前言
近期在做信创工作,运维Informatica的同事,在之前我为他做了个华为fusioninsight集群内节点与其Informatica服务器的infa用户的ssh免密通信。近期Informatica要对接Gaussdb。
一、问题描述
运维Informatica的同事,在之前我为他做了个华为fusioninsight集群内节点与其Informatica服务器的infa用户的ssh免密通信。近期Informatica要对接Gaussdb。他在infa用户下创建了用来放Gaussdb的动态库 文件/home/infa/gaussdb/lib目录,但是在.bashrc文件中增加相关LD_LIBRARY_PATH配置后,再次执行ssh命令报下面错误:
[infa@etltest5 ~]$ ssh
ssh: symbol lookup error: ssh: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
二、原因分析
在同事给我反馈问题后,我登录服务器后先看了下其.bashrc文件环境变量配置如下:
export PATH=$PATH:/usr/local/oracle/instantclient_11_2
export ORACLE_HOME=/usr/local/oracle/instantclient_11_2
export ORACLE_BASE=/usr/local/oracle/instantclient_11_2
export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2
export TNS_ADMIN=/usr/local/oracle/instantclient_11_2
export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16GBK"
export INFA_CODEPAGENAME=MS936
export PM_CODEPAGENAME=MS936
export LANG=C
export LC_ALL=C
export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2:/home/infa/gaussdb/lib:$LD_LIBRARY_PATH
export INFA_HOME=/home/infa/Informatica/10.2.0
export ODBCHOME=/home/infa/Informatica/10.2.0/ODBC7.1
export LIB_PATH=$LIB_PATH:$ODBCHOME/lib
export SHLIB_PATH=$SHLIB_PATH:$ODBCHOME/lib
export PATH=$PATH:$ODBCHOME/bin:$ODBCHOME/tools:$INFA_HOME/server/bin
export ODBCINI=$ODBCHOME/odbc.ini
export ODBCINST=$ODBCHOME/odbcinst.ini
export DD_INSTALLDIR=/home/infa/Informatica/10.2.0/ODBC7.1
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ODBCHOME/lib:$INFA_HOME/server/bin
起码看着配置文件中的环境变量配置没有问题,于是手动执行ssh命令:
[infa@etltest5 ~]$ source .bashrc
[infa@etltest5 ~]$ ssh
ssh: symbol lookup error: ssh: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b
果然报错,然后我修改了其LD_LIBRARY_PATH,将/home/infa/gaussdb/lib配置给删除,然后再次执行:
[infa@etltest5 ~]$ vim .bashrc
[infa@etltest5 ~]$ source .bashrc
[infa@etltest5 ~]$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
[-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
[-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
[-i identity_file] [-J [user@]host[:port]] [-L address]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-Q query_option] [-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] destination [command]
这次执行ssh命令是可以正常的,根据上面简单测试,我猜测出现此问题的可能性是因为指定/home/infa/gaussdb/lib动态库文件后,/usr/bin/ssh的动态库文件在/usr/bin/ssh执行的时候被指定错了而不是缺少,因为前面测试了去掉此库路径配置是正常的!
那怎么看ssh的动态库是否指定正确呢?
这里介绍一个命令ldd。在linux中, ldd是list, dynamic, dependencies的缩写, 意思是:列出动态库依赖关系。各位可以用ldd –help或者man ldd来看其用法。我这里就不列详细用法了~
现在先来看下正常情况下/usr/bin/ssh的动态库引用:
[infa@etltest5 ~]$ ldd /usr/bin/ssh
linux-vdso.so.1 (0x00007ffc5b1f9000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fa46d15f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa46cf5b000)
libutil.so.1 => /lib64/libutil.so.1 (0x00007fa46cd57000)
libz.so.1 => /lib64/libz.so.1 (0x00007fa46cb3f000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fa46c916000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa46c6ff000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa46c4d5000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fa46c280000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa46bf96000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa46bd7f000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa46bb7b000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa46b7b6000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa46b596000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa46d906000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fa46b312000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fa46b101000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa46aefd000)
从上面输出结果可以看到,/usr/bin/ssh命令实际指向的都是/lib64下的库文件。
而现在报错时候的/usr/bin/ssh命令指向的文件:
[infa@etltest5 ~]$ ldd /usr/bin/ssh
linux-vdso.so.1 (0x00007fffb17e4000)
libcrypto.so.1.1 => /home/infa/gaussdb/lib/libcrypto.so.1.1 (0x00007f0990162000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f098ff5e000)
libutil.so.1 => /lib64/libutil.so.1 (0x00007f098fd5a000)
libz.so.1 => /lib64/libz.so.1 (0x00007f098fb42000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f098f919000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f098f702000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f098f4d8000)
