juju bootstrap: ERROR [('PEM routines', 'PEM_read_bio', 'no start line')]

Bug #1050741 reported by Steve McInerney on 2012-09-14
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
pyjuju
Low
Unassigned
txAWS
Undecided
Unassigned

Bug Description

juju is apparently silently reading *.pem files in the CWD and then aborting on them:

Version: 0.5.1+bzr574-0juju2~quantal1

steve@dogmatix:~/juju$ rm *

steve@dogmatix:~/juju$ openssl genrsa -out rabbit-server-privkey.pem 2048
...
steve@dogmatix:~/juju$ openssl req -batch -new -x509 -key rabbit-server-privkey.pem -out rabbit-server-cert.pem -days 10000

steve@dogmatix:~/juju$ juju -l /dev/stderr bootstrap
2012-09-14 15:40:16,104 WARNING S3 API calls not using secure transport
2012-09-14 15:40:16,106 INFO Bootstrapping environment 'canonistack' (origin: distro type: ec2)...
2012-09-14 15:40:17,445 ERROR [('PEM routines', 'PEM_read_bio', 'no start line')]

steve@dogmatix:~/juju$ rm *.pem

steve@dogmatix:~/juju$ juju -l /dev/stderr bootstrap
2012-09-14 15:40:33,087 WARNING S3 API calls not using secure transport
2012-09-14 15:40:33,088 INFO Bootstrapping environment 'canonistack' (origin: distro type: ec2)...
2012-09-14 15:40:43,821 INFO 'bootstrap' command finished successfully

Clint Byrum (clint-fewbar) wrote :

This is actually txaws doing so, and not juju directly. I'm not sure its a sane behavior for a library, but would like to perhaps have some commentary from txaws developers before patching to outright disabling it. Seems like, if nothing else, the API should allow overriding this behavior, since its possible that txaws code could be run from a hostile CWD.

Changed in juju:
status: New → Triaged
importance: Undecided → High
Shang Wu (shangwu) wrote :

I encounter this issue after my upgrade to Quantal. Anyway that we can workaround this issue?

Shang Wu (shangwu) wrote :

My error message is below when I tried to deploy wordpress charm.
http://pastebin.ubuntu.com/1297149/

Shang Wu (shangwu) wrote :

Issue was resolved by removing the dead link cert-ec2.pem in the /etc/ssl/certs directory. The original file /usr/share/euca2ools/cert-ec2.pem is no longer exist for some reason.

Rex Tsai (chihchun) on 2012-10-22
Changed in txaws:
assignee: nobody → Rex Tsai (chihchun)
Rex Tsai (chihchun) wrote :

Please see merge proposal for handling broken PEM files - https://code.launchpad.net/~chihchun/txaws/txaws-lp1050741/+merge/130777

Rex Tsai (chihchun) on 2012-10-22
Changed in txaws:
status: New → Incomplete
status: Incomplete → In Progress
Shang Wu (shangwu) wrote :

Rex's patch fixes the issue for me.

Joey Stanford (joey) wrote :

Can we get this patch committed please? I'm also affected.

Shang Wu (shangwu) wrote :

@Joey, does that patch work for you?

drewp (drewp) wrote :

I used strace to see what /etc/ssl/certs/*.pem file was the last one to be read and renamed it to not end with .pem. After a few rounds of that, I was able to run juju.

Joey Stanford (joey) wrote :

@shangwu yes the patch works for me but I agree with Duncan's old comments about logging the error and not just skipping it.

Curtis Hovey (sinzui) on 2013-10-12
Changed in juju:
importance: High → Low
Rex Tsai (chihchun) on 2014-04-09
Changed in txaws:
assignee: Rex Tsai (chihchun) → nobody
status: In Progress → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers