opsiconfd startet mit neuestem Update nicht mehr - SSL/TLS Protocol error

[elemay]

Hallo,

habe heute die neuesten Opsi Pakete auf Rocky Linux 8 installiert, leider startet nun der opsiconfd nicht mehr.

Code: Alles auswählen

opsi-server-full.noarch                                               4.3.2.1-1.1                                            @home_uibmz_opsi_4.3_stable
opsi-tftp-hpa-server.x86_64                                           5.2.8-78.30                                            @home_uibmz_opsi_4.2_stable
opsi-utils.x86_64                                                     4.3.3.13-1.1                                           @home_uibmz_opsi_4.3_stable
opsi-webgui.noarch                                                    4.3.30-1.1                                             @home_uibmz_opsi_4.3_stable
opsi-windows-support.noarch                                           4.2.0.3-1.2                                            @home_uibmz_opsi_4.2_stable
opsiconfd.x86_64                                                      4.3.14.1-1.1                                           @home_uibmz_opsi_4.3_stable
opsipxeconfd.x86_64                                                   4.3.3.3-1.1                                            @home_uibmz_opsi_4.3_stable

Ausgabe auf CLI:

Code: Alles auswählen

[1] [2024-04-26 10:40:35.945] [               ] Opsiconfd version '4.3.14.1' starting on 'opsi' as 'configserver'   (opsiconfd.py:91)
[4] [2024-04-26 10:40:35.964] [               ] Failed statement, attempt 1: (MySQLdb.OperationalError) (2026, 'TLS/SSL error: fatal alert received: Error in protocol version')
(Background on this error at: https://sqlalche.me/e/14/e3q8)   (__init__.py:95)
[4] [2024-04-26 10:40:35.964] [               ] Failed to setup MySQL: (MySQLdb.OperationalError) (2026, 'TLS/SSL error: fatal alert received: Error in protocol version')
(Background on this error at: https://sqlalche.me/e/14/e3q8)
Please use `opsiconfd setup --configure-mysql` to configure the MySQL connection manually.   (__init__.py:254)
Traceback (most recent call last):
  File "sqlalchemy/engine/base.py", line 3371, in _wrap_pool_connect
  File "sqlalchemy/pool/base.py", line 327, in connect
  File "sqlalchemy/pool/base.py", line 894, in _checkout
  File "sqlalchemy/pool/base.py", line 493, in checkout
  File "sqlalchemy/pool/impl.py", line 145, in _do_get
  File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
  File "sqlalchemy/util/compat.py", line 211, in raise_
  File "sqlalchemy/pool/impl.py", line 143, in _do_get
  File "sqlalchemy/pool/base.py", line 273, in _create_connection
  File "sqlalchemy/pool/base.py", line 388, in __init__
  File "sqlalchemy/pool/base.py", line 690, in __connect
  File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
  File "sqlalchemy/util/compat.py", line 211, in raise_
  File "sqlalchemy/pool/base.py", line 686, in __connect
  File "sqlalchemy/engine/create.py", line 574, in connect
  File "sqlalchemy/engine/default.py", line 598, in connect
  File "MySQLdb/__init__.py", line 123, in Connect
  File "MySQLdb/connections.py", line 185, in __init__
MySQLdb.OperationalError: (2026, 'TLS/SSL error: fatal alert received: Error in protocol version')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "run-opsiconfd.py", line 12, in <module>
  File "opsiconfd/main/__init__.py", line 65, in main
  File "opsiconfd/main/opsiconfd.py", line 94, in opsiconfd_main
  File "opsiconfd/setup/__init__.py", line 247, in setup
  File "opsiconfd/setup/backend.py", line 148, in setup_mysql
  File "opsiconfd/setup/backend.py", line 114, in setup_mysql_connection
  File "opsiconfd/setup/backend.py", line 81, in setup_mysql_connection
  File "contextlib.py", line 137, in __enter__
  File "opsiconfd/backend/mysql/__init__.py", line 348, in connection
  File "opsiconfd/backend/mysql/__init__.py", line 356, in connect
  File "opsiconfd/backend/mysql/__init__.py", line 321, in _init_connection
  File "opsiconfd/backend/mysql/__init__.py", line 86, in execute
  File "sqlalchemy/orm/session.py", line 1716, in execute
  File "sqlalchemy/orm/session.py", line 1555, in _connection_for_bind
  File "sqlalchemy/orm/session.py", line 750, in _connection_for_bind
  File "sqlalchemy/engine/base.py", line 3325, in connect
  File "sqlalchemy/engine/base.py", line 96, in __init__
  File "sqlalchemy/engine/base.py", line 3404, in raw_connection
  File "sqlalchemy/engine/base.py", line 3374, in _wrap_pool_connect
  File "sqlalchemy/engine/base.py", line 2208, in _handle_dbapi_exception_noconnection
  File "sqlalchemy/util/compat.py", line 211, in raise_
  File "sqlalchemy/engine/base.py", line 3371, in _wrap_pool_connect
  File "sqlalchemy/pool/base.py", line 327, in connect
  File "sqlalchemy/pool/base.py", line 894, in _checkout
  File "sqlalchemy/pool/base.py", line 493, in checkout
  File "sqlalchemy/pool/impl.py", line 145, in _do_get
  File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
  File "sqlalchemy/util/compat.py", line 211, in raise_
  File "sqlalchemy/pool/impl.py", line 143, in _do_get
  File "sqlalchemy/pool/base.py", line 273, in _create_connection
  File "sqlalchemy/pool/base.py", line 388, in __init__
  File "sqlalchemy/pool/base.py", line 690, in __connect
  File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
  File "sqlalchemy/util/compat.py", line 211, in raise_
  File "sqlalchemy/pool/base.py", line 686, in __connect
  File "sqlalchemy/engine/create.py", line 574, in connect
  File "sqlalchemy/engine/default.py", line 598, in connect
  File "MySQLdb/__init__.py", line 123, in Connect
  File "MySQLdb/connections.py", line 185, in __init__
sqlalchemy.exc.OperationalError: (MySQLdb.OperationalError) (2026, 'TLS/SSL error: fatal alert received: Error in protocol version')
(Background on this error at: https://sqlalche.me/e/14/e3q8)

