Closed ikasymov closed 3 months ago
The ESDB_ROOT_CERTIFICATES were provided.
Hi @ikasymov - good to hear from you!
Thanks for raising the issue.
I don't understand what's going wrong here.
My understanding is that gRPC uses HTTP/2 as its transfer protocol.
If you set these environment variables you might get some debug logging?
GRPC_VERBOSITY="debug
GRPC_TRACE=all
For example, I can see this:
I0606 11:53:06.942204000 123145563418624 chttp2_transport.cc:952] W:0x7ff14c038400 CLIENT [ipv6:%5B::1%5D:2113] state IDLE -> WRITING [TRANSPORT_FLOW_CONTROL]
I0606 11:53:06.942214000 123145563418624 chttp2_transport.cc:952] W:0x7ff14c038400 CLIENT [ipv6:%5B::1%5D:2113] state WRITING -> WRITING+MORE [INITIAL_WRITE]
I0606 11:53:06.942535000 123145563418624 chttp2_transport.cc:952] W:0x7ff14c038400 CLIENT [ipv6:%5B::1%5D:2113] state WRITING+MORE -> WRITING [begin write in current thread]
I0606 11:53:06.942548000 123145563418624 chttp2_transport.cc:1082] CLIENT[0x7ff14c038400]: Write 82 bytes
I0606 11:53:06.942553000 123145563418624 tcp_posix.cc:1827] WRITE 0x7ff150a04080 (peer=ipv6:%5B::1%5D:2113)
D0606 11:53:06.942561000 123145563418624 tcp_posix.cc:1831] WRITE DATA: 50 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 0d 0a 0d 0a 53 4d 0d 0a 0d 0a 'PRI * HTTP/2.0....SM....'
I0606 11:53:06.942565000 123145563418624 tcp_posix.cc:1827] WRITE 0x7ff150a04080 (peer=ipv6:%5B::1%5D:2113)
D0606 11:53:06.942569000 123145563418624 tcp_posix.cc:1831] WRITE DATA: 00 00 24 04 00 00 00 00 00 00 02 00 00 00 00 00 03 7f ff ff ff 00 04 00 40 00 00 00 05 00 40 00 00 00 06 00 00 40 00 fe 03 00 00 00 01 '..$...............���...@.....@......@.�.....'
I0606 11:53:06.942572000 123145563418624 tcp_posix.cc:1827] WRITE 0x7ff150a04080 (peer=ipv6:%5B::1%5D:2113)
D0606 11:53:06.942577000 123145563418624 tcp_posix.cc:1831] WRITE DATA: 00 00 04 08 00 00 00 00 00 00 3f 00 01 '..........?..'
I0606 11:53:06.942622000 123145563418624 tcp_posix.cc:1875] write: OK
I0606 11:53:06.942630000 123145563418624 chttp2_transport.cc:1096] CLIENT[0x7ff14c038400]: Finish write
I0606 11:53:06.942643000 123145563418624 chttp2_transport.cc:952] W:0x7ff14c038400 CLIENT [ipv6:%5B::1%5D:2113] state WRITING -> IDLE [finish writing]
Which mentions HTTP/2.0
.
If you can do the same thing, do you get HTTP/1.0
in the log messages?
I0606 11:09:56.698294000 8544533184 secure_endpoint.cc:242] READ 0x120808200: 00 00 1e 01 05 00 00 00 03 c4 c3 61 96 df 3d bf 4a 01 c5 32 db 52 82 00 9a 50 21 b8 07 ee 36 da 98 b4 6f c2 c1 c0 bf '.........��a.�=�J.�2�R...P!�.�6�.�o����'
I0606 11:09:56.698306000 8544533184 parsing.cc:338] INCOMING[0x11700a600]: HEADERS:END_STREAM:END_HEADERS len:30 id:0x00000003
I0606 11:09:56.698311000 8544533184 parsing.cc:756] parsing Trailers-Only
D0606 11:09:56.698316000 8544533184 parsing.cc:897] INCOMING[0x11700a600;0x1210651b0]: Parse 30b last frame fragment with header
D0606 11:09:56.698323000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: :status: 426
D0606 11:09:56.698328000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: content-type: application/grpc
D0606 11:09:56.698343000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: date: Thu, 06 Jun 2024 11:09:55 GMT
D0606 11:09:56.698350000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: grpc-message: Request protocol 'HTTP/1.0' is not supported.
