I have a GPFS 3.1 cluster on AIX6.1 hosts which would need to connect to a remote cluster (which runs GPFS 2.3). When I start the cluster with openssl disabled (cipherlist=NONE), then the daemon starts in order and local filesystems are nicely mounted. But in case I enable openssl (cipherlist=AUTHONLY) then the daemon will not start at all, complaining about the openssl library. I tried at least 3 versions of openssl, there was the one bundled with AIX6, the one working fine with our older clusters (0.9.7g rpm packages) and a fresh one from AIX Linux toolbox. I even tried to manually set the path to the named library using mmfsadm (the failing library name was written in the mmfs.log)
Can you tell me which openssl should I install?
The issue is not related to the older clusters - so far - because we had the same experience when trying to set up a pair of GPFS clusters, all nodes running the same software (AIX 6.1)
Pinned topic GPFS daemon will not start with openssl enabled
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-09-11T15:58:21Z at 2012-09-11T15:58:21Z by flodstrom
SystemAdmin 110000D4XK2092 Posts
Re: GPFS daemon will not start with openssl enabled2012-09-07T11:32:29ZThis is the accepted answer. This is the accepted answer.No idea if this is supported or will work on AIX, but we discovered that if you have the SSL development libraries installed when you compile the compatibility layer on Linux then it auto-magically uses the correct version of the SSL libraries on that machine.
That said you are using GPFS 3.1 and 2.3, you need to upgrade as both of these versions are now completely unsupported by IBM.
flodstrom 0600029Q7U7 Posts
Re: GPFS daemon will not start with openssl enabled2012-09-11T15:53:22ZThis is the accepted answer. This is the accepted answer.
- SystemAdmin 110000D4XK
The OpenSSL rpm on the Linux toolbox for AIX is indeed the correct version to use (0.9.7). Maybe the OpenSSL lib has become polluted (have seen that happening before...)? Run the following command to make sure the OpenSSL shared object(s) are available.
ar -X32_64 -tv /opt/freeware/lib/libssl.a
You should see something like this (one is the 32bit, the other the 64bit).
rw-r--r-- 0/0 362538 Feb 10 16:23 2011 libssl.so.0.9.7 rw-r--r-- 0/0 414263 Feb 10 16:23 2011 libssl.so.0.9.7
In GPFS the OpenSSL setting should then look something like this.
However as mentioned, the versions of GPFS you are using are indeed very old. You should consider updating. It may even be due to the very old versions of GPFS that causes the OpenSSL option to not work?
I should mention that the libssl above works fine with GPFS 3.4 (also worked fined on GPFS 3.3).
flodstrom 0600029Q7U7 Posts
Re: GPFS daemon will not start with openssl enabled2012-09-11T15:58:21ZThis is the accepted answer. This is the accepted answer.
- flodstrom 0600029Q7U
lines, it was not what I intended to put there!