On 11/12/14 02:33, Vivek Varghese Cherian wrote:
Hi,
root@ppm-c240-ceph3:~# /usr/bin/radosgw -n client.radosgw.gateway -d
log-to-stderr
2014-12-09 12:51:31.410944 7f073f6457c0 0 ceph version 0.80.7
(__6c0127fcb58008793d3c8b62d925bc__91963672a3), process radosgw,
pid 5958
common/ceph_crypto.cc: In function 'void
ceph::crypto::init(__CephContext*)' thread 7f073f6457c0 time
2014-12-09
12:51:31.412682
common/ceph_crypto.cc: 54: FAILED assert(s == SECSuccess)
ceph version 0.80.7
(__6c0127fcb58008793d3c8b62d925bc__91963672a3)
1: (()+0x293ce8) [0x7f073e797ce8]
2: (common_init_finish(__CephContext*, int)+0x10)
[0x7f073e76afa0]
3: (main()+0x340) [0x4665a0]
4: (__libc_start_main()+0xf5) [0x7f073c932ec5]
5: /usr/bin/radosgw() [0x4695c7]
NOTE: a copy of the executable, or `objdump -rdS <executable>` is
needed to interpret this.
2014-12-09 12:51:31.413544 7f073f6457c0 -1 common/ceph_crypto.cc: In
function 'void ceph::crypto::init(__CephContext*)' thread
7f073f6457c0
time 2014-12-09 12:51:31.412682
common/ceph_crypto.cc: 54: FAILED assert(s == SECSuccess)
This looks like it could be failing to talk to Keystone via SSL -
have you setup Keystone to use SSL? If so you'll need the converted
certs copied to /var/lib/nssdb on your Radosgw host (see bottom of
http://ceph.com/docs/master/__radosgw/keystone/
<http://ceph.com/docs/master/radosgw/keystone/>). If you have
already done this...then apologies, but it's worth double checking!
Cheers
Mark
I have followed these steps on my Juno node from the URL
http://ceph.com/docs/master/radosgw/keystone/
mkdir /var/ceph/nss
openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | \
certutil -d /var/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | \
certutil -A -d /var/ceph/nss -n signing_cert -t "P,P,P"
Do you suggest that I manually copy the self signed certificates
(Generated on Dec 4, 2014) from /var/ceph/nss on the Juno node to
/var/lib/nssdb on the rados gw host ?
btw, I can already see the following files (dated Sep24 2014) in my
/var/lib/nssdb on the radosgw host.
root@ppm-c240-ceph3:/var/lib/nssdb# ls -la
total 52
drwxr-xr-x 2 root root 4096 Oct 29 03:17 .
drwxr-xr-x 44 root root 4096 Nov 6 05:06 ..
-rw-r--r-- 1 root root 9216 Sep 24 08:25 cert9.db
-rw-r--r-- 1 root root 11264 Sep 24 08:25 key4.db
-rw-r--r-- 1 root root 449 Sep 24 08:25 pkcs11.txt
-rw-r--r-- 1 root root 16384 Sep 24 08:25 secmod.db
root@ppm-c240-ceph3:/var/lib/nssdb#
Do I need to overwrite the existing .db files and .txt file in
/var/lib/nssdb on the radosgw host with the ones copied from
/var/ceph/nss on the Juno node ?
Yeah - worth a try (we want to rule out any certificate mis-match errors).
Cheers
Mark
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
