[Spacewalk-list] Issue with certificate
Manuel Carrillo
Manuel.Carrillo at unige.ch
Fri Jan 24 13:20:13 UTC 2014
Hello everybody,
I regenerate certificate for my spacewalk server :
spacewalk 2.0.3 with postgresql database locally
i do this step but osa-dispatcher failed to start with this message on
logs :
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.setup_connection('Connecting to', 'myserver.fqdn')
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib._get_jabber_client
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib._get_jabber_client('Connecting to', 'myserver.fqdn')
2014/01/24 13:54:41 +02:00 19246 0.0.0.0: osad/jabber_lib.__init__
2014/01/24 13:54:41 +02:00 19246 0.0.0.0: osad/jabber_lib.__init__
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.check_cert('Loading cert', <X509Name object
'/C=**/ST=**/L=**/O=**/OU=**/CN=myserver.fqdn/emailAddress=myemailaddress'>)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0: osad/jabber_lib.connect
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('Attempting to connect',)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0: osad/jabber_lib.process(300,)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.process('before select(); timeout', 299.9999988079071)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.process('select() returned',)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib._auth_dispatch(<jabber.xmlstream.Node instance at
0xda35f0>,)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('Connected',)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('Expecting features stanza, got:',
<features><address xmlns = 'http://affinix.com/jabber/address'
>::ffff:129.194.168.64</address><auth xmlns =
'http://jabber.org/features/iq-auth' /><register xmlns =
'http://jabber.org/features/iq-register' /><starttls xmlns =
'urn:ietf:params:xml:ns:xmpp-tls' ><required /></starttls></features>)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('starttls node', <jabber.xmlstream.Node instance
at 0xdae830>)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0: osad/jabber_lib.process(None,)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.process('before select(); timeout', None)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.process('select() returned',)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib._auth_dispatch(<jabber.xmlstream.Node instance at
0xdae9e0>,)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('Expecting proceed stanza, got:', <proceed />)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('Preparing for TLS handshake',)
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('ERROR', 'Traceback caught:')
2014/01/24 13:54:41 +02:00 19246 0.0.0.0:
osad/jabber_lib.connect('ERROR', 'Traceback (most recent call last):\n
File "/usr/share/rhn/osad/jabber_lib.py", line 616, in connect\n
ssl.do_handshake()\nError: [(\'SSL routines\',
\'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')]\n')
steps :
1 - backup off my file
tar
-cvjf /root/ssl-backup.tar.bz2 /etc/httpd/conf/ssl.* /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/spacewalk/jabberd/server.pem
2 - my hosts file like this
ip name name.fqdn
3 - regenerate ssl cert and CA with set-hostname and set-common-name
with myserver.fqdn:
rhn-ssl-tool --gen-server --password='mypassword'
--dir="/root/ssl-build" --set-country="**" --set-state="**"
--set-city="**" --set-org="**" --set-org-unit="**"
--set-hostname='myserver.fqdn' --set-email="isdc-system-mgt at unige.ch"
rpm
-Uvh /root/ssl-build/myserver.fqdn/rhn-org-httpd-ssl-key-pair-myserver.fqdn-1.0-5.noarch.rpm
this is installation is to have the ssl configuration for the website
frontend.
rhn-ssl-tool --gen-ca --force --password='mypassword'
--dir="/root/ssl-build" --set-country="**" --set-state="**"
--set-city="**" --set-org="**" --set-org-unit="**"
--set-common-name='myserver.fqdn'
--set-email="isdc-system-mgt at unige.ch"
cp
-a /root/ssl-build/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm /var/www/html/pub/
this is for deploy on all my clients.
