[Spacewalk-list] OSAD problem

Fri Jun 18 20:07:16 UTC 2010

On Friday 18 June 2010 21:36:56 Yungwei Chen wrote:
> * /etc/pki/tls/certs/spacewalk.crt is the ssl certificate being used in
> /etc/httpd/conf.d/ssl.conf, and it looks exactly the same as
> /etc/pki/spacewalk/jabberd/server.pem except the private key portion. Same
> for /etc/pki/tls/private/spacewalk.key for the private key portion. 

This seems correct.

> * jabberd services are running fine.
> * The only thing strange in /var/log/messages is the following because the
> client is unable to connect to the server. Jun 18 13:59:18 spacewalk
> jabberd/c2s[11637]: [9] [192.168.112.6, port=37069] connect Jun 18
> 13:59:18 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37069]
> disconnect jid=unbound, packets: 0 Jun 18 13:59:49 spacewalk
> jabberd/c2s[11637]: [9] [192.168.112.6, port=37072] connect Jun 18
> 13:59:49 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37072]
> disconnect jid=unbound, packets: 0

OK. Do you see anything strange in the logs when you try to restart jabberd?

> * selinux and firewall are disabled
> just to avoid confusion.
> * permissions of various certificates:
> -rw------- 1 jabber jabber 7232 Jun 18 10:32
> /etc/pki/spacewalk/jabberd/server.pem

This is OK.

> -rw-r--r-- 1 root root 5440 Jun 18
> 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the client side)

OK

> -rw-r--r-- 1 root root
> 5440 Jun 18 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the server side)

OK

> * In each
> of those certificates, OU and CN are both set to FQDN. Could this be the
> problem?

No, this should not be a problem.

What does osa-dispatcher.osa_ssl_cert directive in /etc/rhn/rhn.conf point to?

Could you please post output from the following command?

# diff -u /etc/jabberd/c2s.xml-swsave /etc/jabberd/c2s.xml

-MZ

> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> Sent: Friday, June 18, 2010 1:57 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] OSAD problem
> 
> On Friday 18 June 2010 20:29:56 Yungwei Chen wrote:
> > 1. In /etc/jabberd/c2s.xml, I see that
> > /etc/pki/spacewalk/jabberd/server.pem is being used.
> 
> This seems correct.
> 
> What you also need to check is that this is the same certificate your
> apache is using: it definitely won't be the same file since we don't
> configure apache to use certificate in pem format, the private key
> and the signed certificate itself will be split into separate files.
> 
> > 2. During osad
> > installation on the cilent side, I downloaded RHN-ORG-TRUSTED-SSL-CERT
> > from the server.
> 
> Yes, this is the certificate of certificate authority which signed the SSL
> certificate I'm mentioning above. What you did is correct.
> 
> > 3. Those 2 certificates are different. Are they supposed
> > to be different?
> 
> Yes :-)
> 
> Now -- do the jabberd services run? Do you see anything strange in
> /var/log/messages from jabberd? Are the cert. files accessible
> (permissions, ownership, selinux)?
> 
> > -----Original Message-----
> > From: spacewalk-list-bounces at redhat.com
> > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> > Sent: Friday, June 18, 2010 12:45 PM
> > To: spacewalk-list at redhat.com
> > Subject: Re: [Spacewalk-list] OSAD problem
> > 
> > On Friday 18 June 2010 19:16:35 Yungwei Chen wrote:
> > > Any idea?
> > 
> > All the usual suggestions:
> > * check jabber services on your SW server are running (c2s, s2s, sm,
> > router) * check jabberd configurations (/etc/jabberd/*.xml)
> > * check that the ssl cert. c2s.xml points to is the one your SW server is
> > using
> > * check that jabberd services are able to access the cert (access right,
> > selinux)
> > * watch for anything suspicious from jabberd in /var/log/messages
> > 
> > -Milan
> > 
> > > -----Original Message-----
> > > From: spacewalk-list-bounces at redhat.com
> > > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Yungwei Chen
> > > Sent: Monday, June 14, 2010 1:16 PM
> > > To: spacewalk-list at redhat.com
> > > Subject: [Spacewalk-list] OSAD problem
> > > 
> > > Hi,
> > > 
> > > I installed spacewalk on a CentOS 5.3 box (clean installation), and now
> > > I am having a problem when configuring osad. Any suggestions? Thanks.
> > > 
> > > This is what happens when I start jabberd service on spacewalk server.
> > > [root at spacewalk3 ~]# tail -f /var/log/rhn/osa-dispatcher.log
> > > 2010/06/14 10:19:46 -05:00 1788 0.0.0.0: osad/jabber_lib.main('ERROR',
> > > 'Error caught:') 2010/06/14 10:19:46 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.main('ERROR', 'Traceback (most recent call last):\n 
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 122, in main\n
> > > self.process_forever(c)\n  File "/usr/share/rhn/osad/jabber_lib.py",
> > > line 180, in process_forever\n    self.process_once(client)\n  File
> > > "/usr/share/rhn/osad/osa_dispatcher.py", line 146, in process_once\n
> > > client.retrieve_roster()\n  File "/usr/share/rhn/osad/jabber_lib.py",
> > > line 718, in retrieve_roster\n    stanza = self.get_one_stanza()\n 
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 790, in
> > > get_one_stanza\n self.process(timeout=tm)\n  File
> > > "/usr/share/rhn/osad/jabber_lib.py", line 1048, in process\n    raise
> > > SSLError("OpenSSL error; will retry", str(e))\nSSLError: (\'OpenSSL
> > > error; will retry\', "(-1, \'Unexpected EOF\')")\n') 2010/06/14
> > > 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.__init__
> > > 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.setup_connection('Connected to jabber server',
> > > 'spacewalk3') 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/osa_dispatcher.fix_connection('Upstream notification server
> > > started on port', 1290) 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.process_forever
> > > 
> > > And this is what it shows on the client side
> > > [root at spacewalk2 rhn]# /etc/init.d/osad restart; tail -f /var/log/osad
> > > Shutting down osad:                                        [  OK  ]
> > > Starting osad: Server did not return a <features /> stanza
> > > 
> > > Traceback (most recent call last):
> > >   File "/usr/share/rhn/osad/jabber_lib.py", line 254, in
> > >   setup_connection
> > >   
> > >     c = self._get_jabber_client(js)
> > >   
> > >   File "/usr/share/rhn/osad/jabber_lib.py", line 311, in
> > >   _get_jabber_client
> > >   
> > >     c.connect()
> > >   
> > >   File "/usr/share/rhn/osad/jabber_lib.py", line 593, in connect
> > >   
> > >     raise SSLDisabledError
> > > 
> > > SSLDisabledError
> > > 
> > >                                                            [  OK  ]
> > > 
> > > 2010-06-14 10:36:33 jabber_lib.main: Unable to connect to jabber
> > > servers, sleeping 63 seconds 2010-06-14 10:37:36 jabber_lib.main:
> > > Unable to connect to jabber servers, sleeping 72 seconds 2010-06-14
> > > 10:38:48 jabber_lib.main: Unable to connect to jabber servers,
> > > sleeping 93 seconds