[Reconnoiter-users] SSL read error: Input/output error from stratcon

Toby DiPasquale toby at relaynetwork.com
Mon Jun 7 16:56:30 EDT 2010


Hi all,

I've been trying to setup Reconnoiter (svn checkout of Urskek release) all day. I've got noitd and stratcond compiled and running and I finally got the database schema loaded and whatnot but I keep getting the following errors from stratcond:

  [127.0.0.1:43191] SSL read error: Input/output error
  Next jlog_streamer attempt in 4000ms

And the corresponding error from noitd:

  jlog reader[noit] error: JLOG_ERR_INVALID_SUBSCRIBER

I've created an OpenSSL CA to use for Reconnoiter, and I've created a cert/key pair for noitd (CN=noit) and another for stratcond (CN=stratcon), signed with my CA key and also installed that CA cert into reconnoiter/etc/ca.crt where both noit.conf and stratcon.conf are looking for it.

I've read on the mailing list that JLOG_ERR_INVALID_SUBSCRIBER is likely an issue having to do with a bad cert or something but I'm not sure how to proceed since there are no docs. I'm copying my noit.conf and stratcon.conf below so you can see how I have it configured. Both noitd and stratcond are running on localhost right now, as is a collectd instance from which noitd is supposed to be retreiving info. Thanks!

-=[ noit.conf ]=-

<?xml version="1.0" encoding="utf8" standalone="yes"?>
<noit>
  <eventer implementation="epoll">
    <config>
      <default_queue_threads>10</default_queue_threads>
      <default_ca_chain>/opt/reconnoiter/etc/default-ca-chain.crt</default_ca_chain>
    </config>
  </eventer>
  <logs>
    <console_output>
      <outlet name="stderr"/>
      <log name="error"/>
      <log name="debug" disabled="true"/>
    </console_output>
    <feeds>
      <log name="feed" type="jlog" path="/var/log/noitd.feed(stratcon)"/>
    </feeds>
    <components>
      <error>
        <outlet name="error"/>
        <log name="error/eventer"/>
        <log name="error/ping_icmp"/>
        <log name="error/serf"/>
        <log name="error/snmp"/>
      </error>
      <debug>
        <log name="debug/eventer" disabled="true"/>
        <log name="debug/ping_icmp" disabled="true"/>
        <log name="debug/serf" disabled="false"/>
        <log name="debug/snmp" disabled="true"/>
      </debug>
    </components>
    <feeds>
      <outlet name="feed"/>
      <log name="check">
        <outlet name="error"/>
      </log>
      <log name="status"/>
      <log name="metrics"/>
      <log name="config"/>
    </feeds>
  </logs>
  <modules directory="/usr/local/libexec/noit">
    <loader image="lua" name="lua">
      <config><directory>/usr/local/libexec/noit/?.lua</directory></config>
    </loader>
    <module image="selfcheck" name="selfcheck"/>
    <module image="ssh2" name="ssh2"/>
    <module image="postgres" name="postgres"/>
    <module image="collectd" name="collectd"/>
  </modules>
  <listeners>
    <sslconfig>
      <certificate_file>/opt/reconnoiter/etc/noit.crt</certificate_file>
      <key_file>/opt/reconnoiter/etc/noit.key</key_file>
      <ca_chain>/opt/reconnoiter/etc/ca.crt</ca_chain>
    </sslconfig>
    <consoles type="noit_console">
      <listener address="/tmp/noit">
        <config>
          <line_protocol>telnet</line_protocol>
        </config>
      </listener>
      <listener address="*" port="32322">
        <config>
          <line_protocol>telnet</line_protocol>
        </config>
      </listener>
      <listener address="*" port="32323" ssl="on"/>
    </consoles>
    <listener type="control_dispatch" address="*" port="43191" ssl="on">
      <config>
        <log_transit_feed_name>feed</log_transit_feed_name>
      </config>
    </listener>
  </listeners>
  <checks max_initial_stutter="30000" filterset="default">
    <check uuid="f7cea020-f19d-11dd-85a6-cb6d3a2207dc" module="selfcheck" target="127.0.0.1" period="5000" timeout="4000"/>
    <check uuid="1b4e28ba-2fa1-11d2-883f-e9b761bde3fb" module="collectd" target="127.0.0.1" period="60000" timeout="30000"/>
    <check uuid="002d58ff-20ff-4db0-9420-782fc1748dc4" module="ssh2" target="127.0.0.1" period="60000" timeout="4000"/>
    <databases>
      <postgres module="postgres" period="300000">
        <config>
          <dsn>host=127.0.0.1 dbname=junk user=junk password=junk</dsn>
          <sql>select datname, pg_database_size(datname) as size, xact_commit, xact_rollback from pg_stat_database</sql>
        </config>
        <check uuid="8c5ca46c-77d7-11dd-ab5b-53bc659517d6" target="127.0.0.1" timeout="4000"/>
      </postgres>
    </databases>
  </checks>
  <filtersets>
    <filterset name="default">
      <rule type="deny" module="^ping_icmp$" metric="^(?:minimum|maximum|count)$" />
    </filterset>
  </filtersets>
</noit>

-=[ stratcon.conf ]=-

<?xml version="1.0" encoding="utf8" standalone="yes"?>
<stratcon>
  <eventer implementation="epoll"/>

