-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
m2crypto-0.28.2-3.el7.x86_64 in salt repository breaks subscription-manager in RHEL7x #49156
Comments
ping @dmurphy18 can you take a look here? |
@josephname The version of M2Crypto in version reports is M2Crypto: 0.21.1 (typically supplied by Redhat) The version of M2Crypto supplied by Salt with 2018.3.2 is m2crypto-0.28.2-3.el7.x86_64.rpm Does the issue occur if the version of M2Crypto supplied by Salt ? |
Yes, the 0.28.2-3 version in the salt repository caused the problem. |
@josephname The version from salt-run --versions-report show 0.21 for M2Crypto Dependency Versions: The version of M2Crypto from Salt 0.28.2-3 is not installed. |
Yes, we had to fix that server. Sorry for the confusion. You should be able to test and verify that installing m2crypto 0.28.2-3 on a RHEL 7 server will break subscription-manager. We done it on two different servers to verify. |
Using a AWS Redhat 7 server, not seeing issue. [root@ip-10-0-0-225 ec2-user]# yum list m2crypto* [root@ip-10-0-0-225 ec2-user]# cat /etc/yum.repos.d/salt-latest.repo Dependency Versions: System Versions: [root@ip-10-0-0-225 ec2-user]# [root@ip-10-0-0-225 ec2-user]# find / -name "libcrypto*" Can you provide a salt-run --versions-report from a server which is actually exhibiting the problem ? |
They were RHEL 7.2. And the problem is when you run subscription-manager - how you verify redhat subscriptions. On the system above - run "subscription-manager facts" |
we had to fix our servers and move on, I just thought you would be interested in this. I might be able to re-create it on another server soon. The error from subscription manager is pasted in my first comment. |
I noticed that you were using 7.2 but unfortunately the quick way is to use AWS and they gave 7.5. I shall search through AWS to see if I can find a 7.2 install. To help with trying to reproduce this, can you provide the contents of /etc/redhat-release. Running subscription-manager facts did not appear to have any issues: [root@ip-10-0-0-225 ec2-user]# subscription-manager facts WARNING The yum plugins: /etc/yum/pluginconf.d/subscription-manager.conf, /etc/yum/pluginconf.d/product-id.conf were automatically enabled for the benefit of Red Hat Subscription Management. If not desired, use "subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this behavior. [root@ip-10-0-0-225 ec2-user]# And thanks for bring this to our attention. Most of development is done with Centos 7 but QA does test against Redhat 7 and Centos 7. |
@josephname Have installed RHEL 7.2 Server with GUI from iso, installed Salt 2018.3.2 and did not encounter error running 'subscription-manager facts': [root@localhost test]# subscription-manager facts Did encounter issues installing from repo.saltstack.com for the following: where getting Header V3 RSA/SHA256 signature errors for NOKEY, which is strange especially since these come base sub-directory which are from the Centos 7.0 ISO and are only provided as a convenience for some users of Salt. From the build master: |
I don't know if it make a difference, but this was on a physical server, not virtual. |
Still think you should separate rpm into Support by Salt and dependencies, and anything in dependencies is recommended (so the dependencies repo does not have to be used). Keep in mind RHEL RPM may be built against code which is not the same available in open source version. As RHEL back port fixes they want, result in opensource version 1.1 not being the same as RHEL 1.1 of the same software. |
@josephname There should not be a difference between physical and virtual servers. I have not encountered any issues with using VirtualBox VM images compared to a physical server in my years of using it. Again I request the output of --versions-report from the server exhibiting the problem, also can you include the output of /etc/redhat-release and 'yum list openssl*'. |
@damon-atkins Splitting Salt and dependencies into different repo's will take time, especially given the number of platforms to support, and with only just over a year for Python 2 before official EOL, something to be considered for Python 3 support. |
