[Bug 1965280] Re: rbd-target-api will not start AttributeError: 'Context' object has no attribute 'wrap_socket'
James Page
1965280 at bugs.launchpad.net
Thu Mar 17 15:00:35 UTC 2022
** Description changed:
- The rbd-target-api fails to start on Ubuntu Impish (21.10) and later.
- This appears to be caused by a werkzeug package revision check in rbd-
- target-api. The check is used to decide whather to add an
- OpenSSL.SSL.Context or a ssl.SSLContext. The code comment suggests that
- ssl.SSLContext is used for werkzeug 0.9 so that TLSv1.2 can be used. It
- is also worth noting that support for OpenSSL.SSL.Context was dropped in
- werkzeug 0.10. The intention of the check appears to be to add
- OpenSSL.SSL.Context if the version of is werkzeug is below 0.9
- otherwise use ssl.SSLContext. When rbd-target-api checks the werkzeug
- revision it only looks at the minor revision number and Ubuntu Impish
- contains werkzeug 1.0.1 which obviously has a minor revision number of 0
- which causes rbd-target-api to use an OpenSSL.SSL.Context which is not
- supported by werkzeug which causes:
+ [Impact]
+ Its not possible to configure the RBD target API with TLS with newer versions of werkzeug as found in Ubuntu Impish and later.
+
+ [Test Case]
+ Deploy and configure the RBD target API service with TLS encryption.
+ (ceph-iscsi charm can be used todo this)
+ Service will fail to start with error reported in the original bug report
+
+ [What might go wrong]
+ The change proposed ensures that versions of Werkzeug >= 1.0.0 are also correctly configured to use the TLSv1.2 support. Its fairly simple in approach to regression potential is fairly low.
+
+ [Original Bug Report]
+ The rbd-target-api fails to start on Ubuntu Impish (21.10) and later. This appears to be caused by a werkzeug package revision check in rbd-target-api. The check is used to decide whather to add an OpenSSL.SSL.Context or a ssl.SSLContext. The code comment suggests that ssl.SSLContext is used for werkzeug 0.9 so that TLSv1.2 can be used. It is also worth noting that support for OpenSSL.SSL.Context was dropped in werkzeug 0.10. The intention of the check appears to be to add OpenSSL.SSL.Context if the version of is werkzeug is below 0.9 otherwise use ssl.SSLContext. When rbd-target-api checks the werkzeug revision it only looks at the minor revision number and Ubuntu Impish contains werkzeug 1.0.1 which obviously has a minor revision number of 0 which causes rbd-target-api to use an OpenSSL.SSL.Context which is not supported by werkzeug which causes:
# /usr/bin/rbd-target-api
- * Serving Flask app 'rbd-target-api' (lazy loading)
- * Environment: production
- WARNING: This is a development server. Do not use it in a production deployment.
- Use a production WSGI server instead.
- * Debug mode: off
+ * Serving Flask app 'rbd-target-api' (lazy loading)
+ * Environment: production
+ WARNING: This is a development server. Do not use it in a production deployment.
+ Use a production WSGI server instead.
+ * Debug mode: off
Traceback (most recent call last):
- File "/usr/bin/rbd-target-api", line 3022, in <module>
- main()
- File "/usr/bin/rbd-target-api", line 2952, in main
- app.run(host=settings.config.api_host,
- File "/usr/lib/python3/dist-packages/flask/app.py", line 922, in run
- run_simple(t.cast(str, host), port, self, **options)
- File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 1010, in run_simple
- inner()
- File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 950, in inner
- srv = make_server(
- File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 782, in make_server
- return ThreadedWSGIServer(
- File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 708, in __init__
- self.socket = ssl_context.wrap_socket(self.socket, server_side=True)
+ File "/usr/bin/rbd-target-api", line 3022, in <module>
+ main()
+ File "/usr/bin/rbd-target-api", line 2952, in main
+ app.run(host=settings.config.api_host,
+ File "/usr/lib/python3/dist-packages/flask/app.py", line 922, in run
+ run_simple(t.cast(str, host), port, self, **options)
+ File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 1010, in run_simple
+ inner()
+ File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 950, in inner
+ srv = make_server(
+ File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 782, in make_server
+ return ThreadedWSGIServer(
+ File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 708, in __init__
+ self.socket = ssl_context.wrap_socket(self.socket, server_side=True)
AttributeError: 'Context' object has no attribute 'wrap_socket'
Reported upstream here: https://github.com/ceph/ceph-iscsi/issues/255
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph-iscsi in Ubuntu.
https://bugs.launchpad.net/bugs/1965280
Title:
rbd-target-api will not start AttributeError: 'Context' object has no
attribute 'wrap_socket'
Status in ceph-iscsi package in Ubuntu:
Triaged
Status in ceph-iscsi source package in Impish:
Triaged
Status in ceph-iscsi source package in Jammy:
Triaged
Bug description:
[Impact]
Its not possible to configure the RBD target API with TLS with newer versions of werkzeug as found in Ubuntu Impish and later.
[Test Case]
Deploy and configure the RBD target API service with TLS encryption.
(ceph-iscsi charm can be used todo this)
Service will fail to start with error reported in the original bug report
[What might go wrong]
The change proposed ensures that versions of Werkzeug >= 1.0.0 are also correctly configured to use the TLSv1.2 support. Its fairly simple in approach to regression potential is fairly low.
[Original Bug Report]
The rbd-target-api fails to start on Ubuntu Impish (21.10) and later. This appears to be caused by a werkzeug package revision check in rbd-target-api. The check is used to decide whather to add an OpenSSL.SSL.Context or a ssl.SSLContext. The code comment suggests that ssl.SSLContext is used for werkzeug 0.9 so that TLSv1.2 can be used. It is also worth noting that support for OpenSSL.SSL.Context was dropped in werkzeug 0.10. The intention of the check appears to be to add OpenSSL.SSL.Context if the version of is werkzeug is below 0.9 otherwise use ssl.SSLContext. When rbd-target-api checks the werkzeug revision it only looks at the minor revision number and Ubuntu Impish contains werkzeug 1.0.1 which obviously has a minor revision number of 0 which causes rbd-target-api to use an OpenSSL.SSL.Context which is not supported by werkzeug which causes:
# /usr/bin/rbd-target-api
* Serving Flask app 'rbd-target-api' (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployment.
Use a production WSGI server instead.
* Debug mode: off
Traceback (most recent call last):
File "/usr/bin/rbd-target-api", line 3022, in <module>
main()
File "/usr/bin/rbd-target-api", line 2952, in main
app.run(host=settings.config.api_host,
File "/usr/lib/python3/dist-packages/flask/app.py", line 922, in run
run_simple(t.cast(str, host), port, self, **options)
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 1010, in run_simple
inner()
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 950, in inner
srv = make_server(
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 782, in make_server
return ThreadedWSGIServer(
File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 708, in __init__
self.socket = ssl_context.wrap_socket(self.socket, server_side=True)
AttributeError: 'Context' object has no attribute 'wrap_socket'
Reported upstream here: https://github.com/ceph/ceph-iscsi/issues/255
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph-iscsi/+bug/1965280/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list