  <logs>
    <console_output>
      <outlet name="stderr"/>
      <log name="error"/>
      <log name="debug"/>
      <log name="error/iep"/>
      <log name="error/eventer" disabled="true"/>
      <log name="debug/eventer" disabled="true"/>
    </console_output>
  </logs>

  <noits>
    <config>
      <!--
        If we have a connection failure, attempt to reconnect
        immediately.  Upon failure wait 1000ms (1s) and
        exponentially backoff up to 900000ms (900s or 15m)
      -->
      <reconnect_initial_interval>1000</reconnect_initial_interval>
      <reconnect_maximum_interval>15000</reconnect_maximum_interval>
    </config>
    <sslconfig>
      <key_file>/opt/reconnoiter/etc/noit.key</key_file>
      <certificate_file>/opt/reconnoiter/etc/noit.crt</certificate_file>
      <ca_chain>/opt/reconnoiter/etc/ca.crt</ca_chain>
    </sslconfig>
    <noit address="127.0.0.1" port="43191" />
  </noits>

  <iep disabled="false"> <!-- false the default -->
    <start directory="/opt/reconnoiter/var/db" command="/opt/reconnoiter/bin/run-iep.sh" />
    <queries>
      <statement id="6cc613a4-7f9c-11de-973f-db7e8ccb2e5c" provides="CheckDetails-ddl">
        <epl>create window CheckDetails.std:unique(uuid).win:keepall() as NoitCheck</epl>
      </statement>
      <statement id="76598f5e-7f9c-11de-9f5b-ebb4dcb2494e" provides="CheckDetails">
        <requires>CheckDetails-ddl</requires>
        <epl>insert into CheckDetails select * from NoitCheck</epl>
      </statement>
      <statement id="ba189f08-7f99-11de-9013-733772d37479" provides="UnavailableStream">
        <requires>CheckDetails</requires>
        <epl>insert into UnavailableStream
             select p.* as delta, cds.target as target, cds.module as module,
                    cds.name as name, p.s.uuid as uuid
             from pattern [ every
                            s=NoitStatus(availability='A') ->
                            ( n0 = NoitStatus(uuid=s.uuid, availability='U')
                              and not NoitStatus(uuid=s.uuid, availability='A'))
                          ].std:lastevent() as p
             inner join CheckDetails as cds on cds.uuid = p.s.uuid
        </epl>
      </statement>
      <query id="ce6bf8d2-3dd7-11de-a45c-a7df160cba9e" topic="status">
        <epl>select * from NoitStatus</epl>
      </query>
    </queries>
  </iep>

  <database>
    <dbconfig>
      <host>localhost</host>
      <dbname>reconnoiter</dbname>
      <user>stratcon</user>
      <password>foobar</password>
    </dbconfig>
    <statements>
      <allchecks><![CDATA[
        SELECT remote_address, id, target, module, name
          FROM stratcon.mv_loading_dock_check_s
      ]]></allchecks>
      <findcheck><![CDATA[
        SELECT remote_address, id
          FROM stratcon.mv_loading_dock_check_s
         WHERE sid = $1
      ]]></findcheck>
      <check><![CDATA[
        INSERT INTO stratcon.loading_dock_check_s
                    (remote_address, whence, sid, id, target, module, name)
             VALUES ($1, 'epoch'::timestamptz + ($2 || ' seconds')::interval,
                     stratcon.generate_sid_from_id($3), $3, $4, $5, $6)
      ]]></check>
      <status><![CDATA[
        INSERT INTO stratcon.loading_dock_status_archive_%Y%m
                    ( whence,sid, state, availability,
                     duration, status)
             VALUES ('epoch'::timestamptz + ($1 || ' seconds')::interval,
                     stratcon.generate_sid_from_id($2), $3, $4, $5, $6)
      ]]></status>
      <metric_numeric><![CDATA[
        INSERT INTO stratcon.loading_dock_metric_numeric_archive_%Y%m
                    (whence, sid, name, value)
             VALUES ( 'epoch'::timestamptz + ($1 || ' seconds')::interval,
                     stratcon.generate_sid_from_id($2), $3, $4)
      ]]></metric_numeric>
      <metric_text><![CDATA[
        INSERT INTO stratcon.loading_dock_metric_text_archive_%Y%m
                    ( whence, sid, name,value)
             VALUES ('epoch'::timestamptz + ($1 || ' seconds')::interval,
                     stratcon.generate_sid_from_id($2), $3, $4)
      ]]></metric_text>
      <config><![CDATA[
        SELECT stratcon.update_config
               ($1, $2, 
                'epoch'::timestamptz + ($3 || ' seconds')::interval,
                $4 )
      ]]></config>
    </statements>
  </database>

  <listeners>
    <sslconfig>
      <key_file>/opt/reconnoiter/etc/stratcon.key</key_file>
      <certificate_file>/opt/reconnoiter/etc/stratcon.crt</certificate_file>
      <ca_chain>/opt/reconnoiter/etc/ca.crt</ca_chain>
    </sslconfig>
    <consoles type="noit_console">
      <listener address="/tmp/stratcon">
        <config><line_protocol>telnet</line_protocol></config>
      </listener>
    </consoles>
    <realtime type="http_rest_api">
      <listener address="*" port="8008">
        <config>
          <hostname>stratcon.localdomain</hostname>
          <document_domain>localdomain</document_domain>
        </config>
      </listener>
    </realtime>
    <listener type="control_dispatch" address="*" port="43191" ssl="on" />
  </listeners>

</stratcon>



More information about the Reconnoiter-users mailing list