[jira] [Commented] (MESOS-10218) Mesos slave fails to connect after enabling ssl

prasadkulkarni0711 (Jira) Wed, 07 Apr 2021 01:25:04 -0700


    [ 
https://issues.apache.org/jira/browse/MESOS-10218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17316105#comment-17316105
 ]


prasadkulkarni0711 commented on MESOS-10218:
--------------------------------------------

[~apeters] 
W0406 19:31:36.607918 2077 openssl.cpp:530] Failed SSL connections will be 
downgraded to a non-SSL socket
W0406 19:31:36.608258 2077 process.cpp:1055] Failed SSL connections will be 
downgraded to a non-SSL socket
W0406 19:31:36.648947 2117 process.cpp:1480] Failed to link to 
'xx.xx.xx.xx:5050', connect: Failed connect: connection closed
W0406 19:31:36.649329 2117 process.cpp:1480] Failed to link to 
'xx.xx.xx.xx:5050', connect: Failed connect: connection closed
W0406 19:31:48.005637 2117 process.cpp:1480] Failed to link to 
'xx.xx.xx.xx:5050', connect: Failed connect: connection closed
W0406 19:31:48.005774 2117 process.cpp:1480] Failed to link to 
'xx.xx.xx.xx:5050', connect: Failed connect: connection closed
W0406 19:32:08.935016 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:08.937510 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:11.991623 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:11.991729 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:12.463171 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:12.463286 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:12.465955 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:12.466050 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:32:12.468428 2117 process.cpp:911] Failed to accept socket: Failed 
accept: connection error: error:14094416:SSL routines:ssl3_read_bytes:sslv3 
alert certificate unknown
W0406 19:33:16.004748 2117 process.cpp:1480] Failed to link to 
'xx.xx.xx.xx:5050', connect: Failed connect: connection closed
W0406 19:33:28.013123 2117 process.cpp:1480] Failed to link to 
'xx.xx.xx.xx:30980', connect: Failed connect: connection closed

I have added the CA cert to the java trust store though, not sure why it still 
says certificate unknown

> Mesos slave fails to connect after enabling ssl
> -----------------------------------------------
>
>                 Key: MESOS-10218
>                 URL: https://issues.apache.org/jira/browse/MESOS-10218
>             Project: Mesos
>          Issue Type: Bug
>          Components: agent
>    Affects Versions: 1.9.0
>            Reporter: prasadkulkarni0711
>            Priority: Major
>
> Mesos agent fails to connect to the master after setting the following 
> variables:
> LIBPROCESS_SSL_ENABLED=1
> LIBPROCESS_SSL_KEY_FILE=/etc/mesos/conf/ssl/server.key
> LIBPROCESS_SSL_CERT_FILE=/etc/mesos/conf/ssl/server.pem
> LIBPROCESS_SSL_REQUIRE_CERT=false
> LIBPROCESS_SSL_VERIFY_SERVER_CERT=false
> LIBPROCESS_SSL_REQUIRE_CLIENT_CERT=false
> LIBPROCESS_SSL_HOSTNAME_VALIDATION_SCHEME=openssl
> LIBPROCESS_SSL_VERIFY_CERT=false
> LIBPROCESS_SSL_CA_DIR=/etc/mesos/conf/ssl
> LIBPROCESS_SSL_CA_FILE=/etc/mesos/conf/ssl/ca.pem
> LIBPROCESS_SSL_SUPPORT_DOWNGRADE=false
> LIBPROCESS_SSL_VERIFY_IPADD=false
> #LIBPROCESS_SSL_ENABLE_TLS_V1_2=true
> Error in logs:
> Failed to accept socket: Failed accept: connection error: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request
> Connectivity works after setting:
> LIBPROCESS_SSL_SUPPORT_DOWNGRADE=true
> But then the sandbox fails to open in the web UI:
> Potential reasons:
>  * The agent is not accessible
>  * The agent timed out or went offline
> With the following error in the logs:
> Failed to recv on socket 38 to peer 'unknown': Failed recv, connection error: 
> Connection reset by peer



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (MESOS-10218) Mesos slave fails to connect after enabling ssl

Reply via email to