Topic
  • 3 replies
  • Latest Post - ‏2012-09-11T15:58:21Z by flodstrom
trifo
trifo
6 Posts

Pinned topic GPFS daemon will not start with openssl enabled

‏2012-08-30T07:09:46Z |
Hi!

I have a GPFS 3.1 cluster on AIX6.1 hosts which would need to connect to a remote cluster (which runs GPFS 2.3). When I start the cluster with openssl disabled (cipherlist=NONE), then the daemon starts in order and local filesystems are nicely mounted. But in case I enable openssl (cipherlist=AUTHONLY) then the daemon will not start at all, complaining about the openssl library. I tried at least 3 versions of openssl, there was the one bundled with AIX6, the one working fine with our older clusters (0.9.7g rpm packages) and a fresh one from AIX Linux toolbox. I even tried to manually set the path to the named library using mmfsadm (the failing library name was written in the mmfs.log)

Can you tell me which openssl should I install?

The issue is not related to the older clusters - so far - because we had the same experience when trying to set up a pair of GPFS clusters, all nodes running the same software (AIX 6.1)

--Trifo
Updated on 2012-09-11T15:58:21Z at 2012-09-11T15:58:21Z by flodstrom
  • SystemAdmin
    SystemAdmin
    2092 Posts

    Re: GPFS daemon will not start with openssl enabled

    ‏2012-09-07T11:32:29Z  
    No idea if this is supported or will work on AIX, but we discovered that if you have the SSL development libraries installed when you compile the compatibility layer on Linux then it auto-magically uses the correct version of the SSL libraries on that machine.

    That said you are using GPFS 3.1 and 2.3, you need to upgrade as both of these versions are now completely unsupported by IBM.
  • flodstrom
    flodstrom
    7 Posts

    Re: GPFS daemon will not start with openssl enabled

    ‏2012-09-11T15:53:22Z  
    No idea if this is supported or will work on AIX, but we discovered that if you have the SSL development libraries installed when you compile the compatibility layer on Linux then it auto-magically uses the correct version of the SSL libraries on that machine.

    That said you are using GPFS 3.1 and 2.3, you need to upgrade as both of these versions are now completely unsupported by IBM.
    No need to do the compile step on AIX, you only have to do that on Linux.

    The OpenSSL rpm on the Linux toolbox for AIX is indeed the correct version to use (0.9.7). Maybe the OpenSSL lib has become polluted (have seen that happening before...)? Run the following command to make sure the OpenSSL shared object(s) are available.

    ar -X32_64 -tv /opt/freeware/lib/libssl.a

    You should see something like this (one is the 32bit, the other the 64bit).

    
    rw-r--r--     0/0     362538 Feb 10 16:23 2011 libssl.so.0.9.7 rw-r--r--     0/0     414263 Feb 10 16:23 2011 libssl.so.0.9.7
    


    In GPFS the OpenSSL setting should then look something like this.

    http://...
    opensslLibName /opt/freeware/lib/libssl.a(libssl.so.0.9.7)
    http://...

    However as mentioned, the versions of GPFS you are using are indeed very old. You should consider updating. It may even be due to the very old versions of GPFS that causes the OpenSSL option to not work?

    I should mention that the libssl above works fine with GPFS 3.4 (also worked fined on GPFS 3.3).
  • flodstrom
    flodstrom
    7 Posts

    Re: GPFS daemon will not start with openssl enabled

    ‏2012-09-11T15:58:21Z  
    • flodstrom
    • ‏2012-09-11T15:53:22Z
    No need to do the compile step on AIX, you only have to do that on Linux.

    The OpenSSL rpm on the Linux toolbox for AIX is indeed the correct version to use (0.9.7). Maybe the OpenSSL lib has become polluted (have seen that happening before...)? Run the following command to make sure the OpenSSL shared object(s) are available.

    ar -X32_64 -tv /opt/freeware/lib/libssl.a

    You should see something like this (one is the 32bit, the other the 64bit).

    <pre class="jive-pre"> rw-r--r-- 0/0 362538 Feb 10 16:23 2011 libssl.so.0.9.7 rw-r--r-- 0/0 414263 Feb 10 16:23 2011 libssl.so.0.9.7 </pre>

    In GPFS the OpenSSL setting should then look something like this.

    http://...
    opensslLibName /opt/freeware/lib/libssl.a(libssl.so.0.9.7)
    http://...

    However as mentioned, the versions of GPFS you are using are indeed very old. You should consider updating. It may even be due to the very old versions of GPFS that causes the OpenSSL option to not work?

    I should mention that the libssl above works fine with GPFS 3.4 (also worked fined on GPFS 3.3).
    ...Should be an edit function in the forums :).

    Discard those...
    
    http:
    //...
    

    lines, it was not what I intended to put there!