[j.schneider]

Hallo,

scheinbar wird versucht per TLS auf den MySQL-Server zuzugreifen.
Was steht in der /etc/opsi/backends/mysql.conf ?

Grüße
Jan Schneider

[elemay]

Code: Alles auswählen

# -*- coding: utf-8 -*-

module = 'MySQL'
config = {
    "address": "192.168.13.2",
    "database": "opsi",
    "username": "opsi",
    "password": "password",
    "databaseCharset": "utf8",
    "connectionPoolSize": 25,
    "connectionPoolMaxOverflow": 10,
    "connectionPoolTimeout": 30,
    "connectionPoolRecycling": 28000
}

[j.schneider]

Läuft die MySQL-Datenbank auf einer anderen Maschine?

[j.schneider]

Gibt es eine MySQL-Client-Konfiguration auf dem System?

[elemay]

Ja der Server läuft auf einer anderen Maschine, auf dem OPSi Server gibt es nur eine leere client.cnf

Code: Alles auswählen

cat /etc/my.cnf.d/client.cnf
#
# These two groups are read by the client library
# Use it for options that affect all clients, but not the server
#


[client]

# This group is not read by mysql client library,
# If you use the same .cnf file for MySQL and MariaDB,
# use it for MariaDB-only client options
[client-mariadb]

Der OPSi User auf dem MariaDB Server wird auch nicht zur Verwendung von SSL gezwungen, wie gesagt hat das ganze bis vor dem heutigen Update reibungslos funktioniert.

[j.schneider]

Bitte mal versuchen, ob der opsiconfd 4.3.15.0 das Problem löst.
Hier wird im DB-Treiber jetzt ssl=false explizit gesetzt.

https://software.opensuse.org//download ... =opsiconfd

Grüße
Jan Schneider

[elemay]

Ja, er startet wieder, Problem gelöst.

[j.schneider]

Sehr gut, Danke für die Rückmeldung.

[elemay]

Hallo,

leider habe ich mich zu früh gefreut. Der opsiconfd startet zwar wieder, aber versucht immer noch per ssl zu connecten.

