Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-29761

Failed to establish MongoDB connection from Quartz with X.509 certificates

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 10.10-HF15
    • Fix Version/s: 10.10-HF15
    • Component/s: Core MongoDB, Scheduler
    • Tags:
    • Backlog priority:
      1,000
    • Team:
      FG
    • Sprint:
      nxFG 11.3.1
    • Story Points:
      5

      Description

      Although NXP-27836 implements X.509 certificates for Quartz, and it works in most situations, we have observed cases where the connection fails to establish:

      2020-10-13T16:10:00,848 ERROR [ComponentManager] Component service:org.nuxeo.ecm.core.scheduler.SchedulerService notification of application started failed: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}]
com.mongodb.MongoTimeoutException: Timed out after 30000 ms while waiting to connect. Client view of cluster state is {type=UNKNOWN, servers=[{address=localhost:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketWriteException: Exception sending message}, caused by {javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}, caused by {sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}}]
	at com.mongodb.internal.connection.BaseCluster.getDescription(BaseCluster.java:182) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.internal.connection.SingleServerCluster.getDescription(SingleServerCluster.java:41) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.client.internal.MongoClientDelegate.getConnectedClusterDescription(MongoClientDelegate.java:152) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.client.internal.MongoClientDelegate.createClientSession(MongoClientDelegate.java:103) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.getClientSession(MongoClientDelegate.java:284) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.client.internal.MongoClientDelegate$DelegateOperationExecutor.execute(MongoClientDelegate.java:188) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.client.internal.MongoIterableImpl.execute(MongoIterableImpl.java:143) ~[mongo-java-driver-3.12.1.jar:?]
	at com.mongodb.client.internal.MongoIterableImpl.iterator(MongoIterableImpl.java:92) ~[mongo-java-driver-3.12.1.jar:?]
	at com.novemberain.quartz.mongodb.dao.LocksDao.findOwnTriggersLocks(LocksDao.java:77) ~[quartz-mongodb-2.0.0-NX3.jar:?]
	at com.novemberain.quartz.mongodb.cluster.TriggerRecoverer.recover(TriggerRecoverer.java:41) ~[quartz-mongodb-2.0.0-NX3.jar:?]
	at com.novemberain.quartz.mongodb.MongoDBJobStore.initialize(MongoDBJobStore.java:93) ~[quartz-mongodb-2.0.0-NX3.jar:?]
	at org.quartz.impl.StdSchedulerFactory.instantiate(StdSchedulerFactory.java:1356) ~[quartz-2.3.0.jar:?]
	at org.quartz.impl.StdSchedulerFactory.getScheduler(StdSchedulerFactory.java:1559) ~[quartz-2.3.0.jar:?]
	at org.nuxeo.ecm.core.scheduler.SchedulerServiceImpl.setupScheduler(SchedulerServiceImpl.java:110) ~[nuxeo-core-event-10.10-HF33.jar:?]
	at org.nuxeo.ecm.core.scheduler.SchedulerServiceImpl.lambda$startScheduler$0(SchedulerServiceImpl.java:161) ~[nuxeo-core-event-10.10-HF33.jar:?]
	at org.nuxeo.runtime.kv.ClusterLockHelper.runAtomically(ClusterLockHelper.java:73) ~[nuxeo-runtime-kv-10.10-HF33.jar:?]
	at org.nuxeo.ecm.core.scheduler.SchedulerServiceImpl.startScheduler(SchedulerServiceImpl.java:159) ~[nuxeo-core-event-10.10-HF33.jar:?]
	at org.nuxeo.ecm.core.scheduler.SchedulerServiceImpl.start(SchedulerServiceImpl.java:152) ~[nuxeo-core-event-10.10-HF33.jar:?]
	at org.nuxeo.runtime.model.impl.RegistrationInfoImpl.start(RegistrationInfoImpl.java:381) [nuxeo-runtime-10.10-HF33.jar:?]

      This is tested with MongoDB 3.2, which in its logs says repeatedly for 30s:

      2020-10-13T14:09:30.807+0000 I NETWORK  [initandlisten] connection accepted from 172.17.0.1:35858 #201 (3 connections now open)
2020-10-13T14:09:30.822+0000 E NETWORK  [conn201] SSL: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
2020-10-13T14:09:30.823+0000 I NETWORK  [conn201] end connection 172.17.0.1:35858 (2 connections now open)

        Attachments

          Activity

            People

            • Assignee:
              fguillaume Florent Guillaume
              Reporter:
              fguillaume Florent Guillaume
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 weeks
                2w