Bug #13766
closed
5.0 agent on ubuntu 18 not able to connect to 4.3 master
Description
Hi,
looks like this:
@root@ubuntu18-0--service-7:~# rudder agent updateerror: Failed to establish TLS connection: (-1 SSL_ERROR_SSL) illegal zero content
error: No suitable server found
error: Failed to establish TLS connection: (-1 SSL_ERROR_SSL) illegal zero content
error: No suitable server found
R: *************************************************************************
- rudder-agent could not get an updated configuration from the policy server. *
- This can be caused by: *
- * an agent key that has been changed *
- * if this node is not accepted or deleted node on the Rudder root server *
- * if this node has changed policy server without sending a new inventory *
- Any existing configuration policy will continue to be applied without change. *
*************************************************************************
error: Rudder agent promises could not be updated.@
root@ubuntu18-0--service-7:~# cat /etc/issue
Ubuntu 18.04.1 LTS \n \l
did a rudder agent reinit prior to the above.
Inventory upload works fine.
rsyslog config seems to be missing
root@ubuntu18-0--service-7:~# cat /etc/rsyslog.d/
20-ufw.conf 21-cloudinit.conf 50-default.conf
root@ubuntu18-0--service-7:~# grep -R rudder /etc/rsyslog.*
root@ubuntu18-0--service-7:~#
I can see the following happens in rudder server debug:
@rudder verbose: === END summary of access promises ===
rudder verbose: Setting minimum acceptable TLS version: 1.0
rudder verbose: Setting cipher list for incoming TLS connections to: AES256-GCM-SHA384:AES256-SHA
rudder verbose: Listening for connections on socket descriptor 6 ...
notice: Server is starting...
rudder verbose: Obtained IP address of 'zz' on socket 7 from accept
rudder verbose: New connection (from zz, sd 7), spawning new thread...
rudder info: zz> Accepting connection
rudder verbose: zz> Setting socket timeout to 600 seconds.
rudder verbose: zz> Peeked nothing important in TCP stream, considering the protocol as TLS
error: zz> Failed to accept TLS connection: (0 SSL_ERROR_SSL) sslv3 alert bad certificate
rudder verbose: Obtained IP address of 'zz' on socket 7 from accept
rudder verbose: New connection (from zz, sd 7), spawning new thread...
rudder info: zz> Accepting connection
rudder verbose: zz> Setting socket timeout to 600 seconds.
rudder verbose: zz> Peeked nothing important in TCP stream, considering the protocol as TLS
error: zz> Failed to accept TLS connection: (0 SSL_ERROR_SSL) sslv3 alert bad certificate@
Could you please let me know if you tested that combination before I start searching deeper?
Otherwise it seems absolutely futile to test further at this point.
Also, why still TLS1.0? I thought you said 2 years ago you were gonna go to 1.2 or whatever the maximum supported by CFEngine was?
Updated by 
Updated by 
Updated by 
Updated by