Code: Alles auswählen

systemctl status opsiconfd                                                                                                                                                                    1 ↵
● opsiconfd.service - opsi server daemon
   Loaded: loaded (/usr/lib/systemd/system/opsiconfd.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2024-04-29 09:05:38 CEST; 2s ago
  Process: 11005 ExecStartPre=/usr/lib/opsiconfd/opsiconfd-pre-start (code=exited, status=0/SUCCESS)
 Main PID: 11014 (opsiconfd)
    Tasks: 4 (limit: 12378)
   Memory: 95.3M
   CGroup: /system.slice/opsiconfd.service
           └─11014 /usr/lib/opsiconfd/opsiconfd start --log-level-stderr=0

Apr 29 09:05:38 opsi systemd[1]: Starting opsi server daemon...
Apr 29 09:05:38 opsi systemd[1]: Started opsi server daemon.

Im Log steht dann aber wieder der SSL Protocl Fehler:

Code: Alles auswählen

Apr 29 09:06:24 opsi systemd[1]: Starting opsi server daemon...
Apr 29 09:06:24 opsi systemd[1]: Started opsi server daemon.
Apr 29 09:06:30 opsi opsiconfd[11058]: Traceback (most recent call last):
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 3371, in _wrap_pool_connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 327, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 894, in _checkout
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 493, in checkout
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/impl.py", line 145, in _do_get
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/compat.py", line 211, in raise_
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/impl.py", line 143, in _do_get
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 273, in _create_connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 388, in __init__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 690, in __connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/compat.py", line 211, in raise_
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 686, in __connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/create.py", line 574, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/default.py", line 598, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "MySQLdb/__init__.py", line 123, in Connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "MySQLdb/connections.py", line 185, in __init__
Apr 29 09:06:30 opsi opsiconfd[11058]: MySQLdb.OperationalError: (2026, 'TLS/SSL error: fatal alert received: Error in protocol version')
Apr 29 09:06:30 opsi opsiconfd[11058]: The above exception was the direct cause of the following exception:
Apr 29 09:06:30 opsi opsiconfd[11058]: Traceback (most recent call last):
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "run-opsiconfd.py", line 12, in <module>
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/main/__init__.py", line 65, in main
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/main/opsiconfd.py", line 102, in opsiconfd_main
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/setup/__init__.py", line 247, in setup
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/setup/backend.py", line 148, in setup_mysql
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/setup/backend.py", line 114, in setup_mysql_connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/setup/backend.py", line 81, in setup_mysql_connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "contextlib.py", line 137, in __enter__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/backend/mysql/__init__.py", line 352, in connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/backend/mysql/__init__.py", line 360, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/backend/mysql/__init__.py", line 325, in _init_connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "opsiconfd/backend/mysql/__init__.py", line 87, in execute
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/orm/session.py", line 1716, in execute
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/orm/session.py", line 1555, in _connection_for_bind
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/orm/session.py", line 750, in _connection_for_bind
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 3325, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 96, in __init__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 3404, in raw_connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 3374, in _wrap_pool_connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 2208, in _handle_dbapi_exception_noconnection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/compat.py", line 211, in raise_
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/base.py", line 3371, in _wrap_pool_connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 327, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 894, in _checkout
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 493, in checkout
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/impl.py", line 145, in _do_get
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/compat.py", line 211, in raise_
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/impl.py", line 143, in _do_get
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 273, in _create_connection
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 388, in __init__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 690, in __connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/langhelpers.py", line 70, in __exit__
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/util/compat.py", line 211, in raise_
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/pool/base.py", line 686, in __connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/create.py", line 574, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "sqlalchemy/engine/default.py", line 598, in connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "MySQLdb/__init__.py", line 123, in Connect
Apr 29 09:06:30 opsi opsiconfd[11058]:   File "MySQLdb/connections.py", line 185, in __init__
Apr 29 09:06:30 opsi opsiconfd[11058]: sqlalchemy.exc.OperationalError: (MySQLdb.OperationalError) (2026, 'TLS/SSL error: fatal alert received: Error in protocol version')
Apr 29 09:06:30 opsi opsiconfd[11058]: (Background on this error at: https://sqlalche.me/e/14/e3q8)
Apr 29 09:06:30 opsi systemd[1]: opsiconfd.service: Main process exited, code=exited, status=1/FAILURE
Apr 29 09:06:30 opsi systemd[1]: opsiconfd.service: Failed with result 'exit-code'.

Das bringt leider auch nichts

Code: Alles auswählen

opsiconfd --mysql-internal-url mysql://opsi:password@192.168.13.2:3306/opsi?ssl=false