New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL Handshake issue with logstash container #4150
Comments
@armensuri You're running a very old rubygems version. As a matter of fact, the oldest version that can be installed from any supported ruby. Can you update
with
|
@deivid-rodriguez Thanks for the quick reply. I changed 2.5.2 to 3.2.1 and the result is the same : Successfully installed bundler-2.2.1 Parsing documentation for bundler-2.2.1 Installing ri documentation for bundler-2.2.1 Done installing documentation for bundler after 10 seconds 1 gem installed Updating installed gems Nothing to update Error Bundler::HTTPError, retrying 1/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 2/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 3/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 4/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 5/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 6/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 7/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 8/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 9/10 Could not fetch specs from https://rubygems.org/ Error Bundler::HTTPError, retrying 10/10 Could not fetch specs from https://rubygems.org/ Too many retries, aborting, caused by Bundler::HTTPError ERROR: Updated Aborted, message: Could not fetch specs from https://rubygems.org/ Validating logstash-filter-translate-3.1.0 Unable to download data from https://rubygems.org - Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz) ERROR: Installation aborted, verification failed for logstash-filter-translate 3.1.0 Validating logstash-output-sqs-5.0.2 Unable to download data from https://rubygems.org - Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz) ERROR: Installation aborted, verification failed for logstash-output-sqs 5.0.2 it looks like there was an error installing 3.2.1, but the message sys installed. Then when I check gem --version I see 2.5.2.1 [root@ip-161-32-32-161 ~]# docker exec logstash bash -c "curl -Lks 'https://git.io/rg-ssl' | ruby" Ruby: 2.3.3p222 (2016-11-21 revision 0) [x86_64-linux-gnu] With that out of the way, let's see if you can connect to rubygems.org... Bundler connection to rubygems.org: success ✅ Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 👌 |
Well, not really the same. In this case, it's the upgrade process of rubygems that's failing. You're using ruby provided by your OS, so upgrading rubygems like you're doing is not really supported. I'm not sure what's going on, honestly. I guess upgrading ruby is not under your control? The latest ruby is 2.7 and the ruby installed by your OS is 2.3. One thing I'd do is completely remove the Also, since you have opened this ticket close after the bundler 2.2 release date, you can try changing |
removed "gem update --system " and pinned bundler to 2.14 Successfully installed bundler-2.1.4 |
Not sure if it could be related to server side changes, do you have data about which day these errors started happening? Maybe it could be an issue with openssl fixed in newer rubies, you could also try |
We started noticing this around Dec 5. I think that was when the fastly certificate was updated on rubygems. |
Ok, then I think you need to upgrade to a version of rubygems that got the certifcate updates. Can you try |
I'll add gem pristine rake to get this error out. and see. This does have the new certificate as the PR suggests.
|
Still seeing the same error after applying 2.7.11 and 2.7.10
Is there a cert folder that i need to focus on and make sure that the certs are in that location? |
The certs should be inside your rubygems installation. Look for It's also weird that the troubleshooting script says that you can connect to rubygems.org using both bundler and rubygems, maybe the script should do something more realistic to catch this. |
I think logstash-plugin is using jruby to get the plugins.
and the version of jruby installed is 1.9 is there a way for me to install the gems using ruby and not jruby avoid what logstash is doing and pull the pugins? this script is doing its job. Its just that logstash-plugin was using jruby insetad of ruby to get the gems.