D0606 11:09:56.698953000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: grpc-status: 13
D0606 11:09:56.698964000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: server: nginx/1.24.0
D0606 11:09:56.698969000 8544533184 hpack_parser.cc:705] HTTP:3:TRL:CLI: content-length: 0
D0606 11:09:56.698978000 8544533184 chttp2_transport.cc:2352] MARK_STREAM_CLOSED: t=0x11700a600 s=0x1210651b0(id=3) read [OK]
D0606 11:09:56.698987000 8544533184 chttp2_transport.cc:2068] maybe_complete_recv_message 0x1210651b0 final_metadata_requested=1 seen_error=0
D0606 11:09:56.698993000 8544533184 chttp2_transport.cc:2140] maybe_complete_recv_trailing_metadata cli=1 s=0x1210651b0 closure=0x121065178 read_closed=1 write_closed=1 0
I0606 11:09:56.699003000 8544533184 tcp_posix.cc:1104] TCP:0x106fb2d30 got_read: OK
I0606 11:09:56.699006000 8544533184 tcp_posix.cc:894] TCP:0x106fb2d30 do_read
I0606 11:09:56.699479000 8544533184 tcp_posix.cc:679] TCP:0x106fb2d30 notify_on_read
Additional logs:
I0606 11:09:56.585816000 8544533184 chttp2_transport.cc:1377] --metadata--
I0606 11:09:56.585834000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:user-agent: grpc-python/1.62.1 grpc-c/39.0.0 (osx; chttp2)
I0606 11:09:56.585838000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI::authority: es.n8n.vovalu.ru:443
I0606 11:09:56.585842000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI::path: /event_store.client.persistent_subscriptions.PersistentSubscriptions/Create
I0606 11:09:56.585846000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:GrpcRegisteredMethod: (nil)
I0606 11:09:56.585850000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:WaitForReady: false
I0606 11:09:56.585854000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:grpc-accept-encoding: identity, deflate, gzip
I0606 11:09:56.585858000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:te: trailers
I0606 11:09:56.586215000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:content-type: application/grpc
I0606 11:09:56.586224000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI::scheme: https
I0606 11:09:56.586229000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI::method: POST
I0606 11:09:56.586233000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:connection-name: b7bb6cc8-56ee-42d5-a208-1054db32c388
I0606 11:09:56.586236000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:requires-leader: true
I0606 11:09:56.586241000 8544533184 chttp2_transport.cc:1381] HTTP:0:HDR:CLI:authorization: Basic YWRtaW46VGVzdDkyODM=
I0606 11:09:56.586245000 8544533184 chttp2_transport.cc:1377] --metadata--
I0606 11:09:56.586253000 8544533184 stream_lists.cc:127] 0x11700a600[0][cli]: add to waiting_for_concurrency
I0606 11:09:56.586257000 8544533184 stream_lists.cc:73] 0x11700a600[0][cli]: pop from waiting_for_concurrency
I0606 11:09:56.586693000 8544533184 chttp2_transport.cc:1254] HTTP:CLI: Transport 0x11700a600 allocating new grpc_chttp2_stream 0x1210651b0 to id 3
I0606 11:09:56.586704000 8544533184 stream_lists.cc:127] 0x11700a600[3][cli]: add to writable
I0606 11:09:56.586710000 8544533184 chttp2_transport.cc:952] W:0x11700a600 CLIENT [ipv4:158.101.222.20:443] state IDLE -> WRITING [START_NEW_STREAM]
I0606 11:09:56.586723000 8544533184 chttp2_transport.cc:952] W:0x11700a600 CLIENT [ipv4:158.101.222.20:443] state WRITING -> WRITING+MORE [SEND_MESSAGE]
D0606 11:09:56.586730000 8544533184 chttp2_transport.cc:2068] maybe_complete_recv_message 0x1210651b0 final_metadata_requested=0 seen_error=0
D0606 11:09:56.586737000 8544533184 chttp2_transport.cc:2140] maybe_complete_recv_trailing_metadata cli=1 s=0x1210651b0 closure=0x0 read_closed=0 write_closed=0 0
D0606 11:09:56.586742000 8544533184 chttp2_transport.cc:2068] maybe_complete_recv_message 0x1210651b0 final_metadata_requested=1 seen_error=0
D0606 11:09:56.587540000 8544533184 chttp2_transport.cc:2140] maybe_complete_recv_trailing_metadata cli=1 s=0x1210651b0 closure=0x121065178 read_closed=0 write_closed=0 0
