** Changed in: salt (Ubuntu Bionic)
Status: Confirmed => In Progress
** Description changed:
[Impact]
- * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release,
+ * salt fails to start with OpenSSL 1.1.1 (which is in cosmic-release,
bionic-proposed)
[Test Case]
- * bionic-only: install openssl/libssl1.1 from bionic-proposed
+ * install openssl/libssl1.1 from bionic-proposed
- sudo apt install salt-master
- sudo salt --versions-report
+ sudo apt install salt-master
+ sudo salt --versions-report
- [bad] Python traceback ending in:
- ssl.SSLError: unknown error (_ssl.c:2788)
+ [bad] Python traceback ending in:
+ ssl.SSLError: unknown error (_ssl.c:2788)
- [good] a table of version numbers
+ [good] a table of version numbers
Salt Version:
- Salt: 2018.3.0
+ Salt: 2018.3.0
...
-
[Fix]
- * Unused imports, and 1.1.1 incompatible libcrypto init functions in
+ * Unused imports, and 1.1.1 incompatible libcrypto init functions in
salt are causing it to fail to start with OpenSSL 1.1.1. The upstream
patches that were merged into stable branch make it compatible with
either 1.1.0 or 1.1.1.
+ * Note that for bionic above is sufficent by itself. In cosmic, python-
+ tornado got upgraded from v4 to v5 and salt is incompatible with it.
+ Hence salt in cosmic is currently complete busted due to this issue and
+ lack of tornado4. I have now requested and SRU to reintroduce tornado4
+ into cosmic to unbreak salt in cosmic. But it may take much longer than
+ the smaller fix for bionic.
+
[Regression Potential]
- * The underlying behavior of crypto with or without these patches is
+ * The underlying behavior of crypto with or without these patches is
not changed. There are no versioned breaks to prevent upgrading
libssl1.1 whilst salt is installed, but this fix should make salt
compatible with any openssl releases. Currently, salt is completely
broken in cosmic-release (fails to start) so it's hard to regress
further than that in cosmic.
[Other Info]
-
- * Full traceback
+
+ * Full traceback
# sudo apt install salt-master
# sudo salt --versions-report
Traceback (most recent call last):
File "/usr/bin/salt", line 10, in <module>
salt_main()
File "/usr/lib/python3/dist-packages/salt/scripts.py", line 476, in
salt_main
client.run()
File "/usr/lib/python3/dist-packages/salt/cli/salt.py", line 33, in run
import salt.client
File "/usr/lib/python3/dist-packages/salt/client/__init__.py", line 31, in
<module>
import salt.cache
File "/usr/lib/python3/dist-packages/salt/cache/__init__.py", line 18, in
<module>
import salt.loader
File "/usr/lib/python3/dist-packages/salt/loader.py", line 26, in <module>
import salt.utils.event
File "/usr/lib/python3/dist-packages/salt/utils/event.py", line 70, in
<module>
import tornado.iostream
File "/usr/lib/python3/dist-packages/tornado/iostream.py", line 40, in
<module>
from tornado.netutil import ssl_wrap_socket, _client_ssl_defaults,
_server_ssl_defaults
File "/usr/lib/python3/dist-packages/tornado/netutil.py", line 45, in
<module>
ssl.Purpose.SERVER_AUTH)
File "/usr/lib/python3.6/ssl.py", line 502, in create_default_context
context = SSLContext(PROTOCOL_TLS)
File "/usr/lib/python3.6/ssl.py", line 391, in __new__
self = _SSLContext.__new__(cls, protocol)
ssl.SSLError: unknown error (_ssl.c:2788)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1823332
Title:
salt --versions-report broken in bionic/cosmic with openssl 1.1.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/salt/+bug/1823332/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
