Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xCAT Installation Fails on Rocky Linux 9.5 Due to OpenSSL Compatibility #7481

Open
Milisha-Gupta opened this issue Dec 4, 2024 · 5 comments · May be fixed by #7482
Open

xCAT Installation Fails on Rocky Linux 9.5 Due to OpenSSL Compatibility #7481

Milisha-Gupta opened this issue Dec 4, 2024 · 5 comments · May be fixed by #7482
Labels
rh9 all issues for rh9 type:bug

Comments

@Milisha-Gupta
Copy link

Description:
The xCAT installation on Rocky Linux 9.5 fails due to an issue with OpenSSL compatibility. Rocky Linux 9.5 includes OpenSSL 3.2.2, which does not appear to be compatible with xCAT. During the configuration step, when xcat tries to generate certs or when running xcatconfig -c throws the following error:

image

image
@abhishek-sa1
Copy link
Contributor

abhishek-sa1 commented Dec 4, 2024
edited
Loading

@Obihoernchen @ocfmatt can you help us on this?

@Obihoernchen
Copy link
Member

This seems to be the issue: openssl/openssl#22966

Obihoernchen added a commit to Obihoernchen/xcat-core that referenced this issue Dec 4, 2024
@Obihoernchen
Fix certificate creation with OpenSSL >= 3.2 (fixes xcat2#7481)
ddbeb29
@Obihoernchen Obihoernchen linked a pull request Dec 4, 2024 that will close this issue
Open
@Obihoernchen
Copy link
Member

Please test #7482

@Obihoernchen Obihoernchen added type:bug rh9 all issues for rh9 labels Dec 5, 2024
@ChrisPJames
Copy link

Thanks for submitting this. Was about to do the same.

@ChrisPJames
Copy link

This is what i had to do to get the installation working under rocky9.5:

Download the go-xcat tool using wget:

wget https://raw.githubusercontent.com/xcat2/xcat-core/master/xCAT-server/share/xcat/tools/go-xcat -O - >/tmp/go-xcat

chmod +x /tmp/go-xcat

Run the go-xcat tool with the devel option:

/tmp/go-xcat -x devel install

NOTE: This will fail with the certificate issue but carry on with the below.

cp /opt/xcat/share/xcat/ca/openssl.cnf.tmpl /opt/xcat/share/xcat/ca/openssl.cnf.tmpl.orig

vim /opt/xcat/share/xcat/ca/openssl.cnf.tmpl

Comment out anything with authorityKeyIdentifier i.e.:

#authorityKeyIdentifier=keyid,issuer
#authorityKeyIdentifier=keyid,issuer
#authorityKeyIdentifier=keyid:always,issuer
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
#authorityKeyIdentifier=keyid:always
#authorityKeyIdentifier=keyid,issuer

cp /opt/xcat/share/xcat/scripts/setup-dockerhost-cert.sh /opt/xcat/share/xcat/scripts/setup-dockerhost-cert.sh.orig

vim /opt/xcat/share/xcat/scripts/setup-dockerhost-cert.sh

Make the following change:

Comment out:
#openssl req -config ca/openssl.cnf -new -key ca/dockerhost-key.pem -out cert/dockerhost-req.pem -extensions server -subj "/CN=$CNA"

Change to:
openssl req -config ca/openssl.cnf -new -key ca/dockerhost-key.pem -out cert/dockerhost-req.pem -subj "/CN=$CNA"

Source the profile to add xCAT Commands to your path:
source /etc/profile.d/xcat.sh

Reinitialise the xcat installation:
xcatconfig -i -c -s

Check the xCAT version:
lsxcatd -a

Version 2.17.0 (git commit f7e389a0c03fb18f8f1236cb4ad3fe8605765c51, built Mon Jan 13 01:15:40 CET 2025)
This is a Management Node
dbengine=SQLite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
rh9 all issues for rh9 type:bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix certificate creation with OpenSSL >= 3.2 (fixes #7481) Obihoernchen/xcat-core
4 participants
@Obihoernchen @ChrisPJames @Milisha-Gupta @abhishek-sa1