OPNFV

juju-deployer failed on SSL3_READ_BYTES

Bug #1644331 reported by Narinder Gupta
64
This bug affects 11 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Won't Fix
Undecided
Unassigned
OPNFV
New
Undecided
Unassigned
OpenStack Charm Test Infra
Opinion
Medium
Unassigned
juju-core
Won't Fix
Undecided
Unassigned
juju-deployer
New
Undecided
Unassigned
python-jujuclient
New
Undecided
Unassigned

Bug Description

+ juju-deployer -vW -d -t 7200 -r 5 -c bundles.yaml xenial-newton-nodes
2016-11-23 10:38:56 [DEBUG] deployer.cli: Using runtime GoEnvironment on opnfv-intelpod5-maas
2016-11-23 10:38:56 [INFO] deployer.cli: Starting deployment of xenial-newton-nodes
2016-11-23 10:38:56 [DEBUG] deployer.import: Getting charms...
2016-11-23 10:38:56 [DEBUG] deployer.charm: Cache dir /home/jenkins/.juju/.deployer-store-cache/cs_xenial_ubuntu
2016-11-23 10:38:56 [DEBUG] deployer.charm: Retrieving store charm cs:xenial/ubuntu-8
2016-11-23 10:39:02 [DEBUG] deployer.deploy: Resolving configuration
2016-11-23 10:39:02 [DEBUG] deployer.env: Connecting to environment...
Traceback (most recent call last):
  File "/usr/bin/juju-deployer", line 9, in <module>
    load_entry_point('juju-deployer==0.6.4', 'console_scripts', 'juju-deployer')()
  File "/usr/lib/python2.7/dist-packages/deployer/cli.py", line 135, in main
    run()
  File "/usr/lib/python2.7/dist-packages/deployer/cli.py", line 234, in run
    importer.Importer(env, deployment, options).run()
  File "/usr/lib/python2.7/dist-packages/deployer/action/importer.py", line 298, in run
    self.env.connect()
  File "/usr/lib/python2.7/dist-packages/deployer/env/go.py", line 65, in connect
    self.client = EnvironmentClient.connect(self.name)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 534, in connect
    return Connector().run(cls, env_name)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 142, in run
    cert_path, data.get('environ-uuid'))
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 150, in connect_env
    env = cls(endpoint, name=name, ca_cert=cert_path, env_uuid=env_uuid)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 522, in __init__
    self.conn = Connector.connect_socket(endpoint, self._ca_cert)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 162, in connect_socket
    endpoint, origin=endpoint, sslopt=sslopt)
  File "/usr/lib/python2.7/dist-packages/websocket/_core.py", line 219, in create_connection
    websock.connect(url, **options)
  File "/usr/lib/python2.7/dist-packages/websocket/_core.py", line 463, in connect
    self.sock = ssl.wrap_socket(self.sock, **sslopt)
  File "/usr/lib/python2.7/ssl.py", line 487, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib/python2.7/ssl.py", line 243, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 405, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:510: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version

Revision history for this message
Larry Michel (lmic) wrote :
Download full text (3.3 KiB)

I also hit this today:

2016-11-24 04:21:45 [DEBUG] deployer.import: Getting charms...
2016-11-24 04:21:45 [DEBUG] deployer.deploy: Resolving configuration
2016-11-24 04:21:45 [DEBUG] deployer.env: Connecting to environment...
Traceback (most recent call last):
  File "/usr/bin/juju-deployer", line 9, in <module>
    load_entry_point('juju-deployer==0.6.4', 'console_scripts', 'juju-deployer')()
  File "/usr/lib/python2.7/dist-packages/deployer/cli.py", line 135, in main
    run()
  File "/usr/lib/python2.7/dist-packages/deployer/cli.py", line 234, in run
    importer.Importer(env, deployment, options).run()
  File "/usr/lib/python2.7/dist-packages/deployer/action/importer.py", line 298, in run
    self.env.connect()
  File "/usr/lib/python2.7/dist-packages/deployer/env/go.py", line 65, in connect
    self.client = EnvironmentClient.connect(self.name)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 534, in connect
    return Connector().run(cls, env_name)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 142, in run
    cert_path, data.get('environ-uuid'))
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 150, in connect_env
    env = cls(endpoint, name=name, ca_cert=cert_path, env_uuid=env_uuid)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 522, in __init__
    self.conn = Connector.connect_socket(endpoint, self._ca_cert)
  File "/usr/lib/python2.7/dist-packages/jujuclient.py", line 162, in connect_socket
    endpoint, origin=endpoint, sslopt=sslopt)
  File "/usr/lib/python2.7/dist-packages/websocket/_core.py", line 219, in create_connection
    websock.connect(url, **options)
  File "/usr/lib/python2.7/dist-packages/websocket/_core.py", line 463, in connect
    self.sock = ssl.wrap_socket(self.sock, **sslopt)
  File "/usr/lib/python2.7/ssl.py", line 487, in wrap_socket
    ciphers=ciphers)
  File "/usr/lib/python2.7/ssl.py", line 243, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 405, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:510: error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version
2016-11-24 04:21:45 [ERROR] Juju Status: environment: lmicintegrationxenial
machines:
  "0":
    agent-state: started
    agent-version: 1.25.8
    dns-name: 10.5.0.40
    instance-id: d80bea08-1f24-4cce-925e-1cf68e1afd39
    instance-state: ACTIVE
    series: xenial
    hardware: arch=amd64 cpu-cores=2 mem=4096M root-disk=40960M availability-zone=nova
    state-server-member-status: has-vote
services: {}