I0606 11:09:56.587553000 8544533184 chttp2_transport.cc:1321] complete_closure_step: t=0x11700a600 0x121064fb8 refs=3 flags=0x0001 desc=op->on_complete err=OK write_state=WRITING+MORE whence=(null):-1
I0606 11:09:56.587563000 8544533184 stream_lists.cc:73] 0x11700a600[3][cli]: pop from writable
I0606 11:09:56.587565000 8544533184 writing.cc:454] W:0x11700a600 CLIENT[3] im-(sent,send)=(0,1)
I0606 11:09:56.587571000 8544533184 chttp2_transport.cc:1321] complete_closure_step: t=0x11700a600 0x121064fb8 refs=2 flags=0x0001 desc=send_initial_metadata_finished err=OK write_state=WRITING+MORE whence=(null):-1
D0606 11:09:56.587576000 8544533184 chttp2_transport.cc:2352] MARK_STREAM_CLOSED: t=0x11700a600 s=0x1210651b0(id=3) write [OK]
I0606 11:09:56.588147000 8544533184 chttp2_transport.cc:1321] complete_closure_step: t=0x11700a600 0x121064fb8 refs=1 flags=0x0001 desc=send_trailing_metadata_finished err=OK write_state=WRITING+MORE whence=(null):-1
I0606 11:09:56.588164000 8544533184 chttp2_transport.cc:1321] complete_closure_step: t=0x11700a600 0x121064fb8 refs=0 flags=0x0001 desc=on_write_finished_cb err=OK write_state=WRITING+MORE whence=(null):-1
I0606 11:09:56.588169000 8544533184 stream_lists.cc:127] 0x11700a600[3][cli]: add to writing
I0606 11:09:56.588176000 8544533184 chttp2_transport.cc:952] W:0x11700a600 CLIENT [ipv4:158.101.222.20:443] state WRITING+MORE -> WRITING [begin write in current thread]
I0606 11:09:56.588180000 8544533184 chttp2_transport.cc:1082] CLIENT[0x11700a600]: Write 276 bytes
HTTP:3:TRL:CLI: server: nginx/1.24.0
Are you somehow (inadvertently or deliberately) trying to get the EventStoreDB client to connect to (or via) nginx?
Yes. Nginx worked as a proxy server. My URI looks something like this: esdb://login:password@mydomain.com:443?tls=true
Interesting. I would revisit your nginx config? If you had this working before, have you made any recent changes? Are you using a different version of EventStoreDB?
Which version of the client are you using? Which version of EventStoreDB are you using?
Maybe your nginx is trying to connect to EventStoreDB with HTTP/1.0 rather than HTTP/2.0? And then propagating the error response back to the Python client. That's my guess.
It is my first try to support tlc. Before that, we used to configure on insecure mode with nginx + es and everything worked correctly. But after configuring on secure mode we got this error.
I also thought like this but i tried to connect ES via curl:
curl -v https://mydomain.com --http2
* Trying ip:443...
* Connected to es.n8n.vovalu.ru (ip) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=es.n8n.vovalu.ru
* start date: May 30 06:00:59 2024 GMT
* expire date: Aug 28 06:00:58 2024 GMT
* subjectAltName: host "mydomain.com" matched cert's "mydomain.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: mydomain.com]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x564a16744e10)
> GET / HTTP/2
Here you can see that nginx can do http2
If curl can connect by picking up the certificate from /etc/ssl/certs
, maybe let the grpc library pick up the certificate from /etc/ssl/certs
to, by not using the root_certificates
arg of the Python client? Maybe somehow the certificate text isn't correctly being passed into the client?
I'm guessing nginx is somehow falling back onto HTTP/1.0 connecting the backend EventStoreDB server?
Maybe when the grpc library continues with its operations beyond what curl is doing, there's some operation that isn't supported with HTTP/2.0 by nginx and nginx tries to use HTTP/1.0? It does appear that nginx is trying to do HTTP/1.0 with EventStoreDB when you connect using the Python EventStoreDB client.
https://nginx.org/en/docs/http/ngx_http_grpc_module.html
To use gRPC over SSL, the “grpcs://” scheme should be used:
grpc_pass grpcs://127.0.0.1:443;
What's your nginx config looking like?
Maybe you configured nginx to reverse proxy tls correctly, but not actually configured for grpcs? I never tried this, and I don't know what your nginx config is, so I'm really just guessing here.
