Project

General

Profile

Tâche #30395

Scénario #25296: L’installation du SSO en mode cluster n’est pas fonctionnelle en 2.7

Étude et débogage du test squash

Added by Joël Cuissinat 10 days ago. Updated 5 days ago.

Status:
En cours
Priority:
Normal
Assigned To:
Start date:
06/26/2020
Due date:
% Done:

0%

Remaining (hours):

History

#1 Updated by Joël Cuissinat 10 days ago

  • Description updated (diff)
  • Status changed from Nouveau to En cours

Dans l'infrastructure proposée, stunnel sert de cache local au stunnel distant.

La désactivation (involontaire) de partie la cliente de stunnel également côté client (eole-sso:d073f9a) peut expliquer pourquoi la connexion locale n'est plus fonctionnelle sur Scribe (log eole-sso) :

ConnectionError: Error 111 connecting to 127.0.0.1:9380. Connexion refusée.

Pour rétablir ce mode de fonctionnement, je propose de déplacer le template et le service supprimés de eole-sso-cluster-common dans eole-sso-cluster-client.

Une fois cela effectué, j'obtiens une nouvelle erreur :

ConnectionError: Error while reading from socket: (104, 'Connexion r\xc3\xa9-initialis\xc3\xa9e par le correspondant')

Les logs de stunnel évoquent cette fois un problème de certificats :

juin 26 16:46:13 scribe stunnel[32020]: LOG5[6]: Service [redis_tunnel] connected remote server from 192.168.0.26:36820
juin 26 16:46:13 scribe stunnel[32020]: LOG5[6]: Certificate accepted at depth=0: C=FR, O=Ministere Education Nationale (MENESR), OU=110 043 015, OU=ac-test, CN=eolebase.ac-test.fr
juin 26 16:46:13 scribe stunnel[32020]: LOG3[6]: SSL_connect: 14094413: error:14094413:SSL routines:ssl3_read_bytes:sslv3 alert unsupported certificate
juin 26 16:46:13 scribe stunnel[32020]: LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
juin 26 16:46:13 scribe stunnel[32020]: LOG5[7]: Service [redis_tunnel] accepted connection from 127.0.0.1:35880
juin 26 16:46:13 scribe stunnel[32020]: LOG5[7]: s_connect: connected 192.168.0.24:9380
juin 26 16:46:13 scribe stunnel[32020]: LOG5[7]: Service [redis_tunnel] connected remote server from 192.168.0.26:36824
juin 26 16:46:13 scribe stunnel[32020]: LOG5[7]: Certificate accepted at depth=0: C=FR, O=Ministere Education Nationale (MENESR), OU=110 043 015, OU=ac-test, CN=eolebase.ac-test.fr
juin 26 16:46:13 scribe stunnel[32020]: LOG3[7]: SSL_connect: 14094413: error:14094413:SSL routines:ssl3_read_bytes:sslv3 alert unsupported certificate
juin 26 16:46:13 scribe stunnel[32020]: LOG5[7]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket

#2 Updated by Daniel Dehennin 5 days ago

Par rapport au test squash:

  • Un soucis sur le pas 7 (diagnose ou iptables-save)
  • J’ai modifié le pas 10 pour mettre le nom de la machine au lieu de l’adresse IP
  • Je vois plusieurs services redis fonctionner et le redis-eolesso.service a des erreurs :
    systemctl status redis.service redis-server.service redis2-server.service redis-eolesso.service
    ● redis-server.service - Advanced key-value store
       Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2020-07-02 14:27:33 CEST; 1min 17s ago
         Docs: http://redis.io/documentation,
               man:redis-server(1)
      Process: 15044 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf (code=exited, status=0/SUCCESS)
     Main PID: 15096 (redis-server)
        Tasks: 4 (limit: 2335)
       CGroup: /system.slice/redis-server.service
               └─15096 /usr/bin/redis-server 0.0.0.0:6379
    
    juil. 02 14:27:33 eolebase systemd[1]: Starting Advanced key-value store...
    juil. 02 14:27:33 eolebase systemd[1]: redis-server.service: Can't open PID file /var/run/redis/redis-server.pid (yet?) after start: No such file or directory
    juil. 02 14:27:33 eolebase systemd[1]: Started Advanced key-value store.
    
    ● redis-server.service - Advanced key-value store
       Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2020-07-02 14:27:33 CEST; 1min 17s ago
         Docs: http://redis.io/documentation,
               man:redis-server(1)
      Process: 15044 ExecStart=/usr/bin/redis-server /etc/redis/redis.conf (code=exited, status=0/SUCCESS)
     Main PID: 15096 (redis-server)
        Tasks: 4 (limit: 2335)
       CGroup: /system.slice/redis-server.service
               └─15096 /usr/bin/redis-server 0.0.0.0:6379
    
    juil. 02 14:27:33 eolebase systemd[1]: Starting Advanced key-value store...
    juil. 02 14:27:33 eolebase systemd[1]: redis-server.service: Can't open PID file /var/run/redis/redis-server.pid (yet?) after start: No such file or directory
    juil. 02 14:27:33 eolebase systemd[1]: Started Advanced key-value store.
    
    ● redis2-server.service
       Loaded: masked (/dev/null; bad)
       Active: inactive (dead)
    
    ● redis-eolesso.service - Advanced key-value store
       Loaded: loaded (/lib/systemd/system/redis-eolesso.service; enabled; vendor preset: enabled)
       Active: active (running) since Thu 2020-07-02 14:27:33 CEST; 1min 17s ago
         Docs: http://redis.io/documentation,
               man:redis-server(1)
      Process: 15135 ExecStartPost=/bin/run-parts --verbose /etc/redis/redis-server.post-up.d (code=exited, status=1/FAILURE)
      Process: 15093 ExecStart=/usr/bin/redis-server /etc/redis/redis-eolesso.conf (code=exited, status=0/SUCCESS)
      Process: 15051 ExecStartPre=/bin/run-parts --verbose /etc/redis/redis-server.pre-up.d (code=exited, status=1/FAILURE)
     Main PID: 15134 (redis-server)
        Tasks: 4 (limit: 2335)
       CGroup: /system.slice/redis-eolesso.service
               └─15134 /usr/bin/redis-server 127.0.0.1:9380
    
    juil. 02 14:27:33 eolebase systemd[1]: Starting Advanced key-value store...
    juil. 02 14:27:33 eolebase run-parts[15051]: run-parts: failed to open directory /etc/redis/redis-server.pre-up.d: No such file or directory
    juil. 02 14:27:33 eolebase run-parts[15135]: run-parts: failed to open directory /etc/redis/redis-server.post-up.d: No such file or directory
    juil. 02 14:27:33 eolebase systemd[1]: Started Advanced key-value store.
    

Pour moi le test squash est passant.

Also available in: Atom PDF