*cbargs)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/kombu/transport/qpid.py", line 1559, in on_readable
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) raise self.session.saved_exception
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) ConnectionError: connection aborted

Is 'require-encryption=yes' meant to be set in qpidd.conf with katello 2.2? When set to no, these error messages no longer fill my log from both gofred and katello-services.
‚Äč

History

#1 Updated by Eric Helms over 5 years ago

  • Status changed from New to Need more information
  • Legacy Backlogs Release (now unused) set to 23
  • Triaged changed from No to Yes

No errors during installation? The setting you asked about is meant to be set. Can you check that qpidd is running? Did you use RC1 or RC2, you can check what qpid packages are installed and should see qpid-cpp-server-0.30-7.proton.0.9

#2 Updated by Andrew Lau over 5 years ago

Eric Helms wrote:

No errors during installation? The setting you asked about is meant to be set. Can you check that qpidd is running? Did you use RC1 or RC2, you can check what qpid packages are installed and should see qpid-cpp-server-0.30-7.proton.0.9

No errors during installation, running Foreman RC2

qpidd shows to be running
ps aux | grep qpid
qpidd 18149 1.0 0.4 662504 18676 ? Ssl 09:41 0:01 /usr/sbin/qpidd --config /etc/qpid/qpidd.conf --daemon --data-dir=/var/lib/qpidd --close-fd 9

However service qpidd status returns nothing, and restarting it shows
Stopping Qpid AMQP daemon: [FAILED]

rpm qa | grep qpid
--

qpid-cpp-server-0.30-7.proton.0.9.el6.x86_64
---

#3 Updated by Andrew Lau over 5 years ago

Here are the logs from the goferd agent:

Apr 4 10:17:58 katello1 goferd: [INFO][MainThread] gofer.messaging.adapter.proton.connection:100 - connecting: URL: amqps://katello1.example.net:5647|SSL: ca: /etc/rhsm/ca/katello-server-ca.pem|key: None|certificate: /etc/pki/consumer/bundle.pem|host-validation: None
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - amqps://katello1.example.net:5647
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - Traceback (most recent call last):
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib/python2.6/site-packages/gofer/messaging/adapter/proton/connection.py", line 101, in open
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - domain = self.ssl_domain(connector)
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib/python2.6/site-packages/gofer/messaging/adapter/proton/connection.py", line 57, in ssl_domain
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - domain.set_trusted_ca_db(connector.ssl.ca_certificate)
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib64/python2.6/site-packages/proton/__init__.py", line 3382, in set_trusted_ca_db
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - certificate_db) )
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib64/python2.6/site-packages/proton/__init__.py", line 3372, in _check
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - raise exc("SSL failure.")
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - SSLException: SSL failure.
Apr 4 10:17:58 katello1 goferd: [INFO][MainThread] gofer.messaging.adapter.proton.connection:108 - retry in 106 seconds

#4 Updated by Eric Helms over 5 years ago

Can you re-try on RC3 and let me know if you see these same errors? We were missing some qpid related updates in RC2.

#5 Updated by Andrew Lau over 5 years ago

This appears to also have been fixed with RC3.

#6 Updated by Andrew Lau over 5 years ago

I've been jumping between EL6 and El7, this only seems to occur in EL7. Following the install instructions from katello wiki.

#7 Updated by Eric Helms over 5 years ago

Was only occurring on EL7 or are you still seeing it from time to time?

#8 Updated by Andrew Lau over 5 years ago

It was only happening on EL7, but haven't seen it recently after fresh RC3 deploy.

#9 Updated by Eric Helms over 5 years ago

  • Status changed from Need more information to Resolved

Moving to resolved state, let's re-open this if you see this again post RC3 or when 2.2 full release comes out.

Also available in: Atom PDF