Disabled TLSv1.0 PIpeline engine no longer works. XNAT 1.6.5
77 views
Skip to first unread message
Christopher Grave
Jun 8, 2017, 6:14:06 AM6/8/17
to xnat_discussion
Hi everyone,
I am running XNAT 1.6.5 and for for security reasons I have disabled TLSv1.0. On the NGINX proxy that serves my XNAT Application.
A downside to this is that the pipeline engine no longer seems to work. For instance after uploading an image the 'Autorun' action will remain queued indefinitely. If I allow TLSv1.0 connections then the pipeline starts working again.
I have added the following option (-Dhttps.protocols=TLSv1.1,TLSv1.2) to the tomcat.conf file to force TLSv1.1 TLSv1.2 but it makes no difference. If anybody has any suggestions it would be greatly appreciated.
Looking at the pipeline log I receive various 'java.net.SocketException: Connection reset errors. See below for logfile.
If anybody has any suggestions it would be greatly appreciated.
Param Value Pair id=xxxx_xxxxxxxx_E00034
Param Value Pair host=https://xxxx.xxxxxxx.ac.uk/
Param Value Pair u=b499e6ab-c527-4179-b7d2-d0943b98f7ee
Param Value Pair pwd=********
Param Value Pair label=0001_MR7
Param Value Pair project=xxx_test
Param Value Pair xnat_project=xxx_test
Param Value Pair userfullname=C.xxxxx
Param Value Pair supressEmail=false
Param Value Pair useremail=Chris...@xxxxxxxx.ac.uk
Param Value Pair session=xxxx_xxxxxxxx_E00034
Param Value Pair xnatserver=xxxx-xxxxxxxx
Param Value Pair mailhost=localhost
Param Value Pair sessionType=xnat:mrSessionData
Param Value Pair adminemail=xxxx...@xxxxxxxx.ac.uk
Param Value Pair sessionLabel=0001_MR7
Param Value Pair workflowid=248
FULL PIPELINE LOG
DEBUG main org.nrg.pipeline.client.CommandLineArguments - Pipeline executed with command line: -config /home/xnat/pipeline/pipeline.config -log /home/xnat/pipeline/log4j.properties -catalogPath /home/xnat/pipeline/catalog -pipeline xnat_tools/AutoRun.xml -id xxxx_xxxxxxxx_E00034 -host https://xxxx.xxxxxxxxxx.ac.uk -u b499e6ab-c527-4179-b7d2-d0943b98f7ee -pwd XXXXXXXXX -dataType xnat:mrSessionData -label 0001_MR7 -supressNotification -project UoM_test -notify Chris...@xxxxxxxx.ac.uk -notify xxxx...@xxxxxxxx.ac.uk -parameter xnat_project=UoM_test -parameter userfullname=C.xxxxx -parameter supressEmail=false -parameter useremail=Chris...@xxxxxxxx.ac.uk -parameter session=xxxx_xxxxxxxx_E00034 -parameter xnatserver=xxxx-xxxxxxxx -parameter mailhost=localhost -parameter sessionType=xnat:mrSessionData -parameter adminemail=xxxx...@xxxxxxxx.ac.uk -parameter sessionLabel=0001_MR7 -workFlowPrimaryKey 248
DEBUG main org.nrg.pipeline.utils.PipelineProperties - Initializing the pipeline properties from the specified properties object
DEBUG main org.nrg.pipeline.utils.PipelineProperties - Setting admin email to: chris...@xxxxxxxxxx.ac.uk
DEBUG main org.nrg.pipeline.utils.PipelineProperties - Setting email ID to: chris...@xxxxxxxxxx.ac.uk
DEBUG main org.nrg.pipeline.utils.PipelineProperties - Setting SMTP host to: localhost
DEBUG main org.nrg.pipeline.utils.PipelineProperties - Setting REST mail host to: https://xxxx.xxxxxxxxxx.ac.uk
FATAL main org.nrg.pipeline.client.XNATPipelineLauncher - Couldn't search for queued workflows
