On Tuesday, July 29, 2025 9:15:58 AM Eastern Daylight Time gagan tiwari wrote: > The OS is RockyLinux9.6 > > On Tue, Jul 29, 2025 at 6:45 PM gagan tiwari < > gagan.tiw...@mathisys-india.com> wrote: > > > > Hi Guys, > > > > I am trying to install via cephadm but getting the > > > > following error. > > There is no firewall running on the server. > > > > > > > > Please advise > > > > > > > > [root@ceph-mon1 ~]# curl --silent --remote-name --location > > https://download.ceph.com/rpm-${CEPH_RELEASE}/el9/noarch/cephadm > > [root@ceph-mon1 ~]# > > [root@ceph-mon1 ~]# chmod +x cephadm > > [root@ceph-mon1 ~]# > > [root@ceph-mon1 ~]# getenforce ^C > > [root@ceph-mon1 ~]# ./cephadm install > > Installing packages ['cephadm']... > > [root@ceph-mon1 ~]# > > [root@ceph-mon1 ~]# ./cephadm add-repo --release squid > > Traceback (most recent call last): > > > > File "/usr/lib64/python3.9/urllib/request.py", line 1346, in do_open > > > > h.request(req.get_method(), req.selector, req.data, headers, > > > > File "/usr/lib64/python3.9/http/client.py", line 1285, in request > > > > self._send_request(method, url, body, headers, encode_chunked) > > > > File "/usr/lib64/python3.9/http/client.py", line 1331, in _send_request > > > > self.endheaders(body, encode_chunked=encode_chunked) > > > > File "/usr/lib64/python3.9/http/client.py", line 1280, in endheaders > > > > self._send_output(message_body, encode_chunked=encode_chunked) > > > > File "/usr/lib64/python3.9/http/client.py", line 1040, in _send_output > > > > self.send(msg) > > > > File "/usr/lib64/python3.9/http/client.py", line 980, in send > > > > self.connect() > > > > File "/usr/lib64/python3.9/http/client.py", line 1454, in connect > > > > self.sock = self._context.wrap_socket(self.sock, > > > > File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket > > > > return self.sslsocket_class._create( > > > > File "/usr/lib64/python3.9/ssl.py", line 1074, in _create > > > > self.do_handshake() > > > > File "/usr/lib64/python3.9/ssl.py", line 1343, in do_handshake > > > > self._sslobj.do_handshake() > > > > ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] > > certificate > > verify failed: unable to get local issuer certificate (_ssl.c:1147) > > > > > > > > During handling of the above exception, another exception occurred: > > > > > > > > Traceback (most recent call last): > > > > File "/usr/lib64/python3.9/runpy.py", line 197, in _run_module_as_main > > > > return _run_code(code, main_globals, None, > > > > File "/usr/lib64/python3.9/runpy.py", line 87, in _run_code > > > > exec(code, run_globals) > > > > File "/root/./cephadm/__main__.py", line 5581, in <module> > > File "/root/./cephadm/__main__.py", line 5569, in main > > File "/root/./cephadm/__main__.py", line 4576, in command_add_repo > > File "/root/./cephadm/cephadmlib/packagers.py", line 412, in validate > > File "/usr/lib64/python3.9/urllib/request.py", line 214, in urlopen > > > > return opener.open(url, data, timeout) > > > > File "/usr/lib64/python3.9/urllib/request.py", line 517, in open > > > > response = self._open(req, data) > > > > File "/usr/lib64/python3.9/urllib/request.py", line 534, in _open > > > > result = self._call_chain(self.handle_open, protocol, protocol + > > > > File "/usr/lib64/python3.9/urllib/request.py", line 494, in _call_chain > > > > result = func(*args) > > > > File "/usr/lib64/python3.9/urllib/request.py", line 1389, in https_open > > > > return self.do_open(http.client.HTTPSConnection, req, > > > > File "/usr/lib64/python3.9/urllib/request.py", line 1349, in do_open > > > > raise URLError(err) > > > > urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] > > certificate verify failed: unable to get local issuer certificate > > (_ssl.c:1147)> > >
The system seems unable to validate the TLS/SSL cert of the server hosting the ceph package repo. There's apparently an uncaught exception here when the SSL library fails. This is worth a tracker issue I think. In the short tern we can try to figure out what URL it's going to be using and you can see if another tool, like curl, encounters the same problem. Try running `curl https://download.ceph.com` Also, what version of ceph did you choose when you downloaded the cephadm binary? Thanks. _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
