search

blindsidenetworks / scalelite

Scalable load balancer for BigBlueButton.
GNU Affero General Public License v3.0
469 stars 247 forks source link

Servers not coming online when enforcing SHA512 checksum #905

Closed paulseto closed 1 year ago

paulseto commented 1 year ago

Describe the bug When scalelite is configured to enforce a SHA512 checkum algorithm, servers fail to come online

To Reproduce docker-compose configured to run images

CONTAINER ID   IMAGE                                                                    COMMAND                  CREATED          STATUS          PORTS                          NAMES
e1ad6103355b   blindsidenetwks/nginx:amazonlinux-2.0.20221004.0                         "/bin/bash -c 'envsu…"   10 minutes ago   Up 10 minutes   80/tcp, 0.0.0.0:443->443/tcp   scalelite-proxy
38ef91e7586b   blindsidenetwks/scalelite:v1.4-bionic240-amazonlinux                     "/bin/sh -c 'update-…"   10 minutes ago   Up 10 minutes   3000/tcp                       scalelite-poller
769a1b5fec7a   bigbluebutton/bbb-playback-proxy:bionic-240-amazonlinux-2.0.20221004.0   "/etc/nginx/start -g…"   10 minutes ago   Up 10 minutes   80/tcp                         scalelite-recordings
ba58c1b7d88a   blindsidenetwks/scalelite:v1.4-bionic240-amazonlinux                     "/bin/sh -c 'update-…"   10 minutes ago   Up 10 minutes   3000/tcp                       scalelite-api

scalelite-poller container environment settings

HOSTNAME=38ef91e7586b
LOADBALANCER_CHECKSUM_ALGORITHM=SHA512
TERM=xterm
REDIS_URL=rediss://xxxxxxxxxxxxxxxxxxxxx:6379
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/srv/scalelite
SHLVL=1
HOME=/root
RAILS_ENV=production
TINI_VERSION=v0.19.0
RAILS_LOG_TO_STDOUT=false
BUILD_NUMBER=v1.4
_=/usr/bin/env

scalelite-poller log

I, [2023-04-19T00:17:31.305713 #15]  INFO -- : Server id=bbb2.mountcorona.com offline load: unavailable
W, [2023-04-19T00:17:31.306516 #15]  WARN -- : Failed to get server id=bbb1.mountcorona.com status: checksumError: Checksums do not match
I, [2023-04-19T00:17:31.307196 #15]  INFO -- : Server id=bbb1.mountcorona.com offline load: unavailable
D, [2023-04-19T00:18:31.353020 #15] DEBUG -- : Polling meetings
D, [2023-04-19T00:18:31.353259 #15] DEBUG -- : Polling servers
D, [2023-04-19T00:18:31.355437 #15] DEBUG -- : Polling Server id=bbb2.mountcorona.com
D, [2023-04-19T00:18:31.355492 #15] DEBUG -- : Polling Server id=bbb1.mountcorona.com
W, [2023-04-19T00:18:31.367594 #15]  WARN -- : Failed to get server id=bbb1.mountcorona.com status: checksumError: Checksums do not match
W, [2023-04-19T00:18:31.367706 #15]  WARN -- : Failed to get server id=bbb2.mountcorona.com status: checksumError: Checksums do not match

Steps to reproduce the behavior:

  1. BBB servers configured /etc/bigbluebutton/bbb-web.properties with

    supportedChecksumAlgorithms=sha512

    Confirmed with api mate performing a getMeetings

  2. Scalelite deployed through Scalelite Enterprise

Expected behavior Servers to come online

farhatahmad commented 1 year ago

DId you set LOADBALANCER_CHECKSUM_ALGORITHM for Scalelite?

paulseto commented 1 year ago

@farhatahmad Yes, LOADBALANCER_CHECKSUM_ALGORITHM has been set in the scalelite-poller and scalelite-api containers? See above for scalelite-poller env variables.

farhatahmad commented 1 year ago

Funny enough, Scalelite seems to have the SHA256 value hardcoded when sending requests to BBB (https://github.com/blindsidenetworks/scalelite/blob/master/app/controllers/concerns/api_helper.rb#L65)

farhatahmad commented 1 year ago

From the README

LOADBALANCER_CHECKSUM_ALGORITHM: Define a list of the algorithms allowed to calculate the checksum e.g. [SHA1:SHA256:SHA512], [SHA1:SHA256] or [SHA512]. The same algorithm in the request is transferred to requests made to BigBlueButton. When not set, Scalelite accepts checksums generated with SHA1, SHA256, or SHA512 and calls to BigBlueButton servers use SHA256.

This line is not true:

The same algorithm in the request is transferred to requests made to BigBlueButton.

I'll put out a fix for it