[Spacewalk-list] osad not working through proxy - resolver issue
Milan Zazrivec
mzazrivec at redhat.com
Wed Oct 26 09:32:14 UTC 2011
> I am running spacewalk 1.4 on RHEL 5u5
>
> I am in the process of adding clients to a proxy server and so far none of
> them are showing up as 'online' in the Spacewalk UI. My proxy server
> shows as online and I can run remote commands on it through the UI. I can
> see connections from the clients on the proxy server port 5222. In syslog
> on the proxy and on the server I see that dialback is failing
>
> All hostnames are fqdn, sanitized here:
> spacewalk-proxy:
> Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: dns lookup for
> spacewalk-server failed Oct 25 08:46:03 spacewalk-proxy
> jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] outgoing connection for
> spacewalk-server Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: [8]
> [10.57.199.45, port=5269] sending dialback auth request for route
> spacewalk-proxy /spacewalk-server Oct 25 08:47:04 spacewalk-proxy
> jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] error: Stream error
> (dialback timed out) Oct 25 08:47:04 spacewalk-proxy jabberd/s2s[21730]:
> [8] [10.57.199.45, port=5269] disconnect, packets: 0
>
> spacewalk-server:
> Oct 25 08:46:03 spacewalk-server jabberd/s2s[1913]: [8] [10.48.199.32,
> port=46525] received dialback auth request for route spacewalk-server
> /spacewalk-proxy Oct 25 08:46:34 spacewalk-server jabberd/s2s[1913]: dns
> lookup for spacewalk-proxy failed Oct 25 08:47:04 spacewalk-server
> jabberd/s2s[1913]: [8] [10.48.199.32, port=46525] dialback for incoming
> route spacewalk-server / spacewalk-proxy timed out
>
> The obvious thing here is the dns lookup failures. The odd thing is that
> DNS is working fine in my environment. I can lookup forward and reverse
> entries for both server and proxy. So I added an entry in /etc/hosts on
> both servers. I had to restart osad and run an rhn_check on a client to
> trigger the dialback request (pinging from the UI didn't do it). Now the
> dialback route is showing valid in the logs and the client behind the
> proxy shows online in the UI.
>
> So I dug a bit in the jabberd config files and found this stanza in the
> s2s.xml:
>
> <!-- Local network configuration -->
> <local>
> <!--
> Helper DNS resolver component - if this component is not
> connected, dialback connections will fail
> (default: resolver) -->
> <resolver>resolver</resolver>
>
> According to the online documentation for OSA, /usr/bin/resolver is one of
> the 6 components of jabberd
> (https://fedorahosted.org/spacewalk/wiki/OsadHowTo). However,
> /usr/bin/resolver does not exist on my servers and is not part of the
> jabberd package I have: jabberd-2.2.11-2.el5. The resolver.xml is also
> absent from spacewalk-setup-jabberd-1.3.2-1.el5.
You are right -- resolver component has been deprecated and the
/s2s/local/resolver thing is no longer needed in s2s.xml.
I removed the corresponding template from s2s.xsl.
> My question then is, given that the resolver service has been deprecated,
> how should s2s resolve names? In my environment, adding /etc/hosts
> entries to all the proxies and the master is feasible, but using DNS would
> be less brittle over time.
I'm afraid I cannot answer your question, nevertheless you may remove
/s2s/local/resolver from your /etc/jabberd/s2s.xml.
Thank you for your feedback.
-Milan Zazrivec
More information about the Spacewalk-list
mailing list