Details
-
Bug
-
Resolution: Fixed
-
Major
-
7.1.0
-
CB EE 7.1.0-1565
-
Untriaged
-
Centos 64-bit
-
-
1
-
No
Description
This is a negative test. I originally expected that uploading trusted CAs would fail when n2n encryption is enabled. But I think that is not the case.
However, deletion of CAs when n2n encryption is enabled fails sometimes and works sometimes.
Steps to Reproduce:
1. Create a 3 node kv cluster (2.15, .219, .237)
2. Enable n2n encryption to control
3. Upload multiple CAs - worked fine
4. Regenerate certificates and delete unused trusted CAs (from each node) as part of teardown of the cluster
Deletion intermittently failed with unexpected server error
2021-10-25 10:10:10 | ERROR | MainProcess | test_thread | [rest_client._http_request] DELETE http://172.23.105.219:8091//pools/default/trustedCAs/1 body: headers: {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': 'Basic QWRtaW5pc3RyYXRvcjpwYXNzd29yZA==', 'Accept': '*/*'} error: 500 reason: unknown b'["Unexpected server error, request logged."]' auth: Administrator:password
|
Seeing error.log of .219, it looks the call timed out
[ns_server:error,2021-10-25T10:10:10.676-07:00,ns_1@172.23.105.219:<0.9356.0>:menelaus_util:reply_server_error:209]Server error during processing: ["web request failed",
|
{path,"/pools/default/trustedCAs/1"},
|
{method,'DELETE'},
|
{type,exit},
|
{what,timeout},
|
{trace,
|
[{chronicle_rsm,leader_request,3,
|
[{file,"src/chronicle_rsm.erl"},
|
{line,152}]},
|
{chronicle_kv,submit_command,3,
|
[{file,"src/chronicle_kv.erl"},
|
{line,640}]},
|
{chronicle_kv,txn_loop_commit,8,
|
[{file,"src/chronicle_kv.erl"},
|
{line,277}]},
|
{ns_server_cert,remove_CA,1,
|
[{file,"src/ns_server_cert.erl"},
|
{line,913}]},
|
{menelaus_web_cert,
|
handle_delete_trustedCA,2,
|
[{file,"src/menelaus_web_cert.erl"},
|
{line,56}]},
|
{request_tracker,request,2,
|
[{file,"src/request_tracker.erl"},
|
{line,40}]},
|
{menelaus_util,handle_request,2,
|
[{file,"src/menelaus_util.erl"},
|
{line,220}]},
|
{mochiweb_http,headers,6,
|
[{file,
|
"/home/couchbase/jenkins/workspace/couchbase-server-unix/couchdb/src/mochiweb/mochiweb_http.erl"},
|
{line,150}]}]}]
|
Note that:
1. It happens only when n2n encryption is enabled
2. Sometimes this call fails with /regenerateCertificate call
Attachments
For Gerrit Dashboard: MB-49138 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
164388,4 | MB-49138: Make terminate timeout smaller | master | ns_server | Status: MERGED | +2 | +1 |
164389,12 | MB-49138: Correctly handle "accept" messages from acceptors... | master | ns_server | Status: MERGED | +2 | +1 |
165292,3 | MB-48047:[BP] Make terminate timeout smaller | mad-hatter | ns_server | Status: MERGED | +2 | +1 |
165411,2 | MB-49138: [cb_dist] Mark connections as 'shutdown' when... | master | ns_server | Status: MERGED | +2 | +1 |