txAWS

juju bootstrap: ERROR [('PEM routines', 'PEM_read_bio', 'no start line')]

Bug #1050741 reported by Steve McInerney
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
pyjuju
Triaged
Low
Unassigned
txAWS
Confirmed
Undecided
Unassigned

Bug Description

juju is apparently silently reading *.pem files in the CWD and then aborting on them:

Version: 0.5.1+bzr574-0juju2~quantal1

steve@dogmatix:~/juju$ rm *

steve@dogmatix:~/juju$ openssl genrsa -out rabbit-server-privkey.pem 2048
...
steve@dogmatix:~/juju$ openssl req -batch -new -x509 -key rabbit-server-privkey.pem -out rabbit-server-cert.pem -days 10000

steve@dogmatix:~/juju$ juju -l /dev/stderr bootstrap
2012-09-14 15:40:16,104 WARNING S3 API calls not using secure transport
2012-09-14 15:40:16,106 INFO Bootstrapping environment 'canonistack' (origin: distro type: ec2)...
2012-09-14 15:40:17,445 ERROR [('PEM routines', 'PEM_read_bio', 'no start line')]

steve@dogmatix:~/juju$ rm *.pem

steve@dogmatix:~/juju$ juju -l /dev/stderr bootstrap
2012-09-14 15:40:33,087 WARNING S3 API calls not using secure transport
2012-09-14 15:40:33,088 INFO Bootstrapping environment 'canonistack' (origin: distro type: ec2)...
2012-09-14 15:40:43,821 INFO 'bootstrap' command finished successfully

Revision history for this message
Clint Byrum (clint-fewbar) wrote :

This is actually txaws doing so, and not juju directly. I'm not sure its a sane behavior for a library, but would like to perhaps have some commentary from txaws developers before patching to outright disabling it. Seems like, if nothing else, the API should allow overriding this behavior, since its possible that txaws code could be run from a hostile CWD.

Changed in juju:
status: New → Triaged
importance: Undecided → High
Revision history for this message
Shang Wu (shangwu) wrote :

I encounter this issue after my upgrade to Quantal. Anyway that we can workaround this issue?

Revision history for this message
Shang Wu (shangwu) wrote :

My error message is below when I tried to deploy wordpress charm.
http://pastebin.ubuntu.com/1297149/

Revision history for this message
Shang Wu (shangwu) wrote :

Issue was resolved by removing the dead link cert-ec2.pem in the /etc/ssl/certs directory. The original file /usr/share/euca2ools/cert-ec2.pem is no longer exist for some reason.

Rex Tsai (chihchun)
Changed in txaws:
assignee: nobody → Rex Tsai (chihchun)
Revision history for this message
Rex Tsai (chihchun) wrote :

Please see merge proposal for handling broken PEM files - https://code.launchpad.net/~chihchun/txaws/txaws-lp1050741/+merge/130777

Rex Tsai (chihchun)
Changed in txaws:
status: New → Incomplete
status: Incomplete → In Progress
Revision history for this message
Shang Wu (shangwu) wrote :

Rex's patch fixes the issue for me.

Revision history for this message
Joey Stanford (joey) wrote :

Can we get this patch committed please? I'm also affected.

Revision history for this message
Shang Wu (shangwu) wrote :

@Joey, does that patch work for you?

Revision history for this message
drewp (drewp) wrote :

I used strace to see what /etc/ssl/certs/*.pem file was the last one to be read and renamed it to not end with .pem. After a few rounds of that, I was able to run juju.

Revision history for this message
Joey Stanford (joey) wrote :

@shangwu yes the patch works for me but I agree with Duncan's old comments about logging the error and not just skipping it.

Curtis Hovey (sinzui)
Changed in juju:
importance: High → Low
Rex Tsai (chihchun)
Changed in txaws:
assignee: Rex Tsai (chihchun) → nobody
status: In Progress → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.