rsyslogd fails to load lmnsd_gtls.so

Bug #869881 reported by Mark Merritt
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
rsyslog (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

rsyslog fails to load tls functionality.

Relevant section from rsyslog.conf:
(full file is attached, contents of /etc/rsyslog.d is unmodified from package defaults, and running `rsyslogd -f /etc/rsyslog.conf -c4 -N1` does not show any configuration errors. The remote logging section is copy-pasted from a working debian 6 box)
########################
#### REMOTE LOGGING ####
########################
# certificate files
$DefaultNetstreamDriverCAFile /root/ssl/ca.pem
$DefaultNetstreamDriverCertFile /root/ssl/generic-cert.pem
$DefaultNetstreamDriverKeyFile /root/ssl/generic-key.pem

# set up the action
$DefaultNetstreamDriver gtls # use gtls netstream driver
$ActionSendStreamDriverMode 1 # require TLS for the connection
$ActionSendStreamDriverAuthMode x509/certvalid

*.* @@(o)10.181.60.127:10514 # send (all) messages

Error written to syslog:
Oct 7 09:59:01 alpha rsyslogd-2068: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078

Relevant info from running in debug mode (full debug output is attached):
7508.666438320:main queue:Reg/w0: unexpected GnuTLS error -64 in nsd_gtls.c:574: Error while reading file.

I have also attached strace output from rsyslog.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: rsyslog-gnutls 4.2.0-2ubuntu8.1
Uname: Linux 2.6.35.4-rscloud x86_64
Architecture: amd64
Date: Fri Oct 7 09:38:03 2011
ProcEnviron: SHELL=/bin/bash
SourcePackage: rsyslog

Revision history for this message
Mark Merritt (3y9m2vc-mark) wrote :
Revision history for this message
Mark Merritt (3y9m2vc-mark) wrote :

This thread from the rsyslog mailing list appears to describe the same issue: http://lists.adiscon.net/pipermail/rsyslog/2011-April/013265.html

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in rsyslog (Ubuntu):
status: New → Confirmed
Revision history for this message
schmooster (schmooster) wrote : apport information

ApportVersion: 2.8-0ubuntu1
Architecture: amd64
DistroRelease: Ubuntu 13.04
MarkForUpload: True
NonfreeKernelModules: fglrx
Package: rsyslog 5.8.11-2ubuntu1
PackageArchitecture: amd64
ProcEnviron:
 LANGUAGE=en_GB:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.8.0-0.3-generic 3.8.0-rc3
Tags: raring uec-images
Uname: Linux 3.8.0-0-generic x86_64
UpgradeStatus: Upgraded to raring on 2012-12-03 (43 days ago)
UserGroups: adm admin audio cdrom debian-tor dialout floppy fuse libvirtd lpadmin mythtv netdev plugdev polkituser powerdev root sambashare sudo video
modified.conffile..etc.apparmor.d.usr.sbin.rsyslogd: [deleted]

tags: added: apport-collected raring uec-images
Revision history for this message
schmooster (schmooster) wrote : Dependencies.txt

apport information

Revision history for this message
schmooster (schmooster) wrote :

http://kb.monitorware.com/problems-loading-tls-plugin-t10921.html suggests that "could not load module '/usr/local/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078" actually means "I can't read your ca.pem file...[snipped]"

So, in my case, ` sudo /usr/sbin/rsyslogd -c5 -dn ` contained the following output:
5848.863681948:7f061271d700: GTLS CA file: '/var/lib/orchestra/ssl-cert-orchestra-ca.pem'
5848.863722114:7f0614795740: Exec only when previous is suspended: 0
5848.864106720:7f061271d700: unexpected GnuTLS error -64 in nsd_gtls.c:583: Error while reading file.
5848.864137883:7f061271d700: Called LogError, msg: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078

/var/lib/orchestra/ssl-cert-orchestra-ca.pem does not exist for me at this time.