For now, we just removed m2crypto from the salt repo on our satellite server. salt seems to work with any of the versions we've used, as long as they come from redhat. I will see if I can re-create it on another server. |
@josephname In the interests of trying to resolve this issue for you and others that may encountered it, could you provide the information I requested, thanks. |
@josephname Never mind, just managed to duplicate the issue, will debug and attempt to resolve the issue |
good deal. thank you for your patience. |
Here was the info Salt Version: Dependency Versions: System Versions: yum list openssl |
@josephname The problem appears to be the version of openssl that Salt's M2Crypto was built with |
most excellent, thank you for your quick and valuable solution! |
Packaging issues are dealt with in salt-pack repo, see vmware-archive/salt-pack#580 @josephname If this satisfies your issue, please consider closing our alternatively after the next point release. |
when it's released, should I use https://repo.saltstack.com/yum/redhat/7Server/x86_64/2018.4 ? |
@josephname The next point release for 2018.3 branch shall be called 2018.3.4. The link https://repo.saltstack.com/yum/redhat/7Server/x86_64/2018.3 is updated to always point to the newest release for that branch. If you want to remain on a particular point release, the url would be https://repo.saltstack.com/yum/redhat/7Server/x86_64/archive/2018.3.4 for the 2018.3.4. point release. Hope this clarifies for you. |
openssl versions differ between RHEL 7.2 and Centos 7.2 |
This should be resolved in the next point release for branch 2018.3 |
@dmurphy18 will this be resolved for 2018.3.3 ? or 2018.3.4 as you mentioned above |
@mattp- It is resolved for Salt 2018.3.3 which should be released soon. |
@mattp- With the recent point releases of 2018.3.4 and 2019.2.0 can you check if this is still an issue |
unfortunately, we don't have any RHEL 7.2 servers any longer. Other factors drove us to update to RHEL 7.5. Also, we started ignoring the version of m2crypto included in the salt repositories, and use only the m2crypto in redhat repositories. We've not had any issues related to m2crypto since then. Thank you for your perseverance and attention to this issue. |
@josephname Sorry to hear that. The different version of openssl between CentOS 7.2 and RHEL 7.2 was a rare case of divergence between the two versions. If you consider this issue resolved, can you consider closing it, or if there is any other issue related to this, can you let me know and I shall endeavor to resolve it. |
Yes, I will close it. Sorry if I caused confusion or trouble. |
Description of Issue/Question
running "yum update" when salt repository https://repo.saltstack.com/yum/redhat/7Server/x86_64/2018.3/ is attached will break subscription-manager in RHEL7.x servers. The error received is Error: /usr/lib64/python2.7/site-packages/M2Crypto/_m2crypto.so: symbol sk_deep_copy, version libcrypto.so.10 not defined in file libcrypto.so.10 with link time reference
Setup
(Please provide relevant configs and/or SLS files (Be sure to remove sensitive info).)
Steps to Reproduce Issue
(Include debug logs if possible and relevant.)
Versions Report
(Provided by running
salt --versions-report
. Please also mention any differences in master/minion versions.)MINION:
Salt Version:
Salt: 2018.3.2
MASTER:
Salt Version:
Salt: 2018.3.0
Dependency Versions:
cffi: Not Installed
cherrypy: Not Installed
dateutil: Not Installed
docker-py: Not Installed
gitdb: Not Installed
gitpython: Not Installed
ioflo: Not Installed
Jinja2: 2.8
libgit2: Not Installed
libnacl: Not Installed
M2Crypto: Not Installed
Mako: Not Installed
msgpack-pure: Not Installed
msgpack-python: 0.4.6
mysql-python: Not Installed
pycparser: Not Installed
pycrypto: 2.6.1
pycryptodome: Not Installed
pygit2: Not Installed
Python: 3.4.8 (default, Mar 23 2018, 10:04:27)
python-gnupg: Not Installed
PyYAML: 3.11
PyZMQ: 15.3.0
RAET: Not Installed
smmap: Not Installed
timelib: Not Installed
Tornado: 4.2.1
ZMQ: 4.1.4
System Versions:
dist: redhat 7.5 Maipo
locale: UTF-8
machine: x86_64
release: 3.10.0-862.2.3.el7.x86_64
system: Linux
version: Red Hat Enterprise Linux Server 7.5 Maipo
The text was updated successfully, but these errors were encountered: