-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL_accept SYSCALL returned=5 errno=0 #2952
Comments
we don't support ruby2.0.0. please update ruby version. |
i have same issue I followed link https://bundler.io/v2.0/guides/rubygems_tls_ssl_troubleshooting_guide.html#troubleshooting-certificate-errors and it says below ruby -ropen-uri -e 'eval open("https://git.io/vQhWq").read' Ruby: 2.5.5p157 (2019-03-15 revision 67260) [x86_64-linux-gnu] With that out of the way, let's see if you can connect to rubygems.org... Bundler connection to rubygems.org: failed ❌ (uninitialized constant Bundler) Although your Ruby installation and RubyGems can both connect to rubygems.org, Bundler is having trouble. The most likely way to fix this is to upgrade Bundler by running /opt/td-agent/embedded/bin/fluent-gem list addressable (2.7.0) |
@venky999 did you find a solution yet? |
@kritisingh no..seeing same issue |
This log message was being logged as a trace but is now logged as a warn. #2861 |
Yes. Above change shows this warning logs. |
I get warning from
I downgraded to td-agent 1.9.2 version and the ssl warning isn't visible anymore, probably because it is being logged as a trace in this version. |
@venky999 , do you use fluentd behind load balancer? we're experiencing same errors on td-agents behind AWS ELB. |
@konstantin-kornienko I am seeing the same behaviour. If i test a tls server using the Load balancer port, it instantly complains:
But if i change the port, everything is fine. Could you find a solution? |
Same behavior on kubernetes: Fluentd config:
K8s spec:
|
I am experiencing the same issue in kubernetes. Same specs as @Phlak106 I have also tried versions 1.11 and 1.12 |
We're also seeing this issue in k8s: fluent/fluentd:v1.11.2-1.0
|
We have the same issue here:
Not sure if we lose logs because of that, we don't see any issue on nodes that send logs to it. Even weirder, we don't have the issue on other fluentd relays with exactly the same config (same distro, same config file, same versions, etc) We don't use any LB between forwards output and input, all connections are established directly on the same private network. |
anyone has resolution to this issue, I am seeing same error |
Im writting this here to say i had the same issue, but i was able to resolve it. A bit of context. The FluentD is on an EKS cluster. That EKS has a load balancer spawned with AWS Load Balancer Controller. I had the same error: |
i had non SSL traffic was hitting SSL port(i.e. I inadvertently configured
to send non ssl and SSL data to same port), once i segregated everything
looks ok
…On Mon, May 31, 2021 at 2:40 PM SpicyBrown ***@***.***> wrote:
Im writting this here to say i had the same issue, but i was able to
resolve it.
A bit of context. The FluentD is on an EKS cluster. That EKS has a load
balancer spawned with AWS Load Balancer Controller. I had the same error:
"unexpected error before accepting TLS connection by OpenSSL
error_class=OpenSSL::SSL::SSLError error="SSL_accept SYSCALL returned=5
errno=0 state=before SSL initialization". I recently updated to the latest
version of fluentdD (v1.12.3) and was able to see the IP of the host of the
logs. The IP was from the Load Balancer. I changed the health check
port/path of the Load Balancer to the path of the monitor_agent of the
fluentd, and the error just stopped appearing.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2952 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASAM3O4J2GMCRORHKRBKSHLTQPJZFANCNFSM4MH5HSUQ>
.
|
TL;DR - Ensure that you can configure your load balancer (if you are using one) to route health checks/traffic over the SSL protocol. I had this issue also. My setup was: GCP VM sending SSL encrypted traffic with a self-signed certificate -> GCP Internal Load balancer -> GCP VMs running Fluentd hosting a self-signed cert/key. @bloodguard proposed solution helped, upgrading Fluentd (we used 1.13.1) allowed us to see the IP address of the GCP Internal LB. The original health check configured showed the OpenSSL error in Fluent logs:
Once we changed the protocol to SSL, but kept the port to our designated Fluentd port, the OpenSSL errors went away:
Hope this helps anyone with this issue. |
This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days |
I found the same problem using an AWS network load balancer (NLB) with an EKS cluster, but NLB has no health check options and solution proposed by @bloodguard can't be used. Has somebody else faced the same issue? |
I am getting this on a barebone virtual machine. Some amount of logs seem to be received while others I'm receiving this error. Anyone managed to reach a root cause? Should I try to change ports? |
I am receiving this and have no clues why |
This is mostly to do with non ssl traffic reaching ssl port
On Wed, Jan 19, 2022 at 5:18 PM gabrielnecula ***@***.***> wrote:
I am receiving this and have no clues why
unexpected error before accepting TLS connection by OpenSSL addr=""
host="" port=34680 error_class=OpenSSL::SSL::SSLError error="SSL_accept
SYSCALL returned=5 errno=0 state=before SSL initialization"
—
Reply to this email directly, view it on GitHub
<#2952 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASAM3O3Y4YWCWMDK3556WUTUW42B5ANCNFSM4MH5HSUQ>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you commented.Message ID:
***@***.***>
--
Sent from Gmail Mobile
|
Having this error too, in my case it was due to istio. Fixed by adding AuthorizationPolicy to allow fluentd to send transactions to Elastic. |
Having this error too. |
This issue has been automatically marked as stale because it has been open 90 days with no activity. Remove stale label or comment or this issue will be closed in 30 days |
This issue was automatically closed because of stale in 30 days |
Hi, is there a solution to this problem? I get the following error every day at 3:00 a.m:
I have see on internet, the problem should be on the configuration part of fluentd in the
|
Hi,
This is due to the fact that AWS uses only the first port in the list for the health check. |
Describe the bug
I am seeing this warning continuously and causing logs lost..
[warn]: #0 unexpected error before accepting TLS connection by OpenSSL error_class=OpenSSL::SSL::SSLError error="SSL_accept SYSCALL returned=5 errno=0 state=unknown state"
To Reproduce
Run td-agent with the following config
Expected behavior
The warning should not occur
Your Environment
fluentd --version
ortd-agent --version
td-agent 1.10.0
cat /etc/os-release
RED HAT 7.7
uname -r
3.10.0-1062.12.1.el7.x86_64
2.0.0p648 (2015-12-16) [x86_64-linux]
1.0.2k-fips 26 Jan 2017
Your Configuration
Your Error Log
Additional context
The text was updated successfully, but these errors were encountered: