[Bug 1822872] Re: Bionic: Luminous radosgw incompatible with libssl1.1
Eric Desrochers
eric.desrochers at canonical.com
Mon Apr 15 16:08:53 UTC 2019
# IRC Discussion on freenode (#ubuntu-devel)
[11:46:46] <xnox>� slashd, jamespage - what am i missing about https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1822872 ? =)
[11:46:47] <ubottu>�Launchpad bug 1822872 in ceph (Ubuntu Bionic) "Bionic: Luminous radosgw incompatible with libssl1.1" [Medium,Confirmed]
[11:47:10] <xnox>� slashd, jamespage - libssl/libcrypto 1.0 and 1.1 are coinstallable and both are support in bionic, in main from now and until forever.
[11:47:13] <xnox>� so what's broken?
[11:48:41] <xnox>� slashd, jamespage - sound slike load_dll should be dll opening libcrypto.so.1.0 if that's what it expects?
[11:50:30] <xnox>� slashd, jamespage - imho we should builddepend on libssl1.0 and set CIVETWEB_SSL_SSL_LIB and CIVETWEB_SSL_CRYPTO_LIB to versioned sonames of libssl.so.1.0 and libcrypto.so.1.0
[11:52:38] <jamespage>� xnox, slashd: tbh I think that's fine
[11:52:57] <jamespage>� I'm easy either way - slashd are you ok to SRU that?
[11:53:21] <slashd> jamespage, yeah I can SRU the libssl-dev downgrade to 1.0
[11:53:31] <xnox>�jamespage, well reading the code, it sounds slightly harder. cause WITH_RADOSGW tries to build with SSL_INCLUDE_DIR
[11:54:35] <xnox>�slashd, if it works. cause it does look that radosgw, rgw, civetweb all need to use libssl1.0-dev then.
[11:55:11] <xnox>�slashd, ah, and that's all that does ssl there, so it's fine.
[12:04:48] <xnox>� slashd, and we reverted and forced to use libssl1.0-dev with nodejs 8 in bionic
[12:05:01] <xnox>� slashd, and one should use libssl-dev (aka 1.1) with nodejs in disco.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph in Ubuntu.
https://bugs.launchpad.net/bugs/1822872
Title:
Bionic: Luminous radosgw incompatible with libssl1.1
Status in ceph package in Ubuntu:
Fix Released
Status in ceph source package in Bionic:
Confirmed
Bug description:
[Impact]
This is breaking Ceph cluster https service.
# logs:
2019-04-02 16:40:14.846313 7ff8c1736000 0 starting handler: civetweb
2019-04-02 16:40:14.846397 7ff8c1736000 0 civetweb: 0x56114520d620: load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks
2019-04-02 16:40:14.846424 7ff8c1736000 -1 ERROR: failed run
[Test Case]
1) Generate a self-signed certificate or use whatever existing SSL
certificate already in place.
2) From the radosgw node, modify "/etc/ceph/ceph.conf" as follow:
rgw_frontends = civetweb ssl_port=443 ssl_certificate=/etc/ssl/<CERTIFICATE>
3) Restart the daemon:
systemctl restart ceph-radosgw at rgw.`hostname -s`
4) Look logs:
2019-04-10 12:02:53.535133 7fcd20c4e000 0 civetweb: 0x562d710ed620: load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks
5) Look radosgw which should FAILED to start.
[Potential Regression]
[Other Information]
https://github.com/civetweb/civetweb/pull/384/commits
https://github.com/civetweb/civetweb/commit/adac9c916fa892ec5edce7b565803f1e62d304a2
https://github.com/civetweb/civetweb/commit/5d83900fd29fb6fa1cd604676cb0562dc984dcc9
http://docs.ceph.com/docs/bobtail/radosgw/troubleshooting/
[Original Description]
Bionic's radosgw package (Version 12.2.11-0ubuntu0.18.04.1 ) can't run
on Bionic, because the version of civetweb in Luminous is incompatible
with libssl1.1, but it's built against libssl1.1.
This has been known about upstream for a while now, and as noted in
the bug-tracker (https://tracker.ceph.com/issues/20696), it can be
fixed by building Luminous in an environment that has only libssl1.0
available (or, in a more invasive manner, by incorporating a newer
civetweb). A patch is in the tracker.ceph.com issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1822872/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list