Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Input is starting although generating TLS cert fails #2054

Closed
dennisoelkers opened this issue Apr 12, 2016 · 1 comment
Closed

Input is starting although generating TLS cert fails #2054

dennisoelkers opened this issue Apr 12, 2016 · 1 comment

Comments

@dennisoelkers
Copy link
Member

@dennisoelkers dennisoelkers commented Apr 12, 2016

Problem description

When an input is configured to use TLS and no cert/key is given, it tries to generate one when it's started. Even if this fails, the input is started anyway, but without TLS.

Relevant snippet from the server log:

2016-04-12 11:35:28,123 WARN : org.graylog2.plugin.inputs.transports.AbstractTcpTransport - TLS key file or certificate file does not exist, creating a self-signed certificate for input [Syslog TCP/570cbcaae38726ad8b069d9a].
2016-04-12 11:35:28,125 INFO : org.graylog2.inputs.InputStateListener - Input [Syslog TCP/570cbcaae38726ad8b069d9a] is now STARTING
2016-04-12 11:35:28,180 ERROR: org.graylog2.plugin.inputs.transports.AbstractTcpTransport - Problem creating a self-signed certificate for input [Syslog TCP/570cbcaae38726ad8b069d9a].
java.security.cert.CertificateException: No provider succeeded to generate a self-signed certificate. See debug log for the root cause.
    at org.jboss.netty.handler.ssl.util.SelfSignedCertificate.<init>(SelfSignedCertificate.java:115) ~[graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at org.jboss.netty.handler.ssl.util.SelfSignedCertificate.<init>(SelfSignedCertificate.java:82) ~[graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at org.graylog2.plugin.inputs.transports.AbstractTcpTransport.getBaseChannelHandlers(AbstractTcpTransport.java:146) [graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at org.graylog2.plugin.inputs.transports.NettyTransport.launch(NettyTransport.java:124) [graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at org.graylog2.plugin.inputs.MessageInput.launch(MessageInput.java:153) [graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at org.graylog2.shared.inputs.InputLauncher$1.run(InputLauncher.java:84) [graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog2-server-2.0.0-beta.3-SNAPSHOT-shaded.jar:?]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_31]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_31]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_31]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_31]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_31]
2016-04-12 11:35:28,184 INFO : org.graylog2.inputs.InputStateListener - Input [Syslog TCP/570cbcaae38726ad8b069d9a] is now RUNNING

Steps to reproduce the problem

  1. Make sure that the JDK's tmpdir is not writable (for example by specifying -Djava.io.tmpdir=... and removing the dir after startup)
  2. Create a tcp-based input and enable tls, but do not pass a cert/key path

Environment

  • Graylog Version: 2.0.0-beta.3-SNAPSHOT
  • Elasticsearch Version:
  • MongoDB Version:
  • Operating System:
  • Browser version:
@kroepke
Copy link
Member

@kroepke kroepke commented Apr 18, 2016

It's probably best if the input refuses to start in this case, rather than ad-hoc fixing the path issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants