[Openstack] [ceph-users] Unable to start radosgw

Mark Kirkwood mark.kirkwood at catalyst.net.nz
Thu Dec 11 06:59:37 UTC 2014 

On 11/12/14 02:33, Vivek Varghese Cherian wrote:
> Hi,
>
>
>         root at ppm-c240-ceph3:~# /usr/bin/radosgw -n client.radosgw.gateway -d
>         log-to-stderr
>         2014-12-09 12:51:31.410944 7f073f6457c0  0 ceph version 0.80.7
>         (__6c0127fcb58008793d3c8b62d925bc__91963672a3), process radosgw,
>         pid 5958
>         common/ceph_crypto.cc: In function 'void
>         ceph::crypto::init(__CephContext*)' thread 7f073f6457c0 time
>         2014-12-09
>         12:51:31.412682
>         common/ceph_crypto.cc: 54: FAILED assert(s == SECSuccess)
>            ceph version 0.80.7
>         (__6c0127fcb58008793d3c8b62d925bc__91963672a3)
>            1: (()+0x293ce8) [0x7f073e797ce8]
>            2: (common_init_finish(__CephContext*, int)+0x10)
>         [0x7f073e76afa0]
>            3: (main()+0x340) [0x4665a0]
>            4: (__libc_start_main()+0xf5) [0x7f073c932ec5]
>            5: /usr/bin/radosgw() [0x4695c7]
>            NOTE: a copy of the executable, or `objdump -rdS <executable>` is
>         needed to interpret this.
>         2014-12-09 12:51:31.413544 7f073f6457c0 -1 common/ceph_crypto.cc: In
>         function 'void ceph::crypto::init(__CephContext*)' thread
>         7f073f6457c0
>         time 2014-12-09 12:51:31.412682
>         common/ceph_crypto.cc: 54: FAILED assert(s == SECSuccess)
>
>
>     This looks like it could be failing to talk to Keystone via SSL -
>     have you setup Keystone to use SSL? If so you'll need the converted
>     certs copied to /var/lib/nssdb on your Radosgw host (see bottom of
>     http://ceph.com/docs/master/__radosgw/keystone/
>     <http://ceph.com/docs/master/radosgw/keystone/>). If you have
>     already done this...then apologies, but it's worth double checking!
>
>     Cheers
>
>     Mark
>
>
>
> I have followed these steps on my Juno node from the URL
> http://ceph.com/docs/master/radosgw/keystone/
>
> mkdir /var/ceph/nss
>
> openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | \
>          certutil -d /var/ceph/nss -A -n ca -t "TCu,Cu,Tuw"
>
> openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | \
>          certutil -A -d /var/ceph/nss -n signing_cert -t "P,P,P"
>
>
> Do you suggest that I manually copy the self signed certificates
> (Generated on Dec 4, 2014) from /var/ceph/nss on the Juno node to
> /var/lib/nssdb on the rados gw host  ?
>
> btw, I can already see the following files (dated Sep24 2014) in my
> /var/lib/nssdb on the radosgw host.
>
> root at ppm-c240-ceph3:/var/lib/nssdb# ls -la
> total 52
> drwxr-xr-x  2 root root  4096 Oct 29 03:17 .
> drwxr-xr-x 44 root root  4096 Nov  6 05:06 ..
> -rw-r--r--  1 root root  9216 Sep 24 08:25 cert9.db
> -rw-r--r--  1 root root 11264 Sep 24 08:25 key4.db
> -rw-r--r--  1 root root   449 Sep 24 08:25 pkcs11.txt
> -rw-r--r--  1 root root 16384 Sep 24 08:25 secmod.db
> root at ppm-c240-ceph3:/var/lib/nssdb#
>
> Do I need to overwrite the existing .db files and .txt file in
> /var/lib/nssdb on the radosgw host  with the ones copied from
> /var/ceph/nss on the Juno node ?
>

Yeah - worth a try (we want to rule out any certificate mis-match errors).

Cheers

Mark

More information about the Openstack mailing list