Bug #14498
closedcephx error: NSS AES final round failed: -8190 while bootstrapping containerised mon on RHEL 7.2
0%
Description
I have been running ceph-docker project with ceph/daemon:centos-latest image based on 'hammer' release on RHEL 7.1 and Centos 7.1 hosts for some time now and it runs just fine.
Command line used: docker run -d --net=host -v /etc/ceph:/etc/ceph -v /var/lib/ceph:/var/lib/ceph -e MON_IP=10.10.191.104 -e CEPH_PUBLIC_NETWORK=10.10.191.0/24 ceph/daemon:centos-laters mon
When I upgraded by host OS [yes right, host OS] to RHEL 7.2, I am hitting numerous cephx issues while running same image and command line.
2016-01-25 10:08:59.697400 7fef43afb700 0 cephx: verify_authorizer could not decrypt ticket info: error: NSS AES final round failed: 8190 10.10.191.104:6789/0 >> 10.10.191.100:6789/0 pipe(0x3697000 sd=19 :6789 s=0 pgs=0 cs=0 l=0 c=0x34bf340).accept we reset (peer sent cseq 2), sending RESETSESSION
2016-01-25 10:08:59.697406 7fef43afb700 0 -
2016-01-25 10:09:01.697086 7fef43afb700 0 cephx: verify_authorizer could not decrypt ticket info: error: NSS AES final round failed: 8190 10.10.191.104:6789/0 >> 10.10.191.100:6789/0 pipe(0x3697000 sd=19 :6789 s=0 pgs=0 cs=0 l=0 c=0x34bf340).accept we reset (peer sent cseq 2), sending RESETSESSION
2016-01-25 10:09:01.697110 7fef43afb700 0 -
2016-01-25 10:09:02.058557 7fef3c54f700 0 cephx server osd.25: couldn't find entity name: osd.25
2016-01-25 10:09:03.697015 7fef3a44a700 0 cephx: verify_authorizer could not decrypt ticket info: error: NSS AES final round failed: 8190 10.10.191.104:6789/0 >> 10.10.191.100:6789/0 pipe(0x3708000 sd=20 :6789 s=0 pgs=0 cs=0 l=0 c=0x34bf340).accept we reset (peer sent cseq 2), sending RESETSESSION
2016-01-25 10:09:03.697030 7fef3a44a700 0 -
As I can infer from logs, mon has done the requisite setup and started to run. I have attached the complete log for debug.
Can someone please let us know as to why cephx errors are reported. Unfortunately the same runs fine on RHEL 7.1, Fedora Atomic hosts and not with RHEL 7.2 kernel.
Files
Updated by Deepthi Dharwar over 8 years ago
Sorry my bad, Affected version is 0.94.5
Updated by Nathan Cutler over 8 years ago
- Affected Versions v0.94.5 added
- Affected Versions deleted (
v0.95)
Updated by Huamin Chen over 8 years ago
Deepthi,
Want to have some information from you to debug this. Did you upgrade docker too while upgrading to RHEL 7.2? What is your docker version? Thanks.
Updated by Sébastien Han over 8 years ago
Hey Huamin,
We use Docker version 1.8.2-el7, build a01dc02/1.8.2 on RHEL 7.2
Updated by Sébastien Han over 8 years ago
Adding more info, the issue only happened while using '—net-host’, with the default networking mode it works fine.
Updated by Deepthi Dharwar about 8 years ago
Also this issue is reproducible when the running the ceph/daemon containers on Bare metal servers currently running RHEL 7.2 and not in VM running same version of the OS . Seen with docker version 1.8 and 1.9. Upgrade does not seem to help.
Updated by Samuel Just about 8 years ago
2016-01-25 10:09:02.058557 7fef3c54f700 0 cephx server osd.25: couldn't find entity name: osd.25
That looks a lot like the mon doesn't have the right cephx keyring?
Updated by Deepthi Dharwar about 8 years ago
Thanks Samuel for the update.
Unfortunately, I am unable to hit this issue currently after I happen to do an upgrade of the packages on my machine.
Can we close this bug for now ?
Thanks a lot!
Updated by Sage Weil about 8 years ago
- Status changed from New to Can't reproduce