cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefania (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-7973) cqlsh connect error "member_descriptor' object is not callable"
Date Mon, 25 May 2015 05:26:18 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-7973?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14557979#comment-14557979
] 

Stefania commented on CASSANDRA-7973:
-------------------------------------

Thanks for the details.

If I use the same settings, with self-signed certificates generated as follows:

{code}
keytool -genkeypair -alias cassandra -keyalg RSA -keysize 1024 -keystore .keystore -storepass
cassandra -keypass cassandra
keytool -exportcert -alias cassandra -rfc -file ca.cert -keystore .keystore -storepass cassandra
#copy ca.cert in JRE/lib/security and then run:
keytool -import -alias ca -file ca.cert -keystore cacerts -storepass changeit
{code}

Then with python 2.6.9 I get

{code}
Connection error: ('Unable to connect to any servers', {'127.0.0.1': ConnectionShutdown('Connection
<AsyncoreConnection(16844176) 127.0.0.1:9042 (closed)> is already closed',)})
{code}

and server side:

{code}
INFO  05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, /127.0.0.1:37617
=> /127.0.0.1:9042]
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
{code}

Whereas with python 2.7.6 it works. I also tested validate=true and that too works with 2.7.6
and fails with 2.6.9.

[~eperott] is this what you observe or is it different?

I've also run the server locally with {{-Djavax.net.debug=all}} to debug the ssl connection
using the following commands:

{code}
JVM_EXTRA_OPTS=-Djavax.net.debug=all
cassandra -f | tee output.txt
less output.txt | grep -v "Ignoring unavailable cipher suite" | less
{code}

And here is what I get:

{code}
Using SSLEngineImpl.
epollEventLoopGroup-2-7, called closeOutbound()
epollEventLoopGroup-2-7, closeOutboundInternal()
epollEventLoopGroup-2-7, called closeInbound()
epollEventLoopGroup-2-7, fatal error: 80: Inbound closed before receiving peer's close_notify:
possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible
truncation attack?
epollEventLoopGroup-2-7, SEND TLSv1.2 ALERT:  fatal, description = internal_error
epollEventLoopGroup-2-7, Exception sending alert: java.io.IOException: writer side was already
closed.
epollEventLoopGroup-2-7, called closeOutbound()
epollEventLoopGroup-2-7, closeOutboundInternal()
epollEventLoopGroup-2-7, called closeInbound()
epollEventLoopGroup-2-7, closeInboundInternal()
INFO  05:07:23 Unexpected exception during request; channel = [id: 0x6ce43cee, /127.0.0.1:37617
=> /127.0.0.1:9042]
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 030000000500000000
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:860) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:249)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:149)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollSocketChannel$EpollSocketUnsafe.epollInReady(EpollSocketChannel.java:722)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:326) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:264) ~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
~[netty-all-4.0.23.Final.jar:4.0.23.Final]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_45]
{code}

So some additional information on the connection being closed prematurely. Therefore I attached
the python debugger to cqlsh and I verified that the connection is closed because recv() is
called with no data in asynccore.py, line 377.

I also tried using java 7 rather than java 8, or the latest netty stable version (4.0.28)
but it made no difference. 

My best guess is a python issue with the asyncore and/or the ssl module, [~aholmber] anything
else we could try?


> cqlsh connect error "member_descriptor' object is not callable"
> ---------------------------------------------------------------
>
>                 Key: CASSANDRA-7973
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7973
>             Project: Cassandra
>          Issue Type: Bug
>         Environment: Cassandra 2.1.0
>            Reporter: Digant Modha
>            Assignee: Philip Thompson
>            Priority: Minor
>              Labels: cqlsh, lhf
>             Fix For: 2.1.x
>
>
> When using cqlsh (Cassandra 2.1.0) with ssl, python 2.6.9. I get Connection error: ('Unable
to connect to any servers', {...: TypeError("'member_descriptor' object is not callable",)})

> I am able to connect from another machine using python 2.7.5.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message