|
I'm confused @armensuri 😞. Now you're showing me an error that uses a different ruby implementation and a different rubygems version, both 100% unsupported. Also, could you please format your messages a bit? They are really hard to read. Here's a guide for you: https://guides.github.com/features/mastering-markdown/ 👍. |
I'm trying to figure out this error for a very old logstash container that we are using. I narrowed it down by looking into logstash-plugin code that is calling jruby. I was trying to fix ruby install and that looks ok, and the tool was showing the connections were ok. Now, I realized that its the jruby that is causing the issues and tried running that same tool using jruby and expectedly, seeing the connection issues. Looking into the certs folders of the jruby, they are from 2016. Tried regenerating the certs but that did not work. the version of jruby that came installed is jruby1.9 I'm trying to figure out which one is the nearest version that I can install without installing the latest. Is there a way to install the plugins that logstash is trying to install using ruby? for example : |
I'm sorry I'm not able to help you there. I've never used logstash. But from what I understand you original error was fixed and now you're having a jruby issue. Unfortunately, the other problem is out of our hands, the jruby & rubygems versions being used are just too old for us to provide any support. I'm sorry, but it was a matter of time that something would break there :( In case upgrading is completely impossible, here's some links for you so you can keep digging: jruby/jruby#3764, https://www.ruby-lang.org/en/news/2014/10/27/changing-default-settings-of-ext-openssl/. |
Thanks David for your time, it did really help me navigate through the issues and pin point at what is causing the problem. I will keep looking for the jruby solution. |
No problem, I hope you find a solution. I'll close this ticket now since we can't really do much I believe. |
I see this error in logstash container and the container reboots every 30+ seconds
Error Bundler::HTTPError, retrying 9/10
Could not fetch specs from https://rubygems.org/
Error Bundler::HTTPError, retrying 10/10
Could not fetch specs from https://rubygems.org/
Too many retries, aborting, caused by Bundler::HTTPError
ERROR: Updated Aborted, message: Could not fetch specs from https://rubygems.org/
Validating logstash-filter-translate-3.1.0
Unable to download data from https://rubygems.org - Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz)
ERROR: Installation aborted, verification failed for logstash-filter-translate 3.1.0
Validating logstash-output-sqs-5.0.2
Unable to download data from https://rubygems.org - Received fatal alert: handshake_failure (https://api.rubygems.org/specs.4.8.gz)
ERROR: Installation aborted, verification failed for logstash-output-sqs 5.0.2
I tried the following :
apt-get update
apt-get install ca-certificates
apt-get install -y ruby
gem update --system 2.5.2
gem install bundler
gem update bundle
bundle update
bundle install
then when running this command I get the above error :
/opt/logstash/bin/logstash-plugin install --version 3.1.0 logstash-filter-translate
The logstash container that I'm using is version 2.4.1 (don't ask, we have to be on this container for a few more months)
we tried it on the latest logstash container and encountered the same issue.
Am I doing too many things? I think it should be a simple fix and I'm missing something here.
Environment :
Logstash container 2.4.1
gem env
[root@ip-161-32-32-161 ~]# docker exec logstash bash -c "gem env"
RubyGems Environment:
bundle env
[root@ip-161-32-32-161 ~]# docker exec logstash bash -c "bundle env"
Environment
Bundler Build Metadata
[root@ip-161-32-32-161 ~]# docker exec logstash bash -c "ruby -ropenssl -e 'puts OpenSSL::OPENSSL_LIBRARY_VERSION'"
OpenSSL 1.0.2l 25 May 2017
[root@ip-161-32-32-161 ~]# docker exec logstash bash -c "cat /etc/os-release"
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
[root@ip-161-32-32-161 ~]# docker exec logstash bash -c "apt-get --version"
apt 1.4.8 (amd64)
Supported modules:
*Ver: Standard .deb
*Pkg: Debian dpkg interface (Priority 30)
Pkg: Debian APT solver interface (Priority -1000)
Pkg: Debian APT planner interface (Priority -1000)
S.L: 'deb' Debian binary tree
S.L: 'deb-src' Debian source tree
Idx: Debian Source Index
Idx: Debian Package Index
Idx: Debian Translation Index
Idx: Debian dpkg status file
Idx: Debian deb file
Idx: Debian dsc file
Idx: Debian control file
Idx: EDSP scenario file
Idx: EIPP scenario file
[root@ip-161-32-32-161 ~]# docker exec logstash bash -c "curl -Lks 'https://git.io/rg-ssl' | ruby"
Here's your Ruby and OpenSSL environment:
Ruby: 2.3.3p222 (2016-11-21 revision 0) [x86_64-linux-gnu]
RubyGems: 2.5.2
Bundler: 2.2.1
Compiled with: OpenSSL 1.0.2u 20 Dec 2019
Loaded version: OpenSSL 1.0.2l 25 May 2017
SSL_CERT_FILE: /usr/lib/ssl/cert.pem
SSL_CERT_DIR: /usr/lib/ssl/certs
With that out of the way, let's see if you can connect to rubygems.org...
Bundler connection to rubygems.org: success ✅
RubyGems connection to rubygems.org: success ✅
Ruby net/http connection to rubygems.org: success ✅
Hooray! This Ruby can connect to rubygems.org. You are all set to use Bundler and RubyGems. 👌
The text was updated successfully, but these errors were encountered: