[Spacewalk-list] OSAD problem
Yungwei Chen
yungwei at resolvity.com
Fri Jun 18 21:14:56 UTC 2010
* Restarting jabberd service shows the following in /var/log/messages.
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'roster' added to chain 'pkt-user' (order 0 index 4 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'presence' added to chain 'pkt-user' (order 1 index 13 seq 3)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'iq-vcard' added to chain 'pkt-user' (order 2 index 6 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'amp' added to chain 'pkt-user' (order 3 index 10 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'deliver' added to chain 'pkt-user' (order 4 index 14 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'vacation' added to chain 'pkt-user' (order 5 index 5 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'offline' added to chain 'pkt-user' (order 6 index 11 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'disco-publish' added to chain 'pkt-user' (order 7 index 20 seq 0)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'iq-last' added to chain 'pkt-user' (order 8 index 1 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'session' added to chain 'pkt-router' (order 0 index 15 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'disco' added to chain 'pkt-router' (order 1 index 9 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'active' added to chain 'user-load' (order 0 index 21 seq 0)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'roster' added to chain 'user-load' (order 1 index 4 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'roster-publish' added to chain 'user-load' (order 2 index 22 seq 0)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'privacy' added to chain 'user-load' (order 3 index 3 seq 3)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'disco-publish' added to chain 'user-load' (order 4 index 20 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'vacation' added to chain 'user-load' (order 5 index 5 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'active' added to chain 'user-create' (order 0 index 21 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'template-roster' added to chain 'user-create' (order 1 index 23 seq 0)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'active' added to chain 'user-delete' (order 0 index 21 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'announce' added to chain 'user-delete' (order 1 index 12 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'disco-publish' added to chain 'user-delete' (order 2 index 20 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'offline' added to chain 'user-delete' (order 3 index 11 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'privacy' added to chain 'user-delete' (order 4 index 3 seq 4)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'roster' added to chain 'user-delete' (order 5 index 4 seq 3)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'vacation' added to chain 'user-delete' (order 6 index 5 seq 3)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'status' added to chain 'user-delete' (order 7 index 0 seq 4)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'iq-last' added to chain 'user-delete' (order 8 index 1 seq 3)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'iq-private' added to chain 'user-delete' (order 9 index 8 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'iq-vcard' added to chain 'user-delete' (order 10 index 6 seq 2)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'iq-version' added to chain 'disco-extend' (order 0 index 17 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: module 'help' added to chain 'disco-extend' (order 1 index 18 seq 1)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: version: jabberd sm 2.2.8
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: attempting connection to router at 127.0.0.1, port=5347
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [127.0.0.1, port=52079] connect
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [127.0.0.1, port=52080] connect
Jun 18 16:03:03 spacewalk jabberd/c2s[15624]: connection to router established
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [127.0.0.1, port=52078] authenticated as jabberd at jabberd-router
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [c2s] online (bound to 127.0.0.1, port 52078)
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [127.0.0.1, port=52080] authenticated as jabberd at jabberd-router
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: connection to router established
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [spacewalk.test.resolvity.com] online (bound to 127.0.0.1, port 52080)
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [127.0.0.1, port=52079] authenticated as jabberd at jabberd-router
Jun 18 16:03:03 spacewalk jabberd/s2s[15640]: connection to router established
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [s2s] set as default route
Jun 18 16:03:03 spacewalk jabberd/router[15592]: [s2s] online (bound to 127.0.0.1, port 52079)
Jun 18 16:03:03 spacewalk jabberd/sm[15608]: ready for sessions
Jun 18 16:03:03 spacewalk jabberd/c2s[15624]: [0.0.0.0, port=5222] listening for connections
Jun 18 16:03:03 spacewalk jabberd/c2s[15624]: ready for connections
Jun 18 16:03:03 spacewalk jabberd/s2s[15640]: [0.0.0.0, port=5269] listening for connections
Jun 18 16:03:03 spacewalk jabberd/s2s[15640]: ready for connections
Jun 18 16:03:06 spacewalk jabberd/c2s[15624]: [7] [127.0.0.1, port=38782] connect
Jun 18 16:03:06 spacewalk jabberd/c2s[15624]: [7] legacy authentication succeeded: host=, username=rhn-dispatcher-sat, resource=superclient, TLS negotiated
Jun 18 16:03:06 spacewalk jabberd/c2s[15624]: [7] requesting session: jid=rhn-dispatcher-sat at spacewalk.test.resolvity.com/superclient
Jun 18 16:03:06 spacewalk jabberd/sm[15608]: session started: jid=rhn-dispatcher-sat at spacewalk.test.resolvity.com/superclient
Jun 18 16:03:10 spacewalk jabberd/c2s[15624]: [9] [192.168.112.6, port=34895] connect
* osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
* [root at spacewalk ~]# diff -u /etc/jabberd/c2s.xml-swsave /etc/jabberd/c2s.xml
--- /etc/jabberd/c2s.xml-swsave 2010-06-18 09:45:31.000000000 -0500
+++ /etc/jabberd/c2s.xml 2010-06-18 10:30:05.000000000 -0500
@@ -50,7 +50,7 @@
</router>
<!-- Log configuration - type is "syslog", "file" or "stdout" -->
- <log type='syslog'>
+ <log type="syslog">
<!-- If logging to syslog, this is the log ident -->
<ident>jabberd/c2s</ident>
@@ -122,7 +122,7 @@
you want this, add this attribute with any value, when you need
registration disabled.
-->
- <id realm='' require-starttls='true' pemfile='/etc/jabberd/server.pem'>localhost.localdomain</id>
+ <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">spacewalk.test.resolvity.com</id>
<!-- or
<id realm='company.int'
pemfile='/etc/jabberd/server.pem'
@@ -322,7 +322,7 @@
<path>/usr/lib/jabberd</path>
<!-- Backend module to use -->
- <module>pam</module>
+ <module>db</module>
<!-- Available authentication mechanisms -->
<mechanisms>
@@ -502,7 +502,7 @@
<!-- base DN of the tree. You should specify a DN for each
authentication realm declared in the <local/> section above,
by using the realm attribute. -->
- <basedn realm='company'>o=Company.com</basedn>
+ <basedn realm="company">o=Company.com</basedn>
<basedn>o=Example Corp.</basedn>
</ldapfull>
@@ -564,7 +564,7 @@
<!-- base DN of the tree. You should specify a DN for each
authentication realm declared in the <local/> section above,
by using the realm attribute. -->
- <basedn realm='company'>o=Company.com</basedn>
+ <basedn realm="company">o=Company.com</basedn>
<basedn>o=Example Corp.</basedn>
</ldap>
<!-- if you want to configure more than one LDAP server
@@ -582,7 +582,6 @@
</authreg>
-</c2s>
-<!--
+</c2s><!--
vim: syntax=xml
-->
-----Original Message-----
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
Sent: Friday, June 18, 2010 3:07 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] OSAD problem
On Friday 18 June 2010 21:36:56 Yungwei Chen wrote:
> * /etc/pki/tls/certs/spacewalk.crt is the ssl certificate being used in
> /etc/httpd/conf.d/ssl.conf, and it looks exactly the same as
> /etc/pki/spacewalk/jabberd/server.pem except the private key portion. Same
> for /etc/pki/tls/private/spacewalk.key for the private key portion.
This seems correct.
> * jabberd services are running fine.
> * The only thing strange in /var/log/messages is the following because the
> client is unable to connect to the server. Jun 18 13:59:18 spacewalk
> jabberd/c2s[11637]: [9] [192.168.112.6, port=37069] connect Jun 18
> 13:59:18 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37069]
> disconnect jid=unbound, packets: 0 Jun 18 13:59:49 spacewalk
> jabberd/c2s[11637]: [9] [192.168.112.6, port=37072] connect Jun 18
> 13:59:49 spacewalk jabberd/c2s[11637]: [9] [192.168.112.6, port=37072]
> disconnect jid=unbound, packets: 0
OK. Do you see anything strange in the logs when you try to restart jabberd?
> * selinux and firewall are disabled
> just to avoid confusion.
> * permissions of various certificates:
> -rw------- 1 jabber jabber 7232 Jun 18 10:32
> /etc/pki/spacewalk/jabberd/server.pem
This is OK.
> -rw-r--r-- 1 root root 5440 Jun 18
> 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the client side)
OK
> -rw-r--r-- 1 root root
> 5440 Jun 18 10:32 RHN-ORG-TRUSTED-SSL-CERT (on the server side)
OK
> * In each
> of those certificates, OU and CN are both set to FQDN. Could this be the
> problem?
No, this should not be a problem.
What does osa-dispatcher.osa_ssl_cert directive in /etc/rhn/rhn.conf point to?
Could you please post output from the following command?
# diff -u /etc/jabberd/c2s.xml-swsave /etc/jabberd/c2s.xml
-MZ
> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com
> [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> Sent: Friday, June 18, 2010 1:57 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] OSAD problem
>
> On Friday 18 June 2010 20:29:56 Yungwei Chen wrote:
> > 1. In /etc/jabberd/c2s.xml, I see that
> > /etc/pki/spacewalk/jabberd/server.pem is being used.
>
> This seems correct.
>
> What you also need to check is that this is the same certificate your
> apache is using: it definitely won't be the same file since we don't
> configure apache to use certificate in pem format, the private key
> and the signed certificate itself will be split into separate files.
>
> > 2. During osad
> > installation on the cilent side, I downloaded RHN-ORG-TRUSTED-SSL-CERT
> > from the server.
>
> Yes, this is the certificate of certificate authority which signed the SSL
> certificate I'm mentioning above. What you did is correct.
>
> > 3. Those 2 certificates are different. Are they supposed
> > to be different?
>
> Yes :-)
>
> Now -- do the jabberd services run? Do you see anything strange in
> /var/log/messages from jabberd? Are the cert. files accessible
> (permissions, ownership, selinux)?
>
> > -----Original Message-----
> > From: spacewalk-list-bounces at redhat.com
> > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Milan Zazrivec
> > Sent: Friday, June 18, 2010 12:45 PM
> > To: spacewalk-list at redhat.com
> > Subject: Re: [Spacewalk-list] OSAD problem
> >
> > On Friday 18 June 2010 19:16:35 Yungwei Chen wrote:
> > > Any idea?
> >
> > All the usual suggestions:
> > * check jabber services on your SW server are running (c2s, s2s, sm,
> > router) * check jabberd configurations (/etc/jabberd/*.xml)
> > * check that the ssl cert. c2s.xml points to is the one your SW server is
> > using
> > * check that jabberd services are able to access the cert (access right,
> > selinux)
> > * watch for anything suspicious from jabberd in /var/log/messages
> >
> > -Milan
> >
> > > -----Original Message-----
> > > From: spacewalk-list-bounces at redhat.com
> > > [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Yungwei Chen
> > > Sent: Monday, June 14, 2010 1:16 PM
> > > To: spacewalk-list at redhat.com
> > > Subject: [Spacewalk-list] OSAD problem
> > >
> > > Hi,
> > >
> > > I installed spacewalk on a CentOS 5.3 box (clean installation), and now
> > > I am having a problem when configuring osad. Any suggestions? Thanks.
> > >
> > > This is what happens when I start jabberd service on spacewalk server.
> > > [root at spacewalk3 ~]# tail -f /var/log/rhn/osa-dispatcher.log
> > > 2010/06/14 10:19:46 -05:00 1788 0.0.0.0: osad/jabber_lib.main('ERROR',
> > > 'Error caught:') 2010/06/14 10:19:46 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.main('ERROR', 'Traceback (most recent call last):\n
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 122, in main\n
> > > self.process_forever(c)\n File "/usr/share/rhn/osad/jabber_lib.py",
> > > line 180, in process_forever\n self.process_once(client)\n File
> > > "/usr/share/rhn/osad/osa_dispatcher.py", line 146, in process_once\n
> > > client.retrieve_roster()\n File "/usr/share/rhn/osad/jabber_lib.py",
> > > line 718, in retrieve_roster\n stanza = self.get_one_stanza()\n
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 790, in
> > > get_one_stanza\n self.process(timeout=tm)\n File
> > > "/usr/share/rhn/osad/jabber_lib.py", line 1048, in process\n raise
> > > SSLError("OpenSSL error; will retry", str(e))\nSSLError: (\'OpenSSL
> > > error; will retry\', "(-1, \'Unexpected EOF\')")\n') 2010/06/14
> > > 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.__init__
> > > 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.setup_connection('Connected to jabber server',
> > > 'spacewalk3') 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/osa_dispatcher.fix_connection('Upstream notification server
> > > started on port', 1290) 2010/06/14 10:19:56 -05:00 1788 0.0.0.0:
> > > osad/jabber_lib.process_forever
> > >
> > > And this is what it shows on the client side
> > > [root at spacewalk2 rhn]# /etc/init.d/osad restart; tail -f /var/log/osad
> > > Shutting down osad: [ OK ]
> > > Starting osad: Server did not return a <features /> stanza
> > >
> > > Traceback (most recent call last):
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 254, in
> > > setup_connection
> > >
> > > c = self._get_jabber_client(js)
> > >
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 311, in
> > > _get_jabber_client
> > >
> > > c.connect()
> > >
> > > File "/usr/share/rhn/osad/jabber_lib.py", line 593, in connect
> > >
> > > raise SSLDisabledError
> > >
> > > SSLDisabledError
> > >
> > > [ OK ]
> > >
> > > 2010-06-14 10:36:33 jabber_lib.main: Unable to connect to jabber
> > > servers, sleeping 63 seconds 2010-06-14 10:37:36 jabber_lib.main:
> > > Unable to connect to jabber servers, sleeping 72 seconds 2010-06-14
> > > 10:38:48 jabber_lib.main: Unable to connect to jabber servers,
> > > sleeping 93 seconds
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list
More information about the Spacewalk-list
mailing list