By the way, you don't need to put tls=true
in the connection string URI because that's the default.
esdb://login:password@mydomain.com:443?tls=true
Can be just:
esdb://login:password@mydomain.com:443
@johnbywater Thanks so much!!
grpc_pass grpcs://127.0.0.1:443
it's fixed my problem. :)
But have a new issue, the consumer crashes with error:
esdbclient.exceptions.InternalError: Received RST_STREAM with error code 0
crashes with this error after 30 seconds after connecting
And I see red flag on status while connection is active before crash:
In logs i see that error:
D0606 13:50:27.865655000 6158168064 posix_engine.cc:449] (event_engine) PosixEventEngine:0x600000acc0e0 executing callback:{0000600001de8180,0000000000000004}
Exception ignored in: <function PersistentSubscription.__del__ at 0x1060d25c0>
Traceback (most recent call last):
File "python3.11/site-packages/esdbclient/persistent.py", line 706, in __del__
File "python3.11/site-packages/esdbclient/persistent.py", line 679, in stop
File "python3.11/site-packages/esdbclient/common.py", line 113, in pop
File "python3.11/weakref.py", line 272, in pop
KeyError: 4399496464
it's fixed my problem. :)
Great news!
Received RST_STREAM with error code 0
crashes with this error after 30 seconds after connecting
I don't understand why this is happening.
Does it always crash after exactly 30s? If so, that sounds like a timeout, maybe introduced by nginx?
Otherwise, if it's more occasional or intermittent, maybe the EventStoreDB server doesn't have enough memory?
D0606 13:50:27.865655000 6158168064 posix_engine.cc:449] (event_engine) PosixEventEngine:0x600000acc0e0 executing callback:{0000600001de8180,0000000000000004} Exception ignored in: <function PersistentSubscription.del at 0x1060d25c0> Traceback (most recent call last): File "python3.11/site-packages/esdbclient/persistent.py", line 706, in del File "python3.11/site-packages/esdbclient/persistent.py", line 679, in stop File "python3.11/site-packages/esdbclient/common.py", line 113, in pop File "python3.11/weakref.py", line 272, in pop KeyError: 4399496464
Somehow you have a race calling stop()
on the persistent subscription. Not sure how this is happening without looking at your code. At least we can see that this "Exception ignored" :)
PosixEventEngine:0x600000acc0e0 executing callback
What's this callback?
client = get_event_store_client()
group_name = "scoring-consumer-2"
try:
client.create_subscription_to_all(
group_name=group_name,
filter_by_stream_name=True,
filter_include=[r"credit-TXC_.*", r"penalties-TXC_.*"],
)
except AlreadyExists:
pass
subscription = client.read_subscription_to_all(
group_name=group_name,
)
for event in subscription:
subscription.ack(event)
it's my all code
What is the red flag on status column on my screenshot? this was not the case in other places
I don't know what the red dot actually means. I've asked the EventStoreDB team.
@johnbywater Thanks. The issue was on nginx timeout. The thread can be closed. But I am really interested in the red dot. Let me know please
Well done for getting it working @ikasymov. I haven't heard back yet, but will let you know what they say.
Closing, as requested.
@ikasymov I'm told the red dot means the subscription consumption is "behind" and "in a high ingress system it'll always be red." In other words, the status is "red" when there are a lot of recorded events that haven't been received and acknowledged (the consumer has "fallen behind") and otherwise "green" (which means the consumer has "caught up").
@ikasymov The EventStoreDB team are curious to see your nginx config (reverse proxy for EventStoreDB). Please could you share it with me?
I got the error esdbclient.exceptions.InternalError: Request protocol 'HTTP/1.0' is not supported. while trying to connect to ES via the tlc secure mod. Does the python client support http2?
File /consumers.py", line 26, in handle client.create_subscription_to_all( File "python3.11/site-packages/esdbclient/client.py", line 132, in retrygrpc_decorator return f(*args, **kwargs) ^^^^^^^^^^^^^^^^^^ File "python3.11/site-packages/esdbclient/client.py", line 93, in autoreconnect_decorator return f(client, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/python3.11/site-packages/esdbclient/client.py", line 940, in create_subscription_to_all self._esdb.persistent_subscriptions.create( File "/python3.11/site-packages/esdbclient/persistent.py", line 1741, in create raise handle_rpc_error(e) from None esdbclient.exceptions.InternalError: Request protocol 'HTTP/1.0' is not supported.