Graylog Charm

graylog snap fails to send emails via starttls smtp

Bug #1813914 reported by Alvaro Uria on 2019-01-30

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Graylog Charm	Won't Fix	Wishlist	Unassigned

Bug Description

2019-01-30T10:07:48.052Z WARN [AlertNotificationsSender] Alarm callback <Email Alert Callback> failed. Skipping.
org.graylog2.plugin.alarms.callbacks.AlarmCallbackException: Sending the email to the following server failed : XXXXX.mail-server.XXX:25

Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I think something similar to "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts" may be missing on the graylog-server.sh call. /snap/graylog/current/etc/ssl/certs has directories but all are empty. I don't know if /etc/ssl/certs should be copied there or a new snap interface exist to allow access to that folder.

OTOH, I tested on the customer having issues via [1]: cert is selfsigned. Graylog docs have no "skip-tls-verify" for server.conf [2].

1. openssl s_client -connect localhost:10025 -starttls smtp -debug
2. http://docs.graylog.org/en/2.5/pages/configuration/server.conf.html#email

Tags: