Hi,
On 4/11/25 18:33, Stephan Hohn wrote:
- cryptsetup version check isn't working at least in the container image of
v18.2.5 (
https://github.com/ceph/ceph/blob/reef/src/ceph-volume/ceph_volume/util/encryption.py)
which leads to encrypted osds not starting due to "'Error while checking
cryptsetup version.\n', '`cryptsetup --version` output:\n', 'cryptsetup
2.7.2 flags: UDEV BLKID KEYRING FIPS KERNEL_CAPI PWQUALITY '"
The release seems to be broken. In 18.2.4 the support for cryptsetup in
newer RHEL releases was missing. This also affected Debian 12. A patch
is available in a bug tracker entry (not sure which one). This patch
seems to be applied to 18.2.5, but someone seems to mixed up the
functions in the python re packages....
The output of 'cryptsetup --version' (at least for Debian 12) is:
(Pdb) p out
['cryptsetup 2.6.1 flags: UDEV BLKID KEYRING KERNEL_CAPI ']
The regex in
https://github.com/ceph/ceph/blob/v18.2.5/src/ceph-volume/ceph_volume/util/encryption.py#L50
is applied using 'match', which matches at the _beginning_ of the
string. The original patch uses a slightly different regex and the
_search_ function. Changing this fixes the bug:
(Pdb) n
>
/usr/lib/python3/dist-packages/ceph_volume/util/encryption.py(50)set_dmcrypt_no_workqueue()
-> cryptsetup_version = re.search(pattern, out[0])
(Pdb) n
>
/usr/lib/python3/dist-packages/ceph_volume/util/encryption.py(52)set_dmcrypt_no_workqueue()
-> if cryptsetup_version is None:
(Pdb) p out[0]
'cryptsetup 2.6.1 flags: UDEV BLKID KEYRING KERNEL_CAPI '
(Pdb) p pattern
'\\b\\d+(\\.\\d+)*\\b'
(Pdb) p cryptsetup_version
<re.Match object; span=(11, 16), match='2.6.1'>
Time for a hotfix...
Best regards,
Burkhard Linkle
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
