TIMEOUT connect exceeded

Question

TIMEOUT connect exceeded

Opened this issue 4 years ago · 0 comments

Dear Scholzj,

Unfortunately, I think there is still some problems from my zookeeper install. The zoo-entrance gets also timeouts :
Starting Stunnel with configuration:
Starting Stunnel with configuration:
pid = /usr/local/var/run/stunnel.pid
foreground = yes
debug = notice
sslVersion = all
[zookeeper-2181]
client = yes
CAfile = /tmp/cluster-ca.crt
cert = /etc/cluster-operator-certs/cluster-operator.crt
key = /etc/cluster-operator-certs/cluster-operator.key
accept = 0.0.0.0:2181
connect = my-test-lnk-zookeeper-client:2181
delay = yes
verify = 2

2021.01.13 17:30:32 LOG5[1:140635606476864]: stunnel 4.56 on x86_64-redhat-linux-gnu platform
2021.01.13 17:30:32 LOG5[1:140635606476864]: Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013
2021.01.13 17:30:32 LOG5[1:140635606476864]: Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
2021.01.13 17:30:32 LOG5[1:140635606476864]: Reading configuration from file /tmp/stunnel.conf
2021.01.13 17:30:32 LOG5[1:140635606476864]: FIPS mode is enabled
2021.01.13 17:30:32 LOG5[1:140635606476864]: Configuration successful
2021.01.13 17:33:18 LOG5[1:140635606472448]: Service [zookeeper-2181] accepted connection from 10.42.0.0:38537
2021.01.13 17:33:18 LOG5[1:140635606472448]: connect_blocking: connected 10.43.196.203:2181
2021.01.13 17:33:18 LOG5[1:140635606472448]: Service [zookeeper-2181] connected remote server from 10.42.1.94:53880
2021.01.13 17:33:18 LOG5[1:140635606472448]: Certificate accepted: depth=1, /O=io.strimzi/CN=cluster-ca v0
2021.01.13 17:33:18 LOG4[1:140635606472448]: CERT: Verification error: certificate signature failure
2021.01.13 17:33:18 LOG4[1:140635606472448]: Certificate check failed: depth=0, /O=io.strimzi/CN=my-test-lnk-zookeeper
2021.01.13 17:33:18 LOG3[1:140635606472448]: error queue: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2021.01.13 17:33:18 LOG3[1:140635606472448]: error queue: D0C5006: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
2021.01.13 17:33:18 LOG3[1:140635606472448]: error queue: 4067072: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
2021.01.13 17:33:18 LOG3[1:140635606472448]: SSL_connect: 407008A: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
2021.01.13 17:33:18 LOG5[1:140635606472448]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2021.01.13 17:33:20 LOG5[1:140635606472448]: Service [zookeeper-2181] accepted connection from 10.42.0.0:64563
2021.01.13 17:33:20 LOG5[1:140635606472448]: connect_blocking: connected 10.43.196.203:2181
2021.01.13 17:33:20 LOG5[1:140635606472448]: Service [zookeeper-2181] connected remote server from 10.42.1.94:53948
2021.01.13 17:33:20 LOG5[1:140635606472448]: Certificate accepted: depth=1, /O=io.strimzi/CN=cluster-ca v0
2021.01.13 17:33:20 LOG4[1:140635606472448]: CERT: Verification error: certificate signature failure
2021.01.13 17:33:20 LOG4[1:140635606472448]: Certificate check failed: depth=0, /O=io.strimzi/CN=my-test-lnk-zookeeper
2021.01.13 17:33:20 LOG3[1:140635606472448]: error queue: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2021.01.13 17:33:20 LOG3[1:140635606472448]: error queue: D0C5006: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
2021.01.13 17:33:20 LOG3[1:140635606472448]: error queue: 4067072: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
2021.01.13 17:33:20 LOG3[1:140635606472448]: SSL_connect: 407008A: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
2021.01.13 17:33:20 LOG5[1:140635606472448]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2021.01.13 17:33:22 LOG5[1:140635606472448]: Service [zookeeper-2181] accepted connection from 10.42.0.0:29880
2021.01.13 17:33:22 LOG5[1:140635606472448]: connect_blocking: connected 10.43.196.203:2181
2021.01.13 17:33:22 LOG5[1:140635606472448]: Service [zookeeper-2181] connected remote server from 10.42.1.94:54018
2021.01.13 17:33:22 LOG5[1:140635606472448]: Certificate accepted: depth=1, /O=io.strimzi/CN=cluster-ca v0
2021.01.13 17:33:22 LOG4[1:140635606472448]: CERT: Verification error: certificate signature failure
2021.01.13 17:33:22 LOG4[1:140635606472448]: Certificate check failed: depth=0, /O=io.strimzi/CN=my-test-lnk-zookeeper
2021.01.13 17:33:22 LOG3[1:140635606472448]: error queue: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2021.01.13 17:33:22 LOG3[1:140635606472448]: error queue: D0C5006: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
2021.01.13 17:33:22 LOG3[1:140635606472448]: error queue: 4067072: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
2021.01.13 17:33:22 LOG3[1:140635606472448]: SSL_connect: 407008A: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
2021.01.13 17:33:22 LOG5[1:140635606472448]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2021.01.13 17:33:23 LOG5[1:140635606472448]: Service [zookeeper-2181] accepted connection from 10.42.0.0:51167
2021.01.13 17:33:23 LOG5[1:140635606472448]: connect_blocking: connected 10.43.196.203:2181
2021.01.13 17:33:23 LOG5[1:140635606472448]: Service [zookeeper-2181] connected remote server from 10.42.1.94:54146
2021.01.13 17:33:23 LOG5[1:140635606472448]: Certificate accepted: depth=1, /O=io.strimzi/CN=cluster-ca v0
2021.01.13 17:33:23 LOG4[1:140635606472448]: CERT: Verification error: certificate signature failure
2021.01.13 17:33:23 LOG4[1:140635606472448]: Certificate check failed: depth=0, /O=io.strimzi/CN=my-test-lnk-zookeeper
2021.01.13 17:33:23 LOG3[1:140635606472448]: error queue: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2021.01.13 17:33:23 LOG3[1:140635606472448]: error queue: D0C5006: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
2021.01.13 17:33:23 LOG3[1:140635606472448]: error queue: 4067072: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
2021.01.13 17:33:23 LOG3[1:140635606472448]: SSL_connect: 407008A: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
2021.01.13 17:33:23 LOG5[1:140635606472448]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2021.01.13 17:33:26 LOG5[1:140635606472448]: Service [zookeeper-2181] accepted connection from 10.42.0.0:23926
2021.01.13 17:33:26 LOG5[1:140635606472448]: connect_blocking: connected 10.43.196.203:2181
2021.01.13 17:33:26 LOG5[1:140635606472448]: Service [zookeeper-2181] connected remote server from 10.42.1.94:54210
2021.01.13 17:33:26 LOG5[1:140635606472448]: Certificate accepted: depth=1, /O=io.strimzi/CN=cluster-ca v0
2021.01.13 17:33:26 LOG4[1:140635606472448]: CERT: Verification error: certificate signature failure
2021.01.13 17:33:26 LOG4[1:140635606472448]: Certificate check failed: depth=0, /O=io.strimzi/CN=my-test-lnk-zookeeper
2021.01.13 17:33:26 LOG3[1:140635606472448]: error queue: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2021.01.13 17:33:26 LOG3[1:140635606472448]: error queue: D0C5006: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
2021.01.13 17:33:26 LOG3[1:140635606472448]: error queue: 4067072: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
2021.01.13 17:33:26 LOG3[1:140635606472448]: SSL_connect: 407008A: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
2021.01.13 17:33:26 LOG5[1:140635606472448]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

