** Description changed: - The rbd-target-api fails to start on Ubuntu Impish (21.10) and later. - This appears to be caused by a werkzeug package revision check in rbd- - target-api. The check is used to decide whather to add an - OpenSSL.SSL.Context or a ssl.SSLContext. The code comment suggests that - ssl.SSLContext is used for werkzeug 0.9 so that TLSv1.2 can be used. It - is also worth noting that support for OpenSSL.SSL.Context was dropped in - werkzeug 0.10. The intention of the check appears to be to add - OpenSSL.SSL.Context if the version of is werkzeug is below 0.9 - otherwise use ssl.SSLContext. When rbd-target-api checks the werkzeug - revision it only looks at the minor revision number and Ubuntu Impish - contains werkzeug 1.0.1 which obviously has a minor revision number of 0 - which causes rbd-target-api to use an OpenSSL.SSL.Context which is not - supported by werkzeug which causes: + [Impact] + Its not possible to configure the RBD target API with TLS with newer versions of werkzeug as found in Ubuntu Impish and later. + + [Test Case] + Deploy and configure the RBD target API service with TLS encryption. + (ceph-iscsi charm can be used todo this) + Service will fail to start with error reported in the original bug report + + [What might go wrong] + The change proposed ensures that versions of Werkzeug >= 1.0.0 are also correctly configured to use the TLSv1.2 support. Its fairly simple in approach to regression potential is fairly low. + + [Original Bug Report] + The rbd-target-api fails to start on Ubuntu Impish (21.10) and later. This appears to be caused by a werkzeug package revision check in rbd-target-api. The check is used to decide whather to add an OpenSSL.SSL.Context or a ssl.SSLContext. The code comment suggests that ssl.SSLContext is used for werkzeug 0.9 so that TLSv1.2 can be used. It is also worth noting that support for OpenSSL.SSL.Context was dropped in werkzeug 0.10. The intention of the check appears to be to add OpenSSL.SSL.Context if the version of is werkzeug is below 0.9 otherwise use ssl.SSLContext. When rbd-target-api checks the werkzeug revision it only looks at the minor revision number and Ubuntu Impish contains werkzeug 1.0.1 which obviously has a minor revision number of 0 which causes rbd-target-api to use an OpenSSL.SSL.Context which is not supported by werkzeug which causes: # /usr/bin/rbd-target-api - * Serving Flask app 'rbd-target-api' (lazy loading) - * Environment: production - WARNING: This is a development server. Do not use it in a production deployment. - Use a production WSGI server instead. - * Debug mode: off + * Serving Flask app 'rbd-target-api' (lazy loading) + * Environment: production + WARNING: This is a development server. Do not use it in a production deployment. + Use a production WSGI server instead. + * Debug mode: off Traceback (most recent call last): - File "/usr/bin/rbd-target-api", line 3022, in <module> - main() - File "/usr/bin/rbd-target-api", line 2952, in main - app.run(host=settings.config.api_host, - File "/usr/lib/python3/dist-packages/flask/app.py", line 922, in run - run_simple(t.cast(str, host), port, self, **options) - File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 1010, in run_simple - inner() - File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 950, in inner - srv = make_server( - File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 782, in make_server - return ThreadedWSGIServer( - File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 708, in __init__ - self.socket = ssl_context.wrap_socket(self.socket, server_side=True) + File "/usr/bin/rbd-target-api", line 3022, in <module> + main() + File "/usr/bin/rbd-target-api", line 2952, in main + app.run(host=settings.config.api_host, + File "/usr/lib/python3/dist-packages/flask/app.py", line 922, in run + run_simple(t.cast(str, host), port, self, **options) + File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 1010, in run_simple + inner() + File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 950, in inner + srv = make_server( + File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 782, in make_server + return ThreadedWSGIServer( + File "/usr/lib/python3/dist-packages/werkzeug/serving.py", line 708, in __init__ + self.socket = ssl_context.wrap_socket(self.socket, server_side=True) AttributeError: 'Context' object has no attribute 'wrap_socket' Reported upstream here: https://github.com/ceph/ceph-iscsi/issues/255
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965280 Title: rbd-target-api will not start AttributeError: 'Context' object has no attribute 'wrap_socket' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ceph-iscsi/+bug/1965280/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
