[Spacewalk-list] osad not working through proxy - resolver issue

Wed Oct 26 09:32:14 UTC 2011

> I am running spacewalk 1.4 on RHEL 5u5
> 
> I am in the process of adding clients to a proxy server and so far none of
> them are showing up as 'online' in the Spacewalk UI.  My proxy server
> shows as online and I can run remote commands on it through the UI.  I can
> see connections from the clients on the proxy server port 5222.  In syslog
> on the proxy and on the server I see that dialback is failing
> 
> All hostnames are fqdn, sanitized here:
> spacewalk-proxy:
> Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: dns lookup for
> spacewalk-server failed Oct 25 08:46:03 spacewalk-proxy
> jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] outgoing connection for
> spacewalk-server Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: [8]
> [10.57.199.45, port=5269] sending dialback auth request for route
> spacewalk-proxy /spacewalk-server Oct 25 08:47:04 spacewalk-proxy
> jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] error: Stream error
> (dialback timed out) Oct 25 08:47:04 spacewalk-proxy jabberd/s2s[21730]:
> [8] [10.57.199.45, port=5269] disconnect, packets: 0
> 
> spacewalk-server:
> Oct 25 08:46:03 spacewalk-server jabberd/s2s[1913]: [8] [10.48.199.32,
> port=46525] received dialback auth request for route spacewalk-server
> /spacewalk-proxy Oct 25 08:46:34 spacewalk-server jabberd/s2s[1913]: dns
> lookup for spacewalk-proxy failed Oct 25 08:47:04 spacewalk-server
> jabberd/s2s[1913]: [8] [10.48.199.32, port=46525] dialback for incoming
> route spacewalk-server / spacewalk-proxy  timed out
> 
> The obvious thing here is the dns lookup failures.  The odd thing is that
> DNS is working fine in my environment.  I can lookup forward and reverse
> entries for both server and proxy.  So I added an entry in /etc/hosts on
> both servers.  I had to restart osad and run an rhn_check on a client to
> trigger the dialback request (pinging from the UI didn't do it).  Now the
> dialback route is showing valid in the logs and the client behind the
> proxy shows online in the UI.
> 
> So I dug a bit in the jabberd config files and found this stanza in the
> s2s.xml:
> 
>   <!-- Local network configuration -->
>   <local>
>     <!--
>     Helper DNS resolver component - if this component is not
>     connected, dialback connections will fail
>     (default: resolver) -->
>     <resolver>resolver</resolver>
> 
> According to the online documentation for OSA, /usr/bin/resolver is one of
> the 6 components of jabberd
> (https://fedorahosted.org/spacewalk/wiki/OsadHowTo).  However,
> /usr/bin/resolver does not exist on my servers and is not part of the
> jabberd package I have: jabberd-2.2.11-2.el5.  The resolver.xml is also
> absent from spacewalk-setup-jabberd-1.3.2-1.el5.

You are right -- resolver component has been deprecated and the
/s2s/local/resolver thing is no longer needed in s2s.xml.

I removed the corresponding template from s2s.xsl.

> My question then is, given that the resolver service has been deprecated,
> how should s2s resolve names?  In my environment, adding /etc/hosts
> entries to all the proxies and the master is feasible, but using DNS would
> be less brittle over time.

I'm afraid I cannot answer your question, nevertheless you may remove
/s2s/local/resolver from your /etc/jabberd/s2s.xml.

Thank you for your feedback.
-Milan Zazrivec