[Spacewalk-list] OSAD problem
Milan Zazrivec
mzazrivec at redhat.com
Fri Jun 18 20:07:16 UTC 2010
On Friday 18 June 2010 21:36:56 Yungwei Chen wrote:
> * /etc/pki/tls/certs/spacewalk.crt is the ssl certificate being used in
> /etc/httpd/conf.d/ssl.conf, and it looks exactly the same as
> /etc/pki/spacewalk/jabberd/server.pem except the private key portion. Same
> for /etc/pki/tls/private/spacewalk.key for the private key portion.
This seems correct.
> * jabberd services are running fine.
> * The only thing strange in /var/log/messages is the following because the
> client is unable to connect to the server. Jun 18 13:59:18 spacewalk
> jabberd/c2s[11637]: [9] [192.168.112.6, port=37069] connect Jun 18
> 13:59:18 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37069]
> disconnect jid=unbound, packets: 0 Jun 18 13:59:49 spacewalk
> jabberd/c2s[11637]: [9] [192.168.112.6, port=37072] connect Jun 18
> 13:59:49 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37072]
> disconnect jid=unbound, packets: 0
OK. Do you see anything strange in the logs when you try to restart jabberd?
> * selinux and firewall are disabled
> just to avoid confusion.
> * permissions of various certificates:
> -rw------- 1 jabber jabber 7232 Jun 18 10:32
> /etc/pki/spacewalk/jabberd/server.pem
This is OK.
> -rw-r--r-- 1 root root 5440 Jun 18
> 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the client side)
OK
> -rw-r--r-- 1 root root
> 5440 Jun 18 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the server side)
OK
> * In each
> of those certificates, OU and CN are both set to FQDN. Could this be the
> problem?
No, this should not be a problem.
What does osa-dispatcher.osa_ssl_cert directive in /etc/rhn/rhn.conf point to?
Could you please post output from the following command?
# diff -u /etc/jabberd/c2s.xml-swsave /etc/jabberd/c2s.xml
-MZ
> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> Sent: Friday, June 18, 2010 1:57 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] OSAD problem
>
> On Friday 18 June 2010 20:29:56 Yungwei Chen wrote:
> > 1. In /etc/jabberd/c2s.xml, I see that
> > /etc/pki/spacewalk/jabberd/server.pem is being used.
>
> This seems correct.
>
> What you also need to check is that this is the same certificate your
> apache is using: it definitely won't be the same file since we don't
> configure apache to use certificate in pem format, the private key
> and the signed certificate itself will be split into separate files.
>
> > 2. During osad
> > installation on the cilent side, I downloaded RHN-ORG-TRUSTED-SSL-CERT
> > from the server.
>
> Yes, this is the certificate of certificate authority which signed the SSL
> certificate I'm mentioning above. What you did is correct.
>
> > 3. Those 2 certificates are different. Are they supposed
> > to be different?
>
> Yes :-)
>
> Now -- do the jabberd services run? Do you see anything strange in
> /var/log/messages from jabberd? Are the cert. files accessible
> (permissions, ownership, selinux)?
>
> > -----Original Message-----
> > From: spacewalk-list-bounces at redhat.com
> > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> > Sent: Friday, June 18, 2010 12:45 PM
> > To: spacewalk-list at redhat.com
> > Subject: Re: [Spacewalk-list] OSAD problem
> >
> > On Friday 18 June 2010 19:16:35 Yungwei Chen wrote:
> > > Any idea?
> >
> > All the usual suggestions:
> > * check jabber services on your SW server are running (c2s, s2s, sm,
> > router) * check jabberd configurations (/etc/jabberd/*.xml)
> > * check that the ssl cert. c2s.xml points to is the one your SW server is
> > using
> > * check that jabberd services are able to access the cert (access right,
> > selinux)
> > * watch for anything suspicious from jabberd in /var/log/messages
> >
> > -Milan
> >
> > > -----Original Message-----
> > > From: spacewalk-list-bounces at redhat.com
> > > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Yungwei Chen
> > > Sent: Monday, June 14, 2010 1:16 PM
> > > To: spacewalk-list at redhat.com
> > > Subject: [Spacewalk-list] OSAD problem
> > >
> > > Hi,
> > >
> > > I installed spacewalk on a CentOS 5.3 box (clean installation), and now
> > > I am having a problem when configuring osad. Any suggestions? Thanks.
> > >
> > > This is what happens when I start jabberd service on spacewalk server.
> > > [root at spacewalk3 ~]# tail -f /var/log/rhn/osa-dispatcher.log
> > > 2010/06/14 10:19:46 -05:00 1788 0.0.0.0: osad/jabber_lib.main('ERROR',
> > > 'Error caught:') 2010/06/14 10:19:46 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.main('ERROR', 'Traceback (most recent call last):\n
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 122, in main\n
> > > self.process_forever(c)\n File "/usr/share/rhn/osad/jabber_lib.py",
> > > line 180, in process_forever\n self.process_once(client)\n File
> > > "/usr/share/rhn/osad/osa_dispatcher.py", line 146, in process_once\n
> > > client.retrieve_roster()\n File "/usr/share/rhn/osad/jabber_lib.py",
> > > line 718, in retrieve_roster\n stanza = self.get_one_stanza()\n
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 790, in
> > > get_one_stanza\n self.process(timeout=tm)\n File
> > > "/usr/share/rhn/osad/jabber_lib.py", line 1048, in process\n raise
> > > SSLError("OpenSSL error; will retry", str(e))\nSSLError: (\'OpenSSL
> > > error; will retry\', "(-1, \'Unexpected EOF\')")\n') 2010/06/14
> > > 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.__init__
> > > 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.setup_connection('Connected to jabber server',
> > > 'spacewalk3') 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/osa_dispatcher.fix_connection('Upstream notification server
> > > started on port', 1290) 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.process_forever
> > >
> > > And this is what it shows on the client side
> > > [root at spacewalk2 rhn]# /etc/init.d/osad restart; tail -f /var/log/osad
> > > Shutting down osad: [ OK ]
> > > Starting osad: Server did not return a <features /> stanza
> > >
> > > Traceback (most recent call last):
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 254, in
> > > setup_connection
> > >
> > > c = self._get_jabber_client(js)
> > >
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 311, in
> > > _get_jabber_client
> > >
> > > c.connect()
> > >
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 593, in connect
> > >
> > > raise SSLDisabledError
> > >
> > > SSLDisabledError
> > >
> > > [ OK ]
> > >
> > > 2010-06-14 10:36:33 jabber_lib.main: Unable to connect to jabber
> > > servers, sleeping 63 seconds 2010-06-14 10:37:36 jabber_lib.main:
> > > Unable to connect to jabber servers, sleeping 72 seconds 2010-06-14
> > > 10:38:48 jabber_lib.main: Unable to connect to jabber servers,
> > > sleeping 93 seconds
More information about the Spacewalk-list
mailing list