$ dpkg -l |grep juju
ii juju 1.25.6-0ubuntu1.14.04.1 all next generation service orchestration system
ii juju-core 1.25.6-0ubuntu1.14.04.1 amd64 Juju is devops distilled - client
ii juju-deployer 0.6.4-0ubuntu1~trusty1 all Deploy complex stacks of services using Juju
ii juju-local 1.25.6-0ubuntu1.14.04.1 all dependency package for the Juju local provider
ii juju-mongodb 2.4.9-0ubuntu3 ...

Read more...

tags: added: oil
Ryan Beisner (1chb1n)
tags: added: uosci
Revision history for this message
Anastasia (anastasia-macmood) wrote :

"juju" project track Juju 2.x concerns.

This issue is specific to Juju 1.x. I've re-targeted to "juju-core" project which tracks Juju 1.x.

no longer affects: juju
Changed in juju-core:
status: New → Triaged
importance: Undecided → Critical
milestone: none → 1.25.9
Revision history for this message
Curtis Hovey (sinzui) wrote :

If the goal is to make deployer work with tls 1.2, then this bug is a duplicate of bug 1443704 reported years ago in trusty. Trusty's python is too old. Deployer works fine on Xenial and yackkety which have newer versions of python.

tags: added: deployer python
Revision history for this message
Ryan Beisner (1chb1n) wrote :

@anastasia

It's not entirely that cut and dry. Bundletester and Amulet (the charm test tools) use juju-deployer under the hood, even for Juju 2.x. Given that, I believe this issue effectively blocks Trusty users from testing charms with both Juju 1 and Juju 2.

Changed in charm-test-infra:
status: New → Triaged
status: Triaged → Confirmed
Revision history for this message
Mario Splivalo (mariosplivalo) wrote :

Hello.

I'm using juju-deployer from mojo-maintaners ppa, which works fine, on trusty:

$ apt-cache policy juju-deployer
juju-deployer:
  Installed: 0.9.2~bzr203~60~ubuntu14.04.1
  Candidate: 0.9.2~bzr203~60~ubuntu14.04.1
  Version table:
 *** 0.9.2~bzr203~60~ubuntu14.04.1 0
        500 http://ppa.launchpad.net/mojo-maintainers/ppa/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status
     0.6.4~bzr168~49~ubuntu14.04.1 0
        500 http://ppa.launchpad.net/juju/stable/ubuntu/ trusty/main amd64 Packages
     0.3.6-0ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages

However, amulet tests (for openstack charms) fail as they seem to use pip-installed juju deployer, which won't play nice with newer juju.

Anastasia (anastasia-macmood)
Changed in juju:
status: New → Triaged
importance: Undecided → Critical
milestone: none → 2.2.0
milestone: 2.2.0 → 2.1.0
Revision history for this message
Richard Harding (rharding) wrote :

For security concerns we've removed TLS 1.0 support from Juju in the 1.25 release cycle. The default python 2.7 in Trusty does not support TLS 1.2. You need to update Python in order to have this work correctly on Trusty.

We're working with the upstream team to get this addressed.

https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1443704

Changed in juju-core:
status: Triaged → Won't Fix
importance: Critical → Undecided
Changed in juju:
status: Triaged → Won't Fix
importance: Critical → Undecided
milestone: 2.1.0 → none
Changed in juju-core:
milestone: 1.25.9 → none
Revision history for this message
Jason Furmanek (furmanek) wrote :

Ouch. Wonderful timing. Is there recommended workaround or fix currently?

Revision history for this message
Bryan Quigley (bryanquigley) wrote :

There is a fix for xenial and yakkety in 1644153 (the fix for trusty is more complicated as previously mentioned)

Felipe Reyes (freyes)
tags: added: sts
Chris Gregan (cgregan)
tags: added: cdo-qa-blocker
Revision history for this message
Nick Moffitt (nick-moffitt) wrote :

This looks like it's being caused by mojo, as found by wgrant:

http://bazaar.launchpad.net/~mojo-maintainers/mojo/trunk/view/357.2.2/mojo/phase.py#L532
http://bazaar.launchpad.net/~mojo-maintainers/mojo/trunk/view/357.2.2/mojo/phase.py#L654

James Page (james-page)
Changed in charm-test-infra:
status: Confirmed → Triaged
importance: Undecided → Medium
Revision history for this message
Hua Zhang (zhhuabj) wrote :

The workaround mentioned in comment #5 works for me as well

Ryan Beisner (1chb1n)
Changed in charm-test-infra:
status: Triaged → Opinion
Chris Gregan (cgregan)
tags: removed: cdo-qa-blocker
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.