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:533)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:401)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.nrg.xnattools.SessionManager.createJSESSION(SessionManager.java:84)
at org.nrg.xnattools.SessionManager.getJSESSION(SessionManager.java:136)
at org.nrg.xnattools.service.WebServiceClient.connect(WebServiceClient.java:84)
at org.nrg.pipeline.client.XNATPipelineLauncher.isPipelineQueuedOrAwaitingOrOnHold(XNATPipelineLauncher.java:368)
at org.nrg.pipeline.client.XNATPipelineLauncher.isPipelineQueuedOrAwaitingOrOnHold(XNATPipelineLauncher.java:352)
at org.nrg.pipeline.client.XNATPipelineLauncher.launch(XNATPipelineLauncher.java:61)
at org.nrg.pipeline.client.XNATPipelineLauncher.run(XNATPipelineLauncher.java:298)
at org.nrg.pipeline.client.XNATPipelineLauncher.main(XNATPipelineLauncher.java:260)
DEBUG main org.nrg.pipeline.xpath.XPathResolverSaxon - Expre ^if (boolean(/Pipeline/parameters/parameter[name='aliasHost']/values/unique)) then /Pipeline/parameters/parameter[name='aliasHost']/values/unique/text() else /Pipeline/parameters/parameter[name='host']/values/unique/text()^ [https://xxxx.xxxxxxxxxx.ac.uk/]
DEBUG main org.nrg.pipeline.xpath.XPathResolverSaxon - Expre ^fileUtils:GetCachePath(/Pipeline/parameters/parameter[name='resolvedHost']/values/unique/text(), /Pipeline/parameters/parameter[name='user']/values/unique/text(), /Pipeline/parameters/parameter[name='pwd']/values/unique/text(),/Pipeline/parameters/parameter[name='project']/values/unique/text())^ []
ERROR main org.nrg.pipeline.client.XNATPipelineLauncher - Unable to launch pipeline /home/xnat/pipeline/catalog/xnat_tools/AutoRun.xml
java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:635)
at java.util.ArrayList.get(ArrayList.java:411)
at org.nrg.pipeline.utils.ParameterUtils.resolveParameterValues(ParameterUtils.java:187)
at org.nrg.pipeline.utils.ParameterUtils.setParameterValues(ParameterUtils.java:171)
at org.nrg.pipeline.utils.PipelineEngineUtils.resolveXPath(PipelineEngineUtils.java:87)
at org.nrg.pipeline.manager.PipelineManager.launchPipeline(PipelineManager.java:210)
at org.nrg.pipeline.manager.PipelineManager.launchPipeline(PipelineManager.java:193)
at org.nrg.pipeline.client.XNATPipelineLauncher.launch(XNATPipelineLauncher.java:63)
at org.nrg.pipeline.client.XNATPipelineLauncher.run(XNATPipelineLauncher.java:298)
at org.nrg.pipeline.client.XNATPipelineLauncher.main(XNATPipelineLauncher.java:260)
DEBUG main org.nrg.pipeline.utils.MailUtils - Sending message with subject: XNAT update: Processing failed for 0001_MR7
DEBUG main org.springframework.web.client.RestTemplate - Created POST request for "https://xxxx.xxxxxxxxxx.ac.uk/data/services/mail/send"
DEBUG main org.springframework.web.client.RestTemplate - Setting request Accept header to [text/plain, */*]
DEBUG main org.springframework.web.client.RestTemplate - Writing [{from=[chris...@xxxxxxxxxx.ac.uk], to=[Chris...@xxxxxxxx.ac.uk, xxxx...@xxxxxxxx.ac.uk], subject=[XNAT update: Processing failed for 0001_MR7], text=[The following problems were encountered by the user(s)
The processing request you submitted for 0001_MR7 could not be completed at this time.
The XNAT technical team is aware of the issue and will notify you when it has been resolved.
