Bug #20696
closedradosgw doesn't start with civetweb handlerin Debian Stretch
0%
Description
Radosgw doesn't start due to incompatibility between civetweb and openssl version >= 1.1 . There is a issue in civetweb tracker closed in Dec'16 (https://github.com/civetweb/civetweb/issues/370)
2017-07-20 10:37:41.291820 7f81e3667a00 0 starting handler: civetweb
2017-07-20 10:37:41.296116 7f81e3667a00 0 civetweb: 0x55ed85244140: load_dll: libssl.so.1.1: cannot find SSLv23_server_method
2017-07-20 10:37:41.296172 7f81e3667a00 0 civetweb: 0x55ed85244140: load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks
2017-07-20 10:37:41.296182 7f81e3667a00 -1 ERROR: failed run
2017-07-20 10:37:41.828614 7fba7e2c7a00 0 deferred set uid:gid to 64045:64045 (ceph:ceph)
2017-07-20 10:37:41.828724 7fba7e2c7a00 0 ceph version 10.2.9 (2ee413f77150c0f375ff6f10edd6c8f9c7d060d0), process radosgw, pid 8120
radosgw version: 10.2.9-1~bpo90+1
Files
Updated by Abhishek Lekshmanan about 6 years ago
jewel may need a cherry-pick of https://github.com/civetweb/civetweb/commit/5d83900fd29fb6fa1cd604676cb0562dc984dcc9;
Updated by Abhishek Lekshmanan about 6 years ago
Is this reproducible in Luminous as well (we had a major civewteb update in Luminous so might have already been fixed with that)
Updated by Tomas Mores about 6 years ago
Yes, i am using Debian 9 + CEPH Luminous and "load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks" error is still here.
Updated by Tomas Mores about 6 years ago
Tomas Mores wrote:
Yes, i am using Debian 9 + CEPH Luminous and "load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks" error is still here.
Can you please tell me, where to find civetweb files to update them? Thank you!
Updated by Nathan Cutler about 6 years ago
- Has duplicate Bug #23450: rgw: civetweb fails to start with openssl 1.1.0 added
Updated by Nikos Kormpakis almost 6 years ago
Hello,
this bug is also affecting us in Debian Stretch v9.3 and Luminous v12.2.4. We observe the exact same behavior. Our current software versions are:
- openssl: 1.1.0f-3+deb9u2 (Official Debian package)
- radosgw: 12.2.4-1~bpo90+1 (Official Ceph packages from download.ceph.com)
The only way to work around this behavior, is to run an Apache/Nginx in front of radosgw in order to use TLS.
Best regards,
Nikos.
Updated by Mami Hayashida almost 6 years ago
Experiencing the same problem on Ubuntu:
- Ubuntu 18.04
- Ceph 12.2.4 (luminous)
- openssl: 1.1.0g
Updated by Matthew Vernon about 5 years ago
Hi,
This bug could be fixed by pulling in a newer version of civetweb, and compiling it with the OPENSSL_API_1_1 flag set - see https://github.com/civetweb/civetweb/issues/641 and https://github.com/civetweb/civetweb/blob/master/docs/Building.md#setting-build-options
Regards,
Matthew
Updated by Matthew Vernon about 5 years ago
- File bionic_ssl10_patch bionic_ssl10_patch added
Hi,
The work-around (which lets you build functional Luminous .debs for Bionic at least) is to arrange for the build environment to only have libssl1.0 in it; that means civetweb gets built to link against libssl.1.0, and so works. This is, clearly, only a temporary fix, and we'll want to move to a new enough civetweb to work with libssl1.1 fairly soon.
I include a debdiff that I applied to the luminous source package. Would you be interested in a PR to apply this to some branches?
Regards,
Matthew
Updated by Matthew Vernon about 5 years ago
Sorry, also: I think this is more than a "minor" issue - the RGW isn't much use without https...
Updated by Matthew Vernon almost 5 years ago
https://github.com/ceph/ceph/pull/28214 addresses this (applying the patch I supplied 4 months ago).