Bug 1987010
Summary: | [upgrade][rgw][ssl]: During upgrade from 4.2 with ssl configured to 5.0 rgw daemon failed with ERROR: failed initializing frontend' | ||
---|---|---|---|
Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Veera Raghava Reddy <vereddy> |
Component: | Ceph-Ansible | Assignee: | Guillaume Abrioux <gabrioux> |
Status: | CLOSED ERRATA | QA Contact: | Madhavi Kasturi <mkasturi> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.0 | CC: | aoconnor, aschoen, ceph-eng-bugs, dsavinea, gabrioux, gmeno, gsitlani, jthottan, nthomas, sewagner, tserlin, vimishra, ykaul |
Target Milestone: | --- | ||
Target Release: | 5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ceph-ansible-6.0.11.1-1.el8cp | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-08-30 08:31:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Veera Raghava Reddy
2021-07-28 17:39:31 UTC
From https://bugzilla.redhat.com/show_bug.cgi?id=1981682#c29 Crash part I am not sure why it happened(may be it happened during shutdown of RGW than during the start of RGW), it will be helpful if we can collect the logs with debug level 20. Even after crash RGW tries to come again Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.460+0000 7f39e72b7480 0 framework: beast Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.460+0000 7f39e72b7480 0 framework conf key: ssl_certificate, val: config://rgw/cert/$realm/$zone.crt Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.460+0000 7f39e72b7480 0 framework conf key: ssl_private_key, val: config://rgw/cert/$realm/$zone.key Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.460+0000 7f39e72b7480 0 starting handler: beast Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.462+0000 7f39e72b7480 -1 ssl_private_key was not found: rgw/cert/default/default.key Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.463+0000 7f39a6e95700 0 RGWReshardLock::lock failed to acquire lock on reshard.0000000000 ret=-16 Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.463+0000 7f39e72b7480 -1 ssl_private_key was not found: rgw/cert/rgw.ceph Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.463+0000 7f39e72b7480 -1 no ssl_certificate configured for ssl_port Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 conmon[1749418]: debug 2021-07-27T15:06:47.463+0000 7f39e72b7480 -1 ERROR: failed initializing frontend Jul 27 11:06:47 ceph-4-2-ssl-upgrade-28bq6h-node8 systemd[1]: libpod-22719cf987ae1f4fd2ff2994174441cecf0caf2d4f64f15b731bdc8dfbc4b69b.scope: Succeeded. But apparently there is no tls certs listed in "ceph config-key ls" option and when I tried to get spec details, tls cert is missing there as well ceph config-key get mgr/cephadm/spec.rgw.ceph {"created": "2021-07-27T15:02:58.077394Z", "spec": {"placement": {"count_per_host": 1, "label": "rgws"}, "service_id": "ceph", "service_name": "rgw.ceph", "service_type": "rgw", "spec": {"rgw_frontend_port": 443, "rgw_realm": "default", "rgw_zone": "default", "ssl": true}}} In the post-upgrade logs the cert file is pointing to "/etc/ssl/certs/server.pem". I am not sure how it can be pointed for post-upgrade for cephadm It looks we are talking about a different bug here than the original one. @sewagner any idea how it can be done from cephadm for existing cluster? Can you look into https://bugzilla.redhat.com/show_bug.cgi?id=1987010#c5 ? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Ceph Storage 5.0 bug fix and enhancement), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3294 |