The stdout and the error log files are available as attachments for your perusal.
We appreciate your patience. Please contact chris...@xxxxxxxxxx.ac.uk with questions or concerns. ], html=[<html>The following problems were encountered by the user(s) <br> Chris...@xxxxxxxx.ac.uk xxxx...@xxxxxxxx.ac.uk <br>The processing request you submitted for 0001_MR7 could not be completed at this time. <br><br><br> The XNAT technical team is aware of the issue and will notify you when it has been resolved.<br><br><br> The stdout and the error log files are available as attachments for your perusal.<br><br><br> We appreciate your patience. Please contact chris...@xxxxxxxx.ac.uk with questions or concerns. </html>]}] using [org.springframework.http.converter.FormHttpMessageConverter@743be8a9]
DEBUG main httpclient.wire.header - >> "POST /data/services/mail/send HTTP/1.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Accept: text/plain, */*[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Length: 1285[\r][\n]"
DEBUG main httpclient.wire.header - >> "Authorization: Basic YjQ5OWU2YWItYzUyNy00MTc5LWI3ZDItZDA5NDNiOThmN2VlOjE0OTY5MTI1NDMxNTI=[\r][\n]"
DEBUG main httpclient.wire.header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Host: xxxx.xxxxxxxxxx.ac.uk[\r][\n]"
DEBUG main httpclient.wire.header - >> "[\r][\n]"
DEBUG main httpclient.wire.content - >> "from=chris.xxxxx%40xxxxxxxxxx.ac.uk&to=Chris.xxxxx%40xxxxxxxx.ac.uk&to=xxxx.XNAT%40xxxxxxxx.ac.uk&subject=XNAT+update%3A+Processing+failed+for+0001_MR7&text=The+following+problems+were+encountered+by+the+user%28s%29+%0A+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%0AThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%0A%0A%0A+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%0A%0A%0A+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%0A%0A%0A+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+&html=%3Chtml%3EThe+following+problems+were+encountered+by+the+user%28s%29+%3Cbr%3E+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%3Cbr%3EThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%3Cbr%3E%3Cbr%3E%3Cbr%3E+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+%3C%2Fhtml%3E"
DEBUG main httpclient.wire.header - >> "POST /data/services/mail/send HTTP/1.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Accept: text/plain, */*[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Length: 1285[\r][\n]"
DEBUG main httpclient.wire.header - >> "Authorization: Basic YjQ5OWU2YWItYzUyNy00MTc5LWI3ZDItZDA5NDNiOThmN2VlOjE0OTY5MTI1NDMxNTI=[\r][\n]"
DEBUG main httpclient.wire.header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Host: xxxx.xxxxxxxxxx.ac.uk[\r][\n]"
DEBUG main httpclient.wire.header - >> "[\r][\n]"
DEBUG main httpclient.wire.content - >> "from=chris.xxxxx%40xxxxxxxxxx.ac.uk&to=Chris.xxxxx%40xxxxxxxx.ac.uk&to=xxxx.XNAT%40xxxxxxxx.ac.uk&subject=XNAT+update%3A+Processing+failed+for+0001_MR7&text=The+following+problems+were+encountered+by+the+user%28s%29+%0A+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%0AThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%0A%0A%0A+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%0A%0A%0A+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%0A%0A%0A+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+&html=%3Chtml%3EThe+following+problems+were+encountered+by+the+user%28s%29+%3Cbr%3E+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%3Cbr%3EThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%3Cbr%3E%3Cbr%3E%3Cbr%3E+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+%3C%2Fhtml%3E"
