Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2528

cf-serverd commits apoptosis after 0 seconds

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cf-serverd, Network
    • Labels:
      None

      Description

      Using the new cf-net tool it is very easy to shut off servers from a client.

      Handshakes + Connects

      cf-net (client):

      vagrant@vagrant-ubuntu-trusty-64:~/cfengine$ sudo /var/cfengine/bin/cf-net multitls myhostname:5308
      Multiple handshakes to 'myhostname:5308'.
         error: Failed to establish TLS connection: underlying network error (Connection reset by peer)
      CFNetMultiTLS(): 'myhostname:5308' unavailable after 10 seconds (202 attempts).
      Connecting repeatedly to 'myhostname:5308' without handshakes.
      Server unavailable after 100 attempts.
      CFNetMulti(): 'myhostname:5308' unavailable after 1 seconds (100 attempts).
      vagrant@vagrant-ubuntu-trusty-64:~/cfengine$
      

      cf-serverd (server):

      verbose: New connection (from 192.168.50.51, sd 218), spawning new thread...
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
         error: 192.168.50.51> Too many threads (201 > 200), dropping connection! Increase server maxconnections?
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
         error: 192.168.50.51> Too many threads (201 > 200), dropping connection! Increase server maxconnections?
         error: 192.168.50.51> Too many threads (201 > 200), dropping connection! Increase server maxconnections?
       verbose: Obtained IP address of '192.168.50.51' on socket 209 from accept
         error: 192.168.50.51> Too many threads (201 > 200), dropping connection! Increase server maxconnections?
       verbose: New connection (from 192.168.50.51, sd 209), spawning new thread...
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
         error: 192.168.50.51> Too many threads (201 > 200), dropping connection! Increase server maxconnections?
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
         error: 192.168.50.51> Fatal CFEngine error: Terminating
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
         error: 192.168.50.51> Fatal CFEngine error: Terminating
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
         error: 192.168.50.51> Fatal CFEngine error: Terminating
       verbose: Obtained IP address of '192.168.50.51' on socket 4 from accept
       verbose: New connection (from 192.168.50.51, sd 4), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 208 from accept
       verbose: Obtained IP address of '192.168.50.51' on socket 208 from accept
      
       verbose: New connection (from 192.168.50.51, sd 208), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 215 from accept
      
      

      Just connects

      cf-net (client):

      vagrant@vagrant-ubuntu-trusty-64:~/cfengine$ sudo /var/cfengine/bin/cf-net multi myhostname:5308
      Connecting repeatedly to 'myhostname:5308' without handshakes.
      Server unavailable after 282 attempts.
      CFNetMulti(): 'myhostname:5308' unavailable after 1 seconds (282 attempts).
      vagrant@vagrant-ubuntu-trusty-64:~/cfengine$
      

      cf-serverd (server):

       verbose: New connection (from 192.168.50.51, sd 213), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 214 from accept
       verbose: New connection (from 192.168.50.51, sd 214), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 215 from accept
       verbose: New connection (from 192.168.50.51, sd 215), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 216 from accept
       verbose: New connection (from 192.168.50.51, sd 216), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 217 from accept
       verbose: New connection (from 192.168.50.51, sd 217), spawning new thread...
       verbose: Obtained IP address of '192.168.50.51' on socket 218 from accept
          info: 192.168.50.51> Accepting connection
       verbose: New connection (from 192.168.50.51, sd 218), spawning new thread...
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
         error: 192.168.50.51> Fatal CFEngine error: Terminating
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
          info: 192.168.50.51> Accepting connection
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
          info: 192.168.50.51> Accepting connection
         error: 192.168.50.51> Fatal CFEngine error: Terminating
      CRITICAL: 192.168.50.51> Server seems to be paralyzed. DOS attack? Committing apoptosis...
         error: 192.168.50.51> Fatal CFEngine error: Terminating
      vagrant@vagrant-ubuntu-trusty-64:~/cfengine/masterfiles$
      

      Outside allowconnects ACL

      Server does not shut down:

      verbose: Obtained IP address of '192.168.50.1' on socket 7 from accept
         error: Remote host '192.168.50.1' not in allowconnects, denying connection
      

      cf-net:

      vagrant@vagrant-ubuntu-trusty-64:~/cfengine/core$ sudo /var/cfengine/bin/cf-net multi 192.168.50.50
      Connecting repeatedly to '192.168.50.50' without handshakes.
         error: Couldn't open a socket to '192.168.50.50' (socket: Too many open files)
      Server unavailable after 1022 attempts.
      CFNetMulti(): '192.168.50.50' unavailable after 4 seconds (1022 attempts).
      

      Outside allowallconnects ACL

      allowallconnects works as intended, denying simultaneous connections.

         error: Remote host '192.168.50.1' is not in allowallconnects, denying second simultaneous connection
       verbose: Obtained IP address of '192.168.50.1' on socket 8 from accept
         error: Remote host '192.168.50.1' is not in allowallconnects, denying second simultaneous connection
       verbose: Obtained IP address of '192.168.50.1' on socket 8 from accept
         error: Remote host '192.168.50.1' is not in allowallconnects, denying second simultaneous connection
         error: 192.168.50.1> Connection unexpectedly closed (SSL_read): socket closed
          info: 192.168.50.1> Closing connection, terminating thread
      

      cf-net:

      vagrant@vagrant-ubuntu-trusty-64:~/cfengine/core$ sudo /var/cfengine/bin/cf-net multitls 192.168.50.50
      Multiple handshakes to '192.168.50.50'.
         error: Failed to establish TLS connection: socket closed
      CFNetMultiTLS(): '192.168.50.50' unavailable after 0 seconds (2 attempts).
      Connecting repeatedly to '192.168.50.50' without handshakes.
         error: Couldn't open a socket to '192.168.50.50' (socket: Too many open files)
      Server unavailable after 1020 attempts.
      CFNetMulti(): '192.168.50.50' unavailable after 5 seconds (1020 attempts).
      

        Attachments

          Activity

            People

            • Assignee:
              a10003 Eystein Maloy Stenberg
              Reporter:
              olehermanse Ole Herman Schumacher Elgesem
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel