Bug 1192496
| Summary: | vdsm is failing against M2Crypto vanilla code | ||
|---|---|---|---|
| Product: | [oVirt] vdsm | Reporter: | Simone Tiraboschi <stirabos> |
| Component: | General | Assignee: | Piotr Kliczewski <pkliczew> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Stehlik <pstehlik> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.17.0 | CC: | amureini, bazulay, bugs, ecohen, gklein, iheim, lsurette, mgoldboi, nsoffer, oourfali, pkliczew, rbalakri, sbonazzo, s.kieske, stirabos, ybronhei, yeylon |
| Target Milestone: | ovirt-3.6.1 | Keywords: | CodeChange |
| Target Release: | 4.17.11 | Flags: | pkliczew:
ovirt-3.6.z?
rule-engine: planning_ack? oourfali: devel_ack+ rule-engine: testing_ack+ |
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | infra | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Cause:
VDSM uses m2crypto package to allow ssl communication. Over debian distribution this package is buggy and we prefer to use python's default ssl implementation.
Consequence:
VDSM cannot communicate with ssl over debian
Fix:
In this bug scope we added config value to allow choosing between python ssl to m2crypto. During vdsm installation we set the default to python ssl over debian and to m2crypto over rhel\centos and fedora.
The user can change the default value in vdsm.conf
Result:
Over debian we use now different implementation for ssl
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-01-13 14:37:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1163069 | ||
|
Description
Simone Tiraboschi
2015-02-13 14:33:09 UTC
Simone - I saw you posted a fix. Shall I make you the assignee of this bug? No, as from first test I understood that my patch is absolutely unuseful: it sets the timeout on the underlying socket but M2Crypto still miss a lot of pieces to correctly handle and report it, so it's not that easy to fix it without a patch on M2Crypto if we need, as i thought, timeouts on SSL connections. I am confused why we want to have our code working with different version of M2Crypto. The code was written to work with library provided by different distributions (fedora, centos, rhel). In my opinion this is not a bug because we are planning on migrating to standard ssl module and stop using m2crypto. (In reply to Piotr Kliczewski from comment #3) > I am confused why we want to have our code working with different version of > M2Crypto. The code was written to work with library provided by different > distributions (fedora, centos, rhel). > > In my opinion this is not a bug because we are planning on migrating to > standard ssl module and stop using m2crypto. +1 for stopping using m2crypto. But we need to either stopping using it or having vdsm working on vanilla m2crypto in order to support Debian. Piotr - once the m2crypto removal is in place, move this one to MODIFIED. This is an automated message. oVirt 3.6.0 RC1 has been released. This bug has no target release and still have target milestone set to 3.6.0-rc. Please review this bug and set target milestone and release to one of the next releases. Yaniv I can see that you removed Target release. Can you please set it back? (In reply to Piotr Kliczewski from comment #7) > Yaniv I can see that you removed Target release. Can you please set it back? Target release should be set in build time. Target milestone is the one that matters to state when this issue will be fixed. Piotr - when will this be in? Need doc-text? This bug is not marked for z-stream, yet the milestone is for a z-stream version, therefore the milestone has been reset. Please set the correct milestone or add the z-stream flag. This request has been proposed for two releases. This is invalid flag usage. The higher numbered release flag has been cleared. If you wish to change the release flag, you must clear one release flag and then set the other release flag to ?. Configurable ssl implementation was merged on master yesterday. I am currently working on verification of the patches for 3.6. Now instead of having dependency on m2crypto we can choose to use ssl module. Changes verified for 3.6 but since this bug is targeted for master I added corresponding patches and moving to MODIFIED. This bug is marked for z-stream, yet the milestone is for a major version, therefore the milestone has been reset. Please set the correct milestone or drop the z stream flag. Fixed bug tickets must have target milestone set prior to fixing them. Please set the correct milestone and move the bugs back to the previous status after this is corrected. Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release. Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release. oVirt 3.6.1 has been released, closing current release |