Project

General

Profile

Bug #6574

Updated SSL certificates are not propagated to other cluster nodes

Added by Wojciech Kapcia TigaseTeam about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
High
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Database:
n/a
Applicable version:
git/master
Source Code Disclaimer:

Description

Build on sure.im:

Name:   Tigase
Version:    8.0.0-SNAPSHOT-b5110/b24cc287(2017-12-21/14:18:20)
Os: Linux-amd64-3.5.0-23-generic, Java HotSpot(TM) 64-Bit Server VM-25.152-b16-Oracle Corporation

Doesn't propagate certificate to other nodes while updating via ad-hoc

xmpp-test.info.pem (7.3 KB) xmpp-test.info.pem Wojciech Kapcia, 2018-01-15 06:57 AM

Related issues

Related to Tigase XMPP Server - Bug #6598: EventBus registration fails on connection between cluster nodesClosed

Associated revisions

Revision 316d3a61 (diff)
Added by Andrzej Wójcik IoT 1 CloudTigaseTeam about 1 year ago

#6574: fixed issue with script handling SSL certificated upload in the cluster mode

History

#2 Updated by Andrzej Wójcik IoT 1 CloudTigaseTeam about 1 year ago

  • Status changed from New to In QA
  • Assignee changed from Andrzej Wójcik to Wojciech Kapcia
  • % Done changed from 0 to 100

I've identified the issue in SSLCertificateAdd.groovy but decided to remove cluster support from this script and moved it directly to @CertificateContainer@. The new solution is based in @EventBus@.

#3 Updated by Wojciech Kapcia TigaseTeam about 1 year ago

I've run a simple test on our test installation (node1/node2.xmpp-test.net, vhost xmpp-test.info [had to refresh it...]) and it doesn't seem to work.

Latest nightly:

http://build.tigase.org/nightlies/dists/2018-01-15/tigase-server-8.0.0-SNAPSHOT-b5116-dist-max.tar.gz

installed to

/home/tigase/tigase-server-8.0.0-SNAPSHOT-b5116

and started using:

tigase@node1:~/tigase-server-8.0.0-SNAPSHOT-b5116$ ./scripts/tigase.sh start etc/tigase.conf

Reports correct version

==========
STARTED Tigase Mon Jan 15 09:23:00 EST 2018 using:
    ./scripts/tigase.sh start etc/tigase.conf
==========
componentInfo{Title=Tigase XML Tools, Version=4.0.0-SNAPSHOT-b262/92c6bcf6(2018-01-15/01:47:03), Class=tigase.xml.XMLUtils}
componentInfo{Title=Tigase Utils, Version=4.0.0-SNAPSHOT-b365/ba951236(2018-01-15/01:47:54), Class=tigase.util.ClassUtil}
componentInfo{Title=Tigase XMPP Server, Version=8.0.0-SNAPSHOT-b5116/316d3a61(2018-01-15/02:51:51), Class=tigase.server.XMPPServer}

This matches the updated code, admin script code looks ok. Nodes time is different but the cluster works just fine (we fixed issue with different zones a while back).

Steps taken:

  • Connect to both accounts - we have self signed cert generated on both machines;

  • update certificate on one node (node1, with the generated, attached let's encrypt cert)

  • node1 had updated the certificate and saved it to disk;

  • node2 continued with the auto-generated, self signed certificate, file on disk wasn't updated neither.

#4 Avatar?id=6023&size=24x24 Updated by Artur Hefczyc TigaseTeam about 1 year ago

  • Priority changed from Normal to High

#5 Updated by Andrzej Wójcik IoT 1 CloudTigaseTeam about 1 year ago

  • Status changed from Feedback to In Progress

#6 Updated by Andrzej Wójcik IoT 1 CloudTigaseTeam about 1 year ago

  • Related to Bug #6598: EventBus registration fails on connection between cluster nodes added

#7 Updated by Andrzej Wójcik IoT 1 CloudTigaseTeam about 1 year ago

  • Status changed from In Progress to In QA
  • Assignee changed from Andrzej Wójcik to Wojciech Kapcia

My fix was working properly, however, it was based on EventBus and events being fired across the cluster which was failing to subscribe in some cases (worked in one-way). So as I was testing it was working fine as I connected to the newest cluster node for testing, but it failed for you as you connected to the oldest one. This issue was fixed in #6598.

#8 Updated by Wojciech Kapcia TigaseTeam about 1 year ago

  • Status changed from In QA to Closed

Also available in: Atom PDF