Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

SSL options in vm.args make nodetool stop working [JIRA: RIAK-1579] #509

Open
613038475 opened this Issue · 6 comments

7 participants

@613038475

Hello,
I found use ssl options in vm.args will let nodetool (riak start, riak-admin status, etc...) stop working.
The reason is env.sh only pick up name and cookie from vm.args then pass to nodetool.
Here is a patch to fix this problem.
https://gist.github.com/613038475/9546619

Also I found this option is not valid.
-proto_dist inet_ssl
it should be
-proto_dist inet_tls

@bsparrow435
Collaborator

I just confirmed this locally against develop. The fix is valid but we really should have a riak_test to validate this.

@613038475

That patch is not useable, it will make erl boot from "riak start" or "riak console" duplicate the ssl argument.

@seancribbs

Note that previously, this was slurped in from a separate file. Unfortunately you cannot pass init arguments from the command line into an escript; they have to be specified in the comment line after the shebang. This means that any disterl-related arguments have to be in a file that is referred to in the comment line, which is what was done in nodetool in the past. Fixing this issue would require changes to OTP.

@jaredmorrow jaredmorrow added this to the 2.1 milestone
@jaredmorrow jaredmorrow added the Bug label
@tombriden

This has recently been an issue for me, the attached patch doesn't appear to work with 2.0.5 but a slight variation on it works and there are no duplicate SSL variables when using "riak console" or "riak start"

SSL_ARGS=`grep -e '^\-ssl_dist_opt' -e '^\-proto_dist' $RUNNER_ETC_DIR/vm.args | tr '\n' ' '`
# Setup command to control the node
NODETOOL="eval ERL_FLAGS=\"$ERL_FLAGS $SSL_ARGS\" $ERTS_PATH/escript $ERTS_PATH/nodetool $NET_TICKTIME_ARG $NAME_ARG $COOKIE_ARG"

there's also a separate issue with some extra output from nodetool when using SSL making get_pid fail, fixable with

PID=`$NODETOOL getpid < /dev/null|head -1`
@Basho-JIRA Basho-JIRA changed the title from SSL options in vm.args make nodetool stop working to SSL options in vm.args make nodetool stop working [JIRA: RIAK-1579]
@ryanbamford

have modded this additionally to include a check for the file

if [ -f $RUNNER_ETC_DIR/vm.args ]; then
SSL_ARGS=grep -e '^\-ssl_dist_opt' -e '^\-proto_dist' $RUNNER_ETC_DIR/vm.args | tr '\n' ' '
NODETOOL="eval ERL_FLAGS=\"$ERL_FLAGS $SSL_ARGS\" $ERTS_PATH/escript $ERTS_PATH/nodetool $NET_TICKTIME_ARG $NAME_ARG $COOKIE_ARG"
else
NODETOOL="$ERTS_PATH/escript $ERTS_PATH/nodetool $NET_TICKTIME_ARG $NAME_ARG $COOKIE_ARG"
fi

so it can run with and without the vm.args file without errors

not a full fix as we are using 2.0.5 which uses the generated vm.args and we are having to override them to get the tls settings in

so we are reading the settings from the override location

@tombriden

The mod to env.sh isn't a complete fix as some commands still fail, such as riak-admin bucket-type create

What actually works is to use an alias for nodetool rather than store the command in a variable. So, changing env.sh to

if [ -f $RUNNER_ETC_DIR/vm.args ]; then
    SSL_ARGS=$(grep -e '^\-ssl_dist_opt' -e '^\-proto_dist' $RUNNER_ETC_DIR/vm.args | tr '\n' ' ')
fi
alias NODETOOL="ERL_FLAGS=\"$ERL_FLAGS $SSL_ARGS\" $ERTS_PATH/escript $ERTS_PATH/nodetool $NET_TICKTIME_ARG $NAME_ARG $COOKIE_ARG"

and then updating env.sh and riak-admin so all $NODETOOL calls become just NODETOOL.

@tombriden tombriden referenced this issue from a commit in tombriden/node_package
@tombriden tombriden Set NODETOOL up as an alias and include ERL_FLAGS env vars
nodetool won't work with TLS distribution as the erlang vm args
don't get passed in to escript. This commit reads the TLS args from
the vm.args file if it exists and prefixes the call to escript with
them.
The only way to have this work properly is to alias the command rather
than store it as a variable

basho/riak#509
485a3da
@tombriden tombriden referenced this issue from a commit in tombriden/riak
@tombriden tombriden Reference NODETOOL by command alias (basho/riak#509)
depends on change to basho/node_package
24fa10d
@seancribbs seancribbs removed their assignment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.