Bug #9983
closed
qpid rejected un-encrypted connection
Added by Andrew Lau almost 10 years ago.
Updated over 6 years ago.
Description
Sorry, not sure if this is a bug however katello 2.2 install my logs are filled with many references to not being able to connect to the qpid server with a reference to encryption.
Apr 1 08:17:48 katello1 pulp: pulp.server.async.scheduler:ERROR: could not connect to localhost:27017: [Errno 111] Connection refused
Apr 1 08:17:50 katello1 kernel: httpd1060: segfault at 58 ip 00007f14772b7ee5 sp 00007f144a1f9d10 error 4 in libpython2.6.so.1.0[7f14771e7000+15d000]
Apr 1 08:17:53 katello1 qpidd1548: 2015-04-01 08:17:53 [Security] error Rejected un-encrypted connection.
Apr 1 08:17:53 katello1 qpidd1548: 2015-04-01 08:17:53 [Protocol] error Connection qpid.127.0.0.1:5672-127.0.0.1:49296 closed by error: connection-forced: Connection must be encrypted.(320)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) consumer: Connection to broker lost. Trying to re-establish the connection...
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) Traceback (most recent call last):
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/worker/consumer.py", line 278, in start
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) blueprint.start(self)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/bootsteps.py", line 123, in start
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) step.start(parent)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/worker/consumer.py", line 821, in start
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) c.loop(*c.loop_args())
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/celery/worker/loops.py", line 72, in asynloop
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) next(loop)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/kombu/async/hub.py", line 324, in create_loop
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) cb(*cbargs)
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) File "/usr/lib/python2.6/site-packages/kombu/transport/qpid.py", line 1559, in on_readable
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) raise self.session.saved_exception
Apr 1 08:17:54 katello1 pulp: celery.worker.consumer:WARNING: (1981-54976) ConnectionError: connection aborted
Is 'require-encryption=yes' meant to be set in qpidd.conf with katello 2.2? When set to no, these error messages no longer fill my log from both gofred and katello-services.
- Status changed from New to Need more information
- Translation missing: en.field_release set to 23
- Triaged changed from No to Yes
No errors during installation? The setting you asked about is meant to be set. Can you check that qpidd is running? Did you use RC1 or RC2, you can check what qpid packages are installed and should see qpid-cpp-server-0.30-7.proton.0.9
Eric Helms wrote:
No errors during installation? The setting you asked about is meant to be set. Can you check that qpidd is running? Did you use RC1 or RC2, you can check what qpid packages are installed and should see qpid-cpp-server-0.30-7.proton.0.9
No errors during installation, running Foreman RC2
qpidd shows to be running
ps aux | grep qpid
qpidd 18149 1.0 0.4 662504 18676 ? Ssl 09:41 0:01 /usr/sbin/qpidd --config /etc/qpid/qpidd.conf --daemon --data-dir=/var/lib/qpidd --close-fd 9
However service qpidd status returns nothing, and restarting it shows
Stopping Qpid AMQP daemon: [FAILED]
rpm qa | grep qpid
--
qpid-cpp-server-0.30-7.proton.0.9.el6.x86_64
---
Here are the logs from the goferd agent:
Apr 4 10:17:58 katello1 goferd: [INFO][MainThread] gofer.messaging.adapter.proton.connection:100 - connecting: URL: amqps://katello1.example.net:5647|SSL: ca: /etc/rhsm/ca/katello-server-ca.pem|key: None|certificate: /etc/pki/consumer/bundle.pem|host-validation: None
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - amqps://katello1.example.net:5647
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - Traceback (most recent call last):
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib/python2.6/site-packages/gofer/messaging/adapter/proton/connection.py", line 101, in open
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - domain = self.ssl_domain(connector)
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib/python2.6/site-packages/gofer/messaging/adapter/proton/connection.py", line 57, in ssl_domain
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - domain.set_trusted_ca_db(connector.ssl.ca_certificate)
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib64/python2.6/site-packages/proton/__init__.py", line 3382, in set_trusted_ca_db
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - certificate_db) )
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - File "/usr/lib64/python2.6/site-packages/proton/__init__.py", line 3372, in _check
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - raise exc("SSL failure.")
Apr 4 10:17:58 katello1 goferd: [ERROR][MainThread] gofer.messaging.adapter.proton.connection:106 - SSLException: SSL failure.
Apr 4 10:17:58 katello1 goferd: [INFO][MainThread] gofer.messaging.adapter.proton.connection:108 - retry in 106 seconds
Can you re-try on RC3 and let me know if you see these same errors? We were missing some qpid related updates in RC2.
This appears to also have been fixed with RC3.
I've been jumping between EL6 and El7, this only seems to occur in EL7. Following the install instructions from katello wiki.
Was only occurring on EL7 or are you still seeing it from time to time?
It was only happening on EL7, but haven't seen it recently after fresh RC3 deploy.
- Status changed from Need more information to Resolved
Moving to resolved state, let's re-open this if you see this again post RC3 or when 2.2 full release comes out.
Also available in: Atom
PDF
Updated by 
Updated by