FreeTAKTeam / FreeTakServer

Situational Awareness Server compatible with TAK clients
Eclipse Public License 2.0
674 stars 170 forks source link

Federation may be broken in FTS 1.9.5.1 #214

Closed godaminski closed 2 years ago

godaminski commented 2 years ago

Attempting to federate multiple 1.9.5.1 FTS servers. Clean installs on all systems (majority are AWS hosted), and servers are functional with exception of federation. FTS 1.5 documentation states to download the pubserver.pem certificate from each server and upload on server being federated to. The default installation does not generate the pubserver.pem certificate/public key. I have attempted to create a public key based on the keys/certs generated by default during installation in the /usr/local/lib/python3.8/dist-packages/FreeTAKServer/certs folder. This generated cert is downloaded from a server, renamed, and uploaded to the same folder on another server. A federation is then created between servers. After several hours of servers being in operation (with mutual outgoing federations configured), there is no exchange of data between servers. Reviewing the service logs shows a SSL error, which may be related:

File "/usr/local/lib/python3.8/dist-packages/eventlet/hubs/poll.py", line > Dec 01 18:25:28 ip-10-python3[22765]: listener.cb(fileno) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/greenthread.py", lin> Dec 01 18:25:28 ip-10-python3[22765]: result = function(*args, **kwargs) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/wsgi.py", line 825, > Dec 01 18:25:28 ip-10-python3[22765]: proto.__init__(conn_state, self) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/wsgi.py", line 357, > Dec 01 18:25:28 ip-10-python3[22765]: self.handle() Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/wsgi.py", line 390, > Dec 01 18:25:28 ip-10-python3[22765]: self.handle_one_request() Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/wsgi.py", line 419, > Dec 01 18:25:28 ip-10-python3[22765]: self.raw_requestline = self._read_request_line() Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/wsgi.py", line 402, > Dec 01 18:25:28 ip-10-python3[22765]: return self.rfile.readline(self.server.url_length_limit) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/lib/python3.8/socket.py", line 669, in readinto Dec 01 18:25:28 ip-10-python3[22765]: return self._sock.recv_into(b) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/green/ssl.py", line > Dec 01 18:25:28 ip-10-python3[22765]: return self._base_recv(nbytes, flags, into=True, buffer_=buffer) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/green/ssl.py", line > Dec 01 18:25:28 ip-10-python3[22765]: read = self.read(nbytes, buffer_) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/green/ssl.py", line > Dec 01 18:25:28 ip-10-python3[22765]: return self._call_trampolining( Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/local/lib/python3.8/dist-packages/eventlet/green/ssl.py", line > Dec 01 18:25:28 ip-10-python3[22765]: return func(*a, **kw) Dec 01 18:25:28 ip-10-python3[22765]: File "/usr/lib/python3.8/ssl.py", line 1099, in read Dec 01 18:25:28 ip-10-python3[22765]: return self._sslobj.read(len, buffer) Dec 01 18:25:28 ip-10-python3[22765]: ssl.SSLError: [SSL] internal error (_ssl.c:2635)

Can anyone provide guidance or an update on the procedure to successfully federate FTS instances?

brothercorvo commented 2 years ago

closing this , we are managing the issue in #266