Support Migration Notice: To update migrated JIRA cases click here to open a new case use www.vmware.com/go/sr | vFabric Hyperic 5.7.0 is Now Available

Hyperic HQ

RabbitMQ - Server availability and metrics still report when SSL cert removed from keystore

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 4.6, 4.x Sprint 27
  • Fix Version/s: 4.6, 4.x Sprint 28
  • Component/s: Plugins
  • Environment:
    Hyperic server 4.6.0-EE-247 on CentOS 5.4 x64 with embedded Postgres DB
    - Hyperic agent 4.6.0-EE-247 on RHEL 5.4 x64 running RabbitMQ 2.5.1 running SSL
  • Case Links:
    none
  • Regression:
    No
  • Tags:

Description

RabbitMQ - Server availability and metrics still report when SSL cert removed from keystore

With the RabbitMQ certificate removed from the keystore, the RabbitMQ server still shows as Available and Metrics report.

There are Events/Logs Tracking showing:

07/22/2011 01:56 PM] Log Message (/var/log/rabbitmq/rabbit@FC-RHEL55x64-VM1.log): /var/log/rabbitmq/rabbit@FC-RHEL55x64-VM1.log: "Accept failed error"
[07/22/2011 01:56 PM] Log Message (/var/log/rabbitmq/rabbit@FC-RHEL55x64-VM1.log): /var/log/rabbitmq/rabbit@FC-RHEL55x64-VM1.log: application: mochiweb
[07/22/2011 01:56 PM] Log Message (/var/log/rabbitmq/rabbit@FC-RHEL55x64-VM1.log): /var/log/rabbitmq/rabbit@FC-RHEL55x64-VM1.log: SSL: certify: ./ssl_connection.erl:1452:Fatal error: certificate_unknown

Expected Result:
With keystore removed, availability and metrics should not continue to report

Actual Result:
With keystore removed, availability and metrics continues to report

Stesp to Reproduce:

  1. Install and start agent on platform running RabbitMQ running HTTPS
  2. Log into Hyperic
  3. Add platform to inventory from AIQ
  4. Configure RabbitMQ as necessary including import of SSL cert into keystore
  5. Note server availability and metrics collect
  6. Remove SSL cert from keystore
  7. Note server availability and metrics still collect

Additional Note:
Restarting agent does not help

  1. agent.log
    22/Jul/11 2:47 PM
    3.98 MB
    Frederic Calindas
  2. agent-restarted.log
    22/Jul/11 4:23 PM
    418 kB
    Frederic Calindas

Activity

Hide
Todd Rader added a comment -

You may need David's help on this one, but if you discover that the connection doesn't give any helpful exception or status when the cert is removed, we need to re-evaluate.

Show
Todd Rader added a comment - You may need David's help on this one, but if you discover that the connection doesn't give any helpful exception or status when the cert is removed, we need to re-evaluate.
Hide
German Laullon added a comment -

check if accept.unverified.certificates is false on agent.properties

Show
German Laullon added a comment - check if accept.unverified.certificates is false on agent.properties
Hide
German Laullon added a comment -

please, attach the agent.log with debug level.

Show
German Laullon added a comment - please, attach the agent.log with debug level.
Hide
Frederic Calindas added a comment - - edited

See attached 'agent.log' with debugging enabled.

RabbitMQ SSL certificate removed from keystore at approximately:
Fri Jul 22 17:36 EDT 2011

Verified accept.unverified.certificates=false in agent.properties

Show
Frederic Calindas added a comment - - edited See attached 'agent.log' with debugging enabled. RabbitMQ SSL certificate removed from keystore at approximately: Fri Jul 22 17:36 EDT 2011 Verified accept.unverified.certificates=false in agent.properties
Hide
Frederic Calindas added a comment -

After removing SSL cert from keystore, restarted agent. Metrics did not appear to collect; however, Availability continued to show as available.

See attached log 'agent-restarted.log'.

Show
Frederic Calindas added a comment - After removing SSL cert from keystore, restarted agent. Metrics did not appear to collect; however, Availability continued to show as available. See attached log 'agent-restarted.log'.
Hide
German Laullon added a comment -

The plugin no longer cache the https connections.
correct Availability is reported.

Show
German Laullon added a comment - The plugin no longer cache the https connections. correct Availability is reported.
Hide
Frederic Calindas added a comment -

Verified with Hyperic Server Daily Build 4.6.0-EE-252 (7/28/11) and upgraded agent via UI.

With specific ssl cert removed from keystore, the RabbitMQ server and associated services no longer showed availability nor metrics. Restoring the ssl cert to keystore resumed collection/reporting of availability/metrics. No restart of agent was required.

Show
Frederic Calindas added a comment - Verified with Hyperic Server Daily Build 4.6.0-EE-252 (7/28/11) and upgraded agent via UI. With specific ssl cert removed from keystore, the RabbitMQ server and associated services no longer showed availability nor metrics. Restoring the ssl cert to keystore resumed collection/reporting of availability/metrics. No restart of agent was required.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
    Last comment:
    2 years, 38 weeks, 2 days ago