search

ManageIQ / manageiq-appliance_console

The console for the ManageIQ appliances.
Apache License 2.0
2 stars 28 forks source link

Using an appliances IP address for messaging configuration results in `Failed authentication (SSL handshake failed)` #233

Open agrare opened 9 months ago

agrare commented 9 months ago

When configuring an appliance as a messaging server if the non-loopback IP address is used (e.g. in this case 192.168.122.119)

# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:cc:f9:d3 brd ff:ff:ff:ff:ff:ff
    altname enp1s0
    inet 192.168.122.119/24 brd 192.168.122.255 scope global dynamic noprefixroute eth0
       valid_lft 2198sec preferred_lft 2198sec
    inet6 fe80::5054:ff:fecc:f9d3/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

It configures the broker as localhost and fails to authenticate

Feb 01 14:42:20 localhost.localdomain kafka-server-start.sh[7566]: [2024-02-01 14:42:20,709] INFO [KafkaServer id=0] started (kafka.server.KafkaServer)
Feb 01 14:42:20 localhost.localdomain kafka-server-start.sh[7566]: [2024-02-01 14:42:20,910] INFO [BrokerToControllerChannelManager broker=0 name=forwarding]: Recorded new controller, from now on will use broker localhost:9093 (id: 0 rack: null) (kafka.server.BrokerToControllerRequestThread)
Feb 01 14:42:20 localhost.localdomain kafka-server-start.sh[7566]: [2024-02-01 14:42:20,965] INFO [BrokerToControllerChannelManager broker=0 name=alterPartition]: Recorded new controller, from now on will use broker localhost:9093 (id: 0 rack: null) (kafka.server.BrokerToControllerRequestThread)

Feb 01 14:45:21 localhost.localdomain kafka-server-start.sh[7566]: [2024-02-01 14:45:21,306] INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication with /192.168.122.119 (channelId=192.168.122.119:9093-192.168.122.119:38258-104) (SSL handshake failed) (org.apache.kafka.common.network.Selector)
miq-bot commented 5 months ago

This issue has been automatically marked as stale because it has not been updated for at least 3 months.

If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.

agrare commented 3 months ago

Since we've dropped the ability to use an IP address for messaging I'm going to convert this from a bug to an enhancement, it would be nice to be able to use IP addrs rather than hostnames especially for development where proper DNS likely isn't present.