My cluster-operator.crt

[kafka@zoo-entrance-fbb55f-scv4q kafka]$ cat /etc/cluster-operator-certs/cluster-operator.crt 
-----BEGIN CERTIFICATE-----
MIIC2TCCAcECCQC6Xfq7DbRKcTANBgkqhkiG9w0BAQsFADAtMRMwEQYDVQQKDApp
by5zdHJpbXppMRYwFAYDVQQDDA1jbHVzdGVyLWNhIHYwMB4XDTIxMDExMzA5NTgz
MVoXDTIyMDExMzA5NTgzMVowMDETMBEGA1UECgwKaW8uc3RyaW16aTEZMBcGA1UE
AwwQY2x1c3Rlci1vcGVyYXRvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOC6pR3lK+d9pCMWbHmxc3Of8S4FVWxGSM68k3sFW6SlcEYoB+oYj3cx//ky
uccRC/oWc55JuyT3Vxl+VEV2fJa8wsY0I+moj6Lmo9Pb0rGYpnbzbZ489SjcoUey
5XznJioXjkvs3d0Dv0R/gOtHmM9Od9XZ6F9UlkOXhaQqrN9767YcCuDAF72VVqfn
i77cLJWOpp0ZZklDS/sqmy+3bbjhshZ+8fUmhzLgMbpiiBgI0yxXYUl9VDL4NZ+d
seBoOIa1+ydHsB1ddXXXB4pgWJxB3uGM3xVbq61BFRzLbc5bPmnIjEenXhOq21Ze
MhneAZoNVIFnvs23pLpS7HVatbkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVmZ6
L40bGtMIzO5Juce9DkpRxHkNL1X7nAIt+5u9SQjYMKNHTtDivkBmLy0mGj3zEFZa
jz+fIFBhOKnrU7wIQelurdGWGOC+sBTqnRv09nlLc+luBwCSkdaExwb8/rz2gNRx
azd+AyiiSPGCrxk7h5UWzpczLQYkRP1BpDN7Rakf/jRPMxmgzd7IJx2RGXLv3MBF
jmHayjVSpBYAEo40jemmQvnVGqNySwCdD0uQQhQ3z85Q+g889vSCu6Kc0UVE4aXM
od9eYdYn2clM4j3eM+cL3Iid1sdbMoW16GvBAZiJ2fzDbaZI7ISsFfkWDlV1Ep49
1EwnTbmv100sufIFww==
-----END CERTIFICATE-----