In the debug log provided by Mark above, I can see the following:
7508.666383742:main queue:Reg/w0: GTLS CA file: '/root/ssl/ca.pem'
7508.666438320:main queue:Reg/w0: unexpected GnuTLS error -64 in nsd_gtls.c:574: Error while reading file.
7508.666458318:main queue:Reg/w0: Called LogError, msg: could not load module '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078

Revision history for this message
schmooster (schmooster) wrote :

Following directly on from the previous comment, removing the various ubuntu-orchestra packages causes the 'lmnsd_gtls.so' complaint to disappear:
`sudo apt-get remove --purge ubuntu-orchestra-*`

Revision history for this message
Simon Déziel (sdeziel) wrote :

I tested a rsyslog client talking to a rsyslog server both using `rsyslog-gnutls 8.2112.0-2ubuntu2.2` on Ubuntu 22.04 and it worked fine. There, there is no error loading "/usr/lib/x86_64-linux-gnu/rsyslog/lmnsd_gtls.so" as long as the `-gnutls` package is installed. I used only a cert (from Let's Encrypt) on the server side but I enabled Apparmor on both sides.

I'm not sure if your error could have been due to having enabled the Apparmor profile and using certificate files stored under `/root/ssl` which isn't permitted by the Apparmor profile? Marking as incomplete until you can report on the Apparmor profile situation.

Changed in rsyslog (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
schmooster (schmooster) wrote : Re: [Bug 869881] Re: rsyslogd fails to load lmnsd_gtls.so

Hi Simon,

It is unlikely I will be able to replicate the scenario at this time.
Please feel free to close off this case.

Kind regards,
Gaz/schmooster

On Mon, 16 Jan 2023 at 05:25, Simon Déziel <email address hidden>
wrote:

> I tested a rsyslog client talking to a rsyslog server both using
> `rsyslog-gnutls 8.2112.0-2ubuntu2.2` on Ubuntu 22.04 and it worked fine.
> There, there is no error loading "/usr/lib/x86_64-linux-
> gnu/rsyslog/lmnsd_gtls.so" as long as the `-gnutls` package is
> installed. I used only a cert (from Let's Encrypt) on the server side
> but I enabled Apparmor on both sides.
>
> I'm not sure if your error could have been due to having enabled the
> Apparmor profile and using certificate files stored under `/root/ssl`
> which isn't permitted by the Apparmor profile? Marking as incomplete
> until you can report on the Apparmor profile situation.
>
> ** Changed in: rsyslog (Ubuntu)
> Status: Confirmed => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/869881
>
> Title:
> rsyslogd fails to load lmnsd_gtls.so
>
> Status in rsyslog package in Ubuntu:
> Incomplete
>
> Bug description:
> rsyslog fails to load tls functionality.
>
> Relevant section from rsyslog.conf:
> (full file is attached, contents of /etc/rsyslog.d is unmodified from
> package defaults, and running `rsyslogd -f /etc/rsyslog.conf -c4 -N1`
> does not show any configuration errors. The remote logging section is
> copy-pasted from a working debian 6 box)
> ########################
> #### REMOTE LOGGING ####
> ########################
> # certificate files
> $DefaultNetstreamDriverCAFile /root/ssl/ca.pem
> $DefaultNetstreamDriverCertFile /root/ssl/generic-cert.pem
> $DefaultNetstreamDriverKeyFile /root/ssl/generic-key.pem
>
>
> # set up the action
> $DefaultNetstreamDriver gtls # use gtls netstream driver
> $ActionSendStreamDriverMode 1 # require TLS for the connection
> $ActionSendStreamDriverAuthMode x509/certvalid
>
> *.* @@(o)10.181.60.127:10514 # send (all) messages
>
>
> Error written to syslog:
> Oct 7 09:59:01 alpha rsyslogd-2068: could not load module
> '/usr/lib/rsyslog/lmnsd_gtls.so', rsyslog error -2078
>
> Relevant info from running in debug mode (full debug output is
> attached):
> 7508.666438320:main queue:Reg/w0: unexpected GnuTLS error -64 in
> nsd_gtls.c:574: Error while reading file.
>
> I have also attached strace output from rsyslog.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: rsyslog-gnutls 4.2.0-2ubuntu8.1
> Uname: Linux 2.6.35.4-rscloud x86_64
> Architecture: amd64
> Date: Fri Oct 7 09:38:03 2011
> ProcEnviron: SHELL=/bin/bash
> SourcePackage: rsyslog
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/869881/+subscriptions
>
>

Revision history for this message
Simon Déziel (sdeziel) wrote :

Yeah, I figured it was likely the outcome when I replied to a bug that was last touched 10 years ago ;) The bug will close itself in ~60 days if nothing happen so I think that's OK. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for rsyslog (Ubuntu) because there has been no activity for 60 days.]

Changed in rsyslog (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.