[Bug 964989] Re: Ganeti initialization fails because PyCurl is linked against GnuTLS
Guy K. Kloss
guy.kloss at arcor.de
Tue Jan 15 01:50:36 UTC 2013
An easier option than rebuilding a system package with all kinds of
dependencies might be to tell PyCURL what version of SSL to use, like
described here:
https://bugs.launchpad.net/ubuntu/+source/pycurl/+bug/926548/comments/24
Hope that helps,
Guy
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pycurl in Ubuntu.
https://bugs.launchpad.net/bugs/964989
Title:
Ganeti initialization fails because PyCurl is linked against GnuTLS
Status in “ganeti” package in Ubuntu:
Confirmed
Status in “pycurl” package in Ubuntu:
New
Bug description:
Ganeti uses PyCurl to connect to the master daemon. When PyCurl is linked against GnuTLS the connection fails:
2012-03-26 07:00:13,862: gnt-cluster init pid=5995 INFO Using PycURL libcurl/7.22.0 GnuTLS/2.12.14 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
2012-03-26 07:00:18,658: gnt-cluster init pid=5995 ERROR RPC error in version from node node1.example.com: Error 35: gnutls_handshake() failed: GnuTLS internal error.
Starting Ganeti is not possible:
# /etc/init.d/ganeti start
* Starting Ganeti cluster * ganeti-noded... [ OK ]
* ganeti-masterd... ERROR:root:RPC error in node_start_master from node node2.example.com: Error 35: gnutls_handshake() failed: GnuTLS internal error.
ERROR:root:Can't activate master IP address: Error 35: gnutls_handshake() failed: GnuTLS internal error.
[ OK ]
* ganeti-rapi... [ OK ]
* ganeti-confd... [ OK ]
# gnt-node list
Node DTotal DFree MTotal MNode MFree Pinst Sinst
node2.example.com ? ? ? ? ? 0 0
Recompiling PyCurl and linking against openssl fixes the issue:
[root]# aptitude install build-essential dpkg-dev
[root]# apt-get source python-pycurl
[root]# aptitude build-dep python-pycurl
[root]# aptitude install libcurl4-openssl-dev
[root]# cd pycurl-7.19.0
[root]# # perl -p -i -e "s/gnutls/openssl/" debian/control
[root]# dpkg-buildpackage -rfakeroot -b
[root]# cd ..
[root]# dpkg -i python-pycurl_7.19.0-4ubuntu3_amd64.deb
# /etc/init.d/ganeti restart
* Restarting Ganeti cluster
* ganeti-confd... [ OK ]
* ganeti-rapi... [ OK ]
* ganeti-masterd... [ OK ]
* ganeti-noded... [ OK ]
* ganeti-noded... [ OK ]
* ganeti-masterd... [ OK ]
* ganeti-rapi... [ OK ]
* ganeti-confd... [ OK ]
root at node1:/var/lib/ganeti# gnt-node list
Node DTotal DFree MTotal MNode MFree Pinst Sinst
node1.example.com 127.9G 127.9G 3.8G 381M 3.6G 0 0
Although during initialization still errors are logged in /var/log/ganeti/commands.log:
2012-03-26 07:18:53,879: gnt-cluster init pid=20274 INFO Using PycURL libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
2012-03-26 07:18:58,521: gnt-cluster init pid=20274 ERROR RPC error in version from node node1.example.com: Error 60: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
But the communication is successful.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ganeti/+bug/964989/+subscriptions
More information about the foundations-bugs
mailing list