My cluster-operator.key

[kafka@zoo-entrance-fbb55f-scv4q kafka]$ cat /etc/cluster-operator-certs/cluster-operator.key 
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDguqUd5SvnfaQj
Fmx5sXNzn/EuBVVsRkjOvJN7BVukpXBGKAfqGI93Mf/5MrnHEQv6FnOeSbsk91cZ
flRFdnyWvMLGNCPpqI+i5qPT29KxmKZ2822ePPUo3KFHsuV85yYqF45L7N3dA79E
f4DrR5jPTnfV2ehfVJZDl4WkKqzfe+u2HArgwBe9lVan54u+3CyVjqadGWZJQ0v7
Kpsvt2244bIWfvH1Jocy4DG6YogYCNMsV2FJfVQy+DWfnbHgaDiGtfsnR7AdXXV1
1weKYFicQd7hjN8VW6utQRUcy23OWz5pyIxHp14TqttWXjIZ3gGaDVSBZ77Nt6S6
Uux1WrW5AgMBAAECggEAIN4LYijvV+b/R4ZzDQVP/lwpGPL8wF4zLdFUvIxXD+iG
WCxoo+s9qFAuwNKTazLqDoSUGlVsQobOPVNFnfcrV5x53CUqD3VwtIGI+mZPFVxf
FEyb/qWpsXU7PVJD0BW6djOFw0L8W+O9aJZBU6fgCInQav14x+CGLZKOoCkBqZme
3Ojeg95G+OBj70dzCHv/E8GF4aCF3s1/1Ltp4Sdf05b2McpYJ6hX1n9G7W1eEyUJ
eCBgzvGLSCQJKJg6OxaCwwg2SH/EAP5WV8kx/o5ZkDnDmQlkxgbmhgyxAj486EpC
rrtqOGkoGfWJAovFUkW6nVGPBiWJ/4TBliJrYMXfUQKBgQD/tHoDPpLky1U/kUor
4Rz6jXDeVsPOdM83HDCa1q/YNnZz+7IR9UxJFHBHXtIlUOmiElmEOfijzufIL9J7
1C8qbe7hPu/0dzXEQSkYftFv9KG76ejQg6T76HItpXHMg4eoQOUDIv6VQ+nRqKRs
pMMHkBmk/CCoSKxH/mBqMxmlzQKBgQDg/QT/8tCUG3p604oprTeHSqGEkKBWLAU5
iRNpUsXomakvZR2JK51BD6M811KmOsQnNw3xlz2xLICRbDs0P/bE0jcAP5/b5Hu8
C80bvCUdGD8Au4U9kJLoyuRZdZuEAXsTXm/BjlWZzTn5aTl3vB8lcFIQX4YQAFY/
8ggaK8kjnQKBgF6asDW5FfHuRLkDERUQ8X7Fi8fHBCTDVNMH6/etjFuLMuIQcj5w
qeuz0yKks005FWdwMIxaQmKgr2KCRvand1fUWngdp/uji1Hz5bd5XBV2xcvXa9qR
ih3lTzESL/tBgpQ+hjxV2yjwenamVUcY4ktPBh3jZlW8pXjxZUyFYWzVAoGAXgXf
HQdgW0TQfpwA1UHqPsPVlAzMtLZYyJ6cWhuZUYdFyOS83yI26YWbdkWV6JoOd0Tu
stO9mFk8sYlFhKRmgAJJsfTk3YQyoXddFAYgjHQhgDDdkcjlXBvOKgSYJSZpRMLm
eUD+TPQTEkQDHCKl8YNrCCSjZfR+FuMSt70spZECgYBZ5hm89+YLz1758plC2dwe
6rvvKuJ7tdCTPvE8T93vnTExtbr70Hg+LNhe2fkFaGwcM3zT+bNiTuZ3iP+838We
awGVPUU25ZC/QmgXrFQLG1wYIEiszLTDQ7dM4pW5ixVsX+hnRO+8bomKsSjNHahj
rwdRdKuR39M66MNwrJoehg==
-----END PRIVATE KEY-----

I use strimzi/kafka:0.20.1-kafka-2.6.0
Kafka tool 2.0

Please help me