** Description changed: [Impact] This is breaking Ceph cluster https service. # logs: 2019-04-02 16:40:14.846313 7ff8c1736000 0 starting handler: civetweb 2019-04-02 16:40:14.846397 7ff8c1736000 0 civetweb: 0x56114520d620: load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks 2019-04-02 16:40:14.846424 7ff8c1736000 -1 ERROR: failed run [Test Case] 1) Generate a self-signed certificate or use whatever existing SSL certificate already in place. 2) From the radosgw node, modify "/etc/ceph/ceph.conf" as follow: rgw_frontends = civetweb ssl_port=443 ssl_certificate=/etc/ssl/<CERTIFICATE> 3) Restart the daemon: systemctl restart ceph-radosgw@rgw.`hostname -s` 4) Look logs: 2019-04-10 12:02:53.535133 7fcd20c4e000 0 civetweb: 0x562d710ed620: load_dll: libcrypto.so.1.1: cannot find CRYPTO_num_locks 5) Look radosgw which should FAILED to start. [Potential Regression] * Same downgrade approach has been made for 'nodejs' via LP: #1798367 * Seems like civetweb is all that does SSL there, so it should be fine. * Nothing can be worst than current situation, considering that civetweb is non-functionnal when SSL is in used due to the incompatibility with 1.1 and make radosgw daemon to fail. - * libssl1.0 and libssl1.1 are coinstallable ABIs. + * libssl1.0 and libssl1.1 are coinstallable ABIs so it shouldn't be a + problem here. [Other Information] * Adding the OpenSSL 1.1 support has been explore, and reveal to be non-trivial : https://github.com/civetweb/civetweb/pull/384/commits https://github.com/civetweb/civetweb/commit/adac9c916fa892ec5edce7b565803f1e62d304a2 https://github.com/civetweb/civetweb/commit/5d83900fd29fb6fa1cd604676cb0562dc984dcc9 http://docs.ceph.com/docs/bobtail/radosgw/troubleshooting/ [Original Description] Bionic's radosgw package (Version 12.2.11-0ubuntu0.18.04.1 ) can't run on Bionic, because the version of civetweb in Luminous is incompatible with libssl1.1, but it's built against libssl1.1. This has been known about upstream for a while now, and as noted in the bug-tracker (https://tracker.ceph.com/issues/20696), it can be fixed by building Luminous in an environment that has only libssl1.0 available (or, in a more invasive manner, by incorporating a newer civetweb). A patch is in the tracker.ceph.com issue.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822872 Title: Bionic: Luminous radosgw incompatible with libssl1.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1822872/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