libgssapi_krb5.so.2 => /home/infa/Informatica/10.2.0/server/bin/libgssapi_krb5.so.2 (0x00007f098f290000)
libkrb5.so.3 => /home/infa/Informatica/10.2.0/server/bin/libkrb5.so.3 (0x00007f098efbd000)
libk5crypto.so.3 => /home/infa/Informatica/10.2.0/server/bin/libk5crypto.so.3 (0x00007f098ed8e000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f098eb8a000)
libc.so.6 => /lib64/libc.so.6 (0x00007f098e7c5000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f098e5a5000)
/lib64/ld-linux-x86-64.so.2 (0x00007f09906df000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f098e321000)
libcom_err.so.3 => /home/infa/Informatica/10.2.0/server/bin/libcom_err.so.3 (0x00007f098e11e000)
libkrb5support.so.0 => /home/infa/Informatica/10.2.0/server/bin/libkrb5support.so.0 (0x00007f098df13000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f098dd0f000)
从上面输出结果可以看出,一部分指向的文件指到了/home/infa/gaussdb/lib下了,所以报错了。
三、解决方案
我这里的解决办法就是在.bashrc的最后将正确的/usr/bin/ssh的*.so文件指向的文件所在的文件夹放到LD_LIBRARY_PATH最后一次配置的最前面,例如:
export LD_LIBRARY_PATH=/lib64/:$LD_LIBRARY_PATH:$ODBCHOME/lib:$INFA_HOME/server/bin
所以,最后正确的.bashrc配置应该如下:
export PATH=$PATH:/usr/local/oracle/instantclient_11_2
export ORACLE_HOME=/usr/local/oracle/instantclient_11_2
export ORACLE_BASE=/usr/local/oracle/instantclient_11_2
export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2
export TNS_ADMIN=/usr/local/oracle/instantclient_11_2
export NLS_LANG="SIMPLIFIED CHINESE_CHINA.ZHS16GBK"
export INFA_CODEPAGENAME=MS936
export PM_CODEPAGENAME=MS936
export LANG=C
export LC_ALL=C
#export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2:/home/infa/software/lib/:$LD_LIBRARY_PATH
#export LD_LIBRARY_PATH=/usr/local/oracle/instantclient_11_2:/home/infa/gaussdb/lib:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/oracle/instantclient_11_2:/home/infa/gaussdb/lib
export INFA_HOME=/home/infa/Informatica/10.2.0
export ODBCHOME=/home/infa/Informatica/10.2.0/ODBC7.1
export LIB_PATH=$LIB_PATH:$ODBCHOME/lib
export SHLIB_PATH=$SHLIB_PATH:$ODBCHOME/lib
export PATH=$PATH:$ODBCHOME/bin:$ODBCHOME/tools:$INFA_HOME/server/bin
export ODBCINI=$ODBCHOME/odbc.ini
export ODBCINST=$ODBCHOME/odbcinst.ini
export DD_INSTALLDIR=/home/infa/Informatica/10.2.0/ODBC7.1
export LD_LIBRARY_PATH=/lib64/:$LD_LIBRARY_PATH:$ODBCHOME/lib:$INFA_HOME/server/bin
环境变量配置好后,再次执行:
[infa@etltest5 ~]$ vim .bashrc
[infa@etltest5 ~]$ source .bashrc
[infa@etltest5 ~]$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
[-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
[-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
[-i identity_file] [-J [user@]host[:port]] [-L address]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-Q query_option] [-R address] [-S ctl_path] [-W host:port]
[-w local_tun[:remote_tun]] destination [command]
[infa@etltest5 ~]$ ldd /usr/bin/ssh
linux-vdso.so.1 (0x00007ffc5b1f9000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fa46d15f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa46cf5b000)
libutil.so.1 => /lib64/libutil.so.1 (0x00007fa46cd57000)
libz.so.1 => /lib64/libz.so.1 (0x00007fa46cb3f000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fa46c916000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa46c6ff000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa46c4d5000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fa46c280000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa46bf96000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa46bd7f000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa46bb7b000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa46b7b6000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa46b596000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa46d906000)
libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fa46b312000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fa46b101000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa46aefd000)
可以看到,ssh命令可以正常执行,并且文件指向也都正确了。
总结
生产环境要谨慎,我没有删除/home/infa/gaussdb/lib冲突的文件,而是手动指定了查找优先级。