DEBUG main httpclient.wire.header - >> "POST /data/services/mail/send HTTP/1.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Accept: text/plain, */*[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Length: 1285[\r][\n]"
DEBUG main httpclient.wire.header - >> "Authorization: Basic YjQ5OWU2YWItYzUyNy00MTc5LWI3ZDItZDA5NDNiOThmN2VlOjE0OTY5MTI1NDMxNTI=[\r][\n]"
DEBUG main httpclient.wire.header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Host: xxxx.xxxxxxxxxx.ac.uk[\r][\n]"
DEBUG main httpclient.wire.header - >> "[\r][\n]"
DEBUG main httpclient.wire.content - >> "from=chris.xxxxx%40xxxxxxxxxx.ac.uk&to=Chris.xxxxx%40xxxxxxxx.ac.uk&to=xxxx.XNAT%40xxxxxxxx.ac.uk&subject=XNAT+update%3A+Processing+failed+for+0001_MR7&text=The+following+problems+were+encountered+by+the+user%28s%29+%0A+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%0AThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%0A%0A%0A+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%0A%0A%0A+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%0A%0A%0A+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+&html=%3Chtml%3EThe+following+problems+were+encountered+by+the+user%28s%29+%3Cbr%3E+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%3Cbr%3EThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%3Cbr%3E%3Cbr%3E%3Cbr%3E+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+%3C%2Fhtml%3E"
DEBUG main httpclient.wire.header - >> "POST /data/services/mail/send HTTP/1.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Accept: text/plain, */*[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
DEBUG main httpclient.wire.header - >> "Content-Length: 1285[\r][\n]"
DEBUG main httpclient.wire.header - >> "Authorization: Basic YjQ5OWU2YWItYzUyNy00MTc5LWI3ZDItZDA5NDNiOThmN2VlOjE0OTY5MTI1NDMxNTI=[\r][\n]"
DEBUG main httpclient.wire.header - >> "User-Agent: Jakarta Commons-HttpClient/3.1[\r][\n]"
DEBUG main httpclient.wire.header - >> "Host: xxxx.xxxxxxxxxx.ac.uk[\r][\n]"
DEBUG main httpclient.wire.header - >> "[\r][\n]"
DEBUG main httpclient.wire.content - >> "from=chris.xxxxx%40xxxxxxxxxx.ac.uk&to=Chris.xxxxx%40xxxxxxxx.ac.uk&to=xxxx.XNAT%40xxxxxxxx.ac.uk&subject=XNAT+update%3A+Processing+failed+for+0001_MR7&text=The+following+problems+were+encountered+by+the+user%28s%29+%0A+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%0AThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%0A%0A%0A+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%0A%0A%0A+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%0A%0A%0A+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+&html=%3Chtml%3EThe+following+problems+were+encountered+by+the+user%28s%29+%3Cbr%3E+Chris.xxxxx%40xxxxxxxx.ac.uk+xxxx.XNAT%40xxxxxxxx.ac.uk+%3Cbr%3EThe+processing+request+you+submitted+for+0001_MR7+could+not+be+completed+at+this+time.+%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+XNAT+technical+team+is+aware+of+the+issue+and+will+notify+you+when+it+has+been+resolved.%3Cbr%3E%3Cbr%3E%3Cbr%3E+The+stdout+and+the+error+log+files+are+available+as+attachments+for+your+perusal.%3Cbr%3E%3Cbr%3E%3Cbr%3E+We+appreciate+your+patience.++Please+contact+chris.xxxxx%40xxxxxxxx.ac.uk+with+questions+or+concerns.+%3C%2Fhtml%3E"
ERROR main org.nrg.pipeline.utils.MailUtils - Message failed to send through REST service, retrying with direct SMTP.
