1425710 – RGW service fails to start with SSL configured on Ubuntu

Bug 1425710 - RGW service fails to start with SSL configured on Ubuntu

Summary: RGW service fails to start with SSL configured on Ubuntu

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	2.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	2.2
Assignee:	Marcus Watts
QA Contact:	shilpa
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-02-22 08:12 UTC by shilpa
Modified:	2022-02-21 18:41 UTC (History)
CC List:	10 users (show)
Fixed In Version:	RHEL: ceph-10.2.5-34.el7cp Ubuntu: ceph_10.2.5-26redhat1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-14 15:49:58 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Ceph Project Bug Tracker	19098	None	None	None	2017-02-27 19:37:52 UTC
Red Hat Issue Tracker	RHCEPH-3526	None	None	None	2022-02-21 18:41:59 UTC
Red Hat Product Errata	RHBA-2017:0514	normal	SHIPPED_LIVE	Red Hat Ceph Storage 2.2 bug fix and enhancement update	2017-03-21 07:24:26 UTC

Description shilpa 2017-02-22 08:12:04 UTC

Description of problem:
RGW fails with error:

2017-02-22 07:10:00.734805 7f3c163dea00  0 civetweb: 0x55ccf9ca59e0: load_dll: cannot load libssl.so
2017-02-22 07:10:00.734860 7f3c163dea00  0 civetweb: 0x55ccf9ca59e0: load_dll: cannot load libcrypto.so

Version-Release number of selected component (if applicable):
10.2.5-21redhat1xenial

How reproducible:
Always

Steps to Reproduce:
1. Generate a CA signed certificate.
2. Add the pem key to /usr/share/ca-certificates/ and add it to trusted ca-certs in /etc/ssl/certs/ca-certificates.crt
3. In ceph.conf add the line and restart rgw:
rgw frontends = civetweb port=443s ssl_certificate=/usr/share/ca-certificates/myca.pem

Actual results:
RGW restart fails with:

2017-02-22 07:10:00.734669 7f3c163dea00  0 starting handler: civetweb
2017-02-22 07:10:00.734693 7f3c163dea00 20 civetweb config: decode_url: no
2017-02-22 07:10:00.734694 7f3bdd5f1700  5 process_single_shard(): failed to acquire lock on obj_delete_at_hint.0000000001
2017-02-22 07:10:00.734696 7f3c163dea00 20 civetweb config: enable_keep_alive: yes
2017-02-22 07:10:00.734698 7f3c163dea00 20 civetweb config: listening_ports: 443s
2017-02-22 07:10:00.734699 7f3c163dea00 20 civetweb config: num_threads: 100
2017-02-22 07:10:00.734700 7f3c163dea00 20 civetweb config: run_as_user: ceph
2017-02-22 07:10:00.734701 7f3c163dea00 20 civetweb config: ssl_certificate: /usr/share/ca-certificates/myca.pem
2017-02-22 07:10:00.734701 7f3bdd5f1700 20 proceeding shard = obj_delete_at_hint.0000000002
2017-02-22 07:10:00.734770 7f3bdddf2700  0 RGWGC::process() failed to acquire lock on gc.26
2017-02-22 07:10:00.734805 7f3c163dea00  0 civetweb: 0x55ccf9ca59e0: load_dll: cannot load libssl.so
2017-02-22 07:10:00.734860 7f3c163dea00  0 civetweb: 0x55ccf9ca59e0: load_dll: cannot load libcrypto.so
2017-02-22 07:10:00.734870 7f3c163dea00 -1 ERROR: failed run


Additional info:
Adding an attachment with steps followed. Note that the same configuration worked on RHEL.

Comment 13 Ken Dreyer (Red Hat) 2017-02-27 16:37:05 UTC

Where is the PR to master for this change? Or Redmine ticket tracking the backport to Jewel?

Comment 14 Matt Benjamin (redhat) 2017-02-27 17:44:53 UTC

(In reply to Ken Dreyer (Red Hat) from comment #13)
> Where is the PR to master for this change? Or Redmine ticket tracking the
> backport to Jewel?

Hi Ken,

There's currently not a corresponding change for master, as the changes for cmake build are completely different--but still needed, going forward.

Matt

Comment 15 Ken Dreyer (Red Hat) 2017-02-27 18:01:09 UTC

We'll still need this in v10.2.6 or v10.2.7 going forward. Mind filing a Redmine ticket and connecting it up here in External Trackers?

Comment 16 Marcus Watts 2017-03-01 07:06:04 UTC

I filed a duplicate bug before noticing Thomas had beat me to making a ticket.  Yes, I'll need to make the cmake fix for master.

Comment 18 shilpa 2017-03-03 05:52:47 UTC

Verified on ceph_10.2.5-26

Comment 20 errata-xmlrpc 2017-03-14 15:49:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0514.html

Note You need to log in before you can comment on or make changes to this bug.