[Spacewalk-list] OSAD problem

Yungwei Chen yungwei at resolvity.com
Fri Jun 18 19:36:56 UTC 2010 

* /etc/pki/tls/certs/spacewalk.crt is the ssl certificate being used in /etc/httpd/conf.d/ssl.conf, and it looks exactly the same as /etc/pki/spacewalk/jabberd/server.pem except the private key portion. Same for /etc/pki/tls/private/spacewalk.key for the private key portion.
* jabberd services are running fine. 
* The only thing strange in /var/log/messages is the following because the client is unable to connect to the server. 
Jun 18 13:59:18 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37069] connect
Jun 18 13:59:18 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37069] disconnect jid=unbound, packets: 0
Jun 18 13:59:49 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37072] connect
Jun 18 13:59:49 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37072] disconnect jid=unbound, packets: 0
* selinux and firewall are disabled just to avoid confusion.
* permissions of various certificates:
-rw------- 1 jabber jabber 7232 Jun 18 10:32 /etc/pki/spacewalk/jabberd/server.pem
-rw-r--r-- 1 root root 5440 Jun 18 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the client side)
-rw-r--r-- 1 root root 5440 Jun 18 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the server side)
* In each of those certificates, OU and CN are both set to FQDN. Could this be the problem?

-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
Sent: Friday, June 18, 2010 1:57 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] OSAD problem

On Friday 18 June 2010 20:29:56 Yungwei Chen wrote:
> 1. In /etc/jabberd/c2s.xml, I see that
> /etc/pki/spacewalk/jabberd/server.pem is being used.

This seems correct. 

What you also need to check is that this is the same certificate your
apache is using: it definitely won't be the same file since we don't
configure apache to use certificate in pem format, the private key
and the signed certificate itself will be split into separate files.

> 2. During osad
> installation on the cilent side, I downloaded RHN-ORG-TRUSTED-SSL-CERT
> from the server.

Yes, this is the certificate of certificate authority which signed the SSL
certificate I'm mentioning above. What you did is correct.

> 3. Those 2 certificates are different. Are they supposed
> to be different?

Yes :-)

Now -- do the jabberd services run? Do you see anything strange in
/var/log/messages from jabberd? Are the cert. files accessible
(permissions, ownership, selinux)?

> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> Sent: Friday, June 18, 2010 12:45 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] OSAD problem
> 
> On Friday 18 June 2010 19:16:35 Yungwei Chen wrote:
> > Any idea?
> 
> All the usual suggestions:
> * check jabber services on your SW server are running (c2s, s2s, sm,
> router) * check jabberd configurations (/etc/jabberd/*.xml)
> * check that the ssl cert. c2s.xml points to is the one your SW server is
> using
> * check that jabberd services are able to access the cert (access right,
> selinux)
> * watch for anything suspicious from jabberd in /var/log/messages
> 
> -Milan
> 
> > -----Original Message-----
> > From: spacewalk-list-bounces at redhat.com
> > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Yungwei Chen
> > Sent: Monday, June 14, 2010 1:16 PM
> > To: spacewalk-list at redhat.com
> > Subject: [Spacewalk-list] OSAD problem
> > 
> > Hi,
> > 
> > I installed spacewalk on a CentOS 5.3 box (clean installation), and now I
> > am having a problem when configuring osad. Any suggestions? Thanks.
> > 
> > This is what happens when I start jabberd service on spacewalk server.
> > [root at spacewalk3 ~]# tail -f /var/log/rhn/osa-dispatcher.log
> > 2010/06/14 10:19:46 -05:00 1788 0.0.0.0: osad/jabber_lib.main('ERROR',
> > 'Error caught:') 2010/06/14 10:19:46 -05:00 1788 0.0.0.0:
> > osad/jabber_lib.main('ERROR', 'Traceback (most recent call last):\n  File
> > "/usr/share/rhn/osad/jabber_lib.py", line 122, in main\n
> > self.process_forever(c)\n  File "/usr/share/rhn/osad/jabber_lib.py", line
> > 180, in process_forever\n    self.process_once(client)\n  File
> > "/usr/share/rhn/osad/osa_dispatcher.py", line 146, in process_once\n
> > client.retrieve_roster()\n  File "/usr/share/rhn/osad/jabber_lib.py",
> > line 718, in retrieve_roster\n    stanza = self.get_one_stanza()\n  File
> > "/usr/share/rhn/osad/jabber_lib.py", line 790, in get_one_stanza\n
> > self.process(timeout=tm)\n  File "/usr/share/rhn/osad/jabber_lib.py",
> > line 1048, in process\n    raise SSLError("OpenSSL error; will retry",
> > str(e))\nSSLError: (\'OpenSSL error; will retry\', "(-1, \'Unexpected
> > EOF\')")\n') 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > osad/jabber_lib.__init__
> > 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > osad/jabber_lib.setup_connection('Connected to jabber server',
> > 'spacewalk3') 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > osad/osa_dispatcher.fix_connection('Upstream notification server started
> > on port', 1290) 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > osad/jabber_lib.process_forever
> > 
> > And this is what it shows on the client side
> > [root at spacewalk2 rhn]# /etc/init.d/osad restart; tail -f /var/log/osad
> > Shutting down osad:                                        [  OK  ]
> > Starting osad: Server did not return a <features /> stanza
> > 
> > Traceback (most recent call last):
> >   File "/usr/share/rhn/osad/jabber_lib.py", line 254, in setup_connection
> >   
> >     c = self._get_jabber_client(js)
> >   
> >   File "/usr/share/rhn/osad/jabber_lib.py", line 311, in
> >   _get_jabber_client
> >   
> >     c.connect()
> >   
> >   File "/usr/share/rhn/osad/jabber_lib.py", line 593, in connect
> >   
> >     raise SSLDisabledError
> > 
> > SSLDisabledError
> > 
> >                                                            [  OK  ]
> > 
> > 2010-06-14 10:36:33 jabber_lib.main: Unable to connect to jabber servers,
> > sleeping 63 seconds 2010-06-14 10:37:36 jabber_lib.main: Unable to
> > connect to jabber servers, sleeping 72 seconds 2010-06-14 10:38:48
> > jabber_lib.main: Unable to connect to jabber servers, sleeping 93 seconds
> > 
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
> > 
> > _______________________________________________
> > Spacewalk-list mailing list
> > Spacewalk-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
> 
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list

_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list