org.springframework.web.client.ResourceAccessException: I/O error: Connection reset; nested exception is java.net.SocketException: Connection reset
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:453)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:415)
at org.springframework.web.client.RestTemplate.postForEntity(RestTemplate.java:320)
at org.nrg.mail.services.impl.RestBasedMailServiceImpl.sendMessage(RestBasedMailServiceImpl.java:169)
at org.nrg.pipeline.utils.MailUtils.send(MailUtils.java:96)
at org.nrg.pipeline.utils.MailUtils.send(MailUtils.java:73)
at org.nrg.pipeline.client.XNATPipelineLauncher.composeFailureMessage(XNATPipelineLauncher.java:245)
at org.nrg.pipeline.client.XNATPipelineLauncher.fail(XNATPipelineLauncher.java:316)
at org.nrg.pipeline.client.XNATPipelineLauncher.run(XNATPipelineLauncher.java:302)
at org.nrg.pipeline.client.XNATPipelineLauncher.main(XNATPipelineLauncher.java:260)
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:196)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:140)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.springframework.http.client.CommonsClientHttpRequest.executeInternal(CommonsClientHttpRequest.java:83)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:56)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:438)
... 9 more
ERROR main org.nrg.pipeline.client.XNATPipelineLauncher - Couldn't send email message
java.lang.ArrayStoreException
at java.lang.System.arraycopy(Native Method)
at java.util.ArrayList.toArray(ArrayList.java:390)
at org.apache.commons.mail.Email.toInternetAddressArray(Email.java:1378)
at org.apache.commons.mail.Email.buildMimeMessage(Email.java:1154)
at org.apache.commons.mail.MultiPartEmail.buildMimeMessage(MultiPartEmail.java:254)
at org.apache.commons.mail.HtmlEmail.buildMimeMessage(HtmlEmail.java:513)
at org.apache.commons.mail.Email.send(Email.java:1266)
at org.nrg.pipeline.utils.MailUtils.send(MailUtils.java:106)
at org.nrg.pipeline.utils.MailUtils.send(MailUtils.java:73)
at org.nrg.pipeline.client.XNATPipelineLauncher.composeFailureMessage(XNATPipelineLauncher.java:245)
at org.nrg.pipeline.client.XNATPipelineLauncher.fail(XNATPipelineLauncher.java:316)
at org.nrg.pipeline.client.XNATPipelineLauncher.run(XNATPipelineLauncher.java:302)
at org.nrg.pipeline.client.XNATPipelineLauncher.main(XNATPipelineLauncher.java:260)
Herrick, Rick
Jun 8, 2017, 10:28:03 AM6/8/17
to xnat_di...@googlegroups.com
The configuration of your Tomcat installation is irrelevant to how the pipeline engine is run. Those are two separate processes, so if you need to set a Java system property for the pipeline, that’s separate from how you configure Tomcat. To configure the pipeline launcher (and possibly other pipeline tools), you need to modify the configuration(s) in the pipeline installation.
To configure this property for the pipeline launcher:
1. Go to the config folder in your pipeline installation. From the configuration shown your logs, this would be located at /home/xnat/pipeline/config.
2. Edit the file XnatPipelineLauncher.config.
3. Uncomment the line that starts: “XNAT_PIPELINE_LAUNCHER_OPTS=…"
4. Add your parameter to that line:
XNAT_PIPELINE_LAUNCHER_OPTS="-Dhttps.protocols=TLSv1.1,TLSv1.2"
5. Save that file.
Now try running the pipeline again. Make sure that the arguments for https.protocols set here match the setting for ssl_protocols in the nginx SSL configuration.
--
Rick Herrick
Sr. Programmer/Analyst
Neuroinformatics Research Group
Washington University School of Medicine
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
Christopher Grave
Jun 9, 2017, 4:40:03 AM6/9/17
to xnat_discussion
Hi Rick,
Thanks for the reply, it makes a lot of sense and I did what you suggested but unfortunately I receive the same result i.e. AutoRun stays queued indefinitely. Find below a snippet from my nginx config file and the xnatpipelinelauncher.config file
################################################################
#Uncomment the following and customize for your project
#
XNAT_PIPELINE_LAUNCHER_OPTS="-Dhttps.protocols=TLSv1.1,TLSv1.2"
#
################################################################
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!3DES';
ssl_prefer_server_ciphers on;
add_header X-Frame-Options “DENY”;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Herrick, Rick
Jun 9, 2017, 10:50:24 AM6/9/17
to xnat_di...@googlegroups.com
Try connecting to your XNAT server from the server hosting your pipeline engine. These may be the same server, but the FQDN URL means that that’s irrelevant. If possible, su as the user launching the pipeline, which is probably the same user that’s running Tomcat. So, presuming the Tomcat/XNAT user is xnat, do something like this:
$ sudo su - xnat
$ curl -u user:pass https://xxxxx.xxxx.ac.uk/xapi/siteConfig/buildInfo
Really the URL can be whatever you want, the main thing is to reach out to the server.
You can also add the --tlsv1.1 and --tlsv1.2 flags to the curl command line on different runs and see what results you get. There’s a good chance this is an issue with the SSL configuration on nginx or between nginx and Tomcat, so let’s make sure that’s not the case before messing with the XNAT configuration more.
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
Christopher Grave
Jun 13, 2017, 9:01:49 AM6/13/17
to xnat_discussion
Hi Rick,
(please ignore previously deleted posts)
I did what you suggested but received the following
<html><head><title>Apache Tomcat/7.0.69 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - /xapi/siteConfig/buildInfo</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>/xapi/siteConfig/buildInfo</u></p><p><b>description</b> <u>The requested resource is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.69</h3></body></html>
Am I correct in saying the below URL you suggested using i.e. https://xxxxx.xxxx.ac.uk/xapi/siteConfig/buildInfo only applies to XNAT 1.7 installations. I am running XNAT 1.6.5. Is there an alternative URL for 1.6.5?
I did try
curl -u admin:xxxxxx https://xxxx.xxxxxxx.ac.uk/data/archive/projects?format=xml --tlsv1.2
And received a valid response i.e.
<ResultSet totalRecords="2"><results><columns><column>ID</column><column>secondary_ID</column><column>name</column><column>description</column><column>pi_firstname</column><column>pi_lastname</column><column>URI</column></columns>
<rows><row><cell>Phantoms</cell><cell>Phantom test data</cell><cell>Phantom test data</cell><cell></cell><cell>Julian</cell><cell>xxxxxx</cell><cell>/data/projects/Phantoms</cell></row>
<row><cell>xxxxx</cell><cell>xxxxxxxxx</cell><cell>xxxxxxxxxx</cell><cell></cell><cell>xxxxxx</cell><cell>xxxxxx</cell><cell>/data/projects/UoM_xxxxxxx</cell></row>
Many Thanks for your time.
Chris.
Christopher Grave
Jun 19, 2017, 7:18:52 AM6/19/17
to xnat_discussion
Additonal Info.
I added the following option (-Djavax.net.debug=all) to the Xnatpipeline.config file and it produced a few more results. It appears that the highest allowed protocol that the client will accept is TLSv1 even though i added the -Dhttps.protocols=TLSv1.1,TLSv1.2 option.
*** ClientHello, TLSv1
RandomCookie: GMT: 1497804589 bytes = { 120, 245, 64, 2, 71, 212, 98, 22, 125, 253, 235, 142, 114, 165, 168, 238, 109, 55, 252, 95, 236, 214, 236, 14, 160, 5, 54, 42 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
omitted for clarity
........
main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Broken pipe
main, called closeSocket()
Christopher Grave
Jun 22, 2017, 11:10:47 AM6/22/17
to xnat_discussion
Ok I think I now have this sorted. Credit goes to Matt South for assisting with this.
The pipeline was being executed with host parameter https://xxxx.xxxxxx.ac.uk
Therefore all traffic was routing through nginx proxy. I believe nginx handing requests off to tomcat was where the problem occurred.
Adding the following 2 arguments to pipeline/bin/XnatPipelineLauncher file was the key
-aliasHost http://localhost:8080 -useAlias $@ (please arguments need to at the end of the file so they are passed as XnatPipelineLauncher parameters and not JVM parameters.
This essentially eliminated the nginx step
Reply all
Reply to author
Forward
0 new messages