4 - copy files and put rights on server :
cp -a /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT /var/www/html/pub/
chown root.root /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
chmod 644 /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
cp -a /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT /usr/share/rhn/
cp
-a /root/ssl-build/myserver.fqdn/server.pem /etc/pki/spacewalk/jabberd/server.pem
chown jabber.jabber /etc/pki/spacewalk/jabberd/server.pem
chmod 600 /etc/pki/spacewalk/jabberd/server.pem
### normaly this three line are obsolete but in case of
cp -a /root/ssl-build/myserver.fqdn/server.pem /etc/jabberd/server.pem
chown jabber.jabber /etc/jabberd/server.pem
chmod 600 /etc/jabberd/server.pem
5 - checksum of the two files :
all of this three files have the same summ
md5sum /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT
md5sum /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
md5sum /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
all of this three files have the same summ
md5sum /root/ssl-build/myserver.fqdn/server.pem
md5sum /etc/pki/spacewalk/jabberd/server.pem
md5sum /etc/jabberd/server.pem
6 - I try to update db but it doesn't work with :
rhn-ssl-dbstore --ca-cert=/var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
ERROR: unhandled exception occurred:
Traceback (most recent call last):
File "/usr/bin/rhn-ssl-dbstore", line 43, in <module>
sys.exit(abs(mod.main() or 0))
File
"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/rhn_ssl_dbstore.py", line 79, in main
satCerts.store_rhnCryptoKey(values.label, values.ca_cert,
verbosity=values.verbose)
File
"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", line 673, in store_rhnCryptoKey
verbosity=verbosity)
File
"/usr/lib/python2.6/site-packages/spacewalk/satellite_tools/satCerts.py", line 614, in _checkCertMatch_rhnCryptoKey
h.execute(rhn_cryptokey_id=rhn_cryptokey_id)
File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py",
line 163, in execute
return apply(self._execute_wrapper, (self._execute, ) + p, kw)
File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 273, in _execute_wrapper
retval = apply(function, p, kw)
File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/sql_base.py",
line 217, in _execute
return self._execute_(args, kwargs)
File
"/usr/lib/python2.6/site-packages/spacewalk/server/rhnSQL/driver_postgresql.py", line 287, in _execute_
self._real_cursor.execute(self.sql, params)
psycopg2.IntegrityError: update or delete on table "rhncryptokey"
violates foreign key constraint "rhn_csssl_cacertid_fk" on table
"rhncontentsourcessl"
DETAIL: Key (id)=(1) is still referenced from table
"rhncontentsourcessl".
7 - try to restart jabberd and osa-dispatcher like this to be sure :
service jabberd stop
service osa-dispatcher stop
rm -rf /var/lib/jabberd/db/*
service jabberd start
service osa-dispatcher start
jabberd seems to be ok, here the logs :
Jan 24 14:15:32 myserver jabberd/router[24795]: starting up
Jan 24 14:15:32 myserver jabberd/router[24795]: process id is 24795,
written to /var/lib/jabberd/pid/router.pid
Jan 24 14:15:32 myserver jabberd/router[24795]: loaded user table (1
users)
Jan 24 14:15:32 myserver jabberd/router[24795]: loaded filters (0 rules)
Jan 24 14:15:32 myserver jabberd/router[24795]: [::, port=5347]
listening for incoming connections
Jan 24 14:15:32 myserver jabberd/sm[24802]: starting up
Jan 24 14:15:32 myserver jabberd/sm[24802]: process id is 24802, written
to /var/lib/jabberd/pid/sm.pid
Jan 24 14:15:32 myserver jabberd/sm[24802]: loading 'db' storage module
Jan 24 14:15:32 myserver jabberd/sm[24802]: initialised storage driver
'db'
Jan 24 14:15:32 myserver jabberd/sm[24802]: modules search
path: /usr/lib64/jabberd
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'status' added to
chain 'sess-start' (order 0 index 0 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'status' added to
chain 'sess-end' (order 0 index 0 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-last' added to
chain 'sess-end' (order 1 index 1 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'validate' added to
chain 'in-sess' (order 0 index 2 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'status' added to
chain 'in-sess' (order 1 index 0 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'privacy' added to
chain 'in-sess' (order 2 index 3 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'roster' added to
chain 'in-sess' (order 3 index 4 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'vacation' added to
chain 'in-sess' (order 4 index 5 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-vcard' added to
chain 'in-sess' (order 5 index 6 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-ping' added to
chain 'in-sess' (order 6 index 7 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-private' added to
chain 'in-sess' (order 7 index 8 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'disco' added to
chain 'in-sess' (order 8 index 9 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'amp' added to chain
'in-sess' (order 9 index 10 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'offline' added to
chain 'in-sess' (order 10 index 11 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'announce' added to
chain 'in-sess' (order 11 index 12 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'presence' added to
chain 'in-sess' (order 12 index 13 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'deliver' added to
chain 'in-sess' (order 13 index 14 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'session' added to
chain 'in-router' (order 0 index 15 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'validate' added to
chain 'in-router' (order 1 index 2 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'presence' added to
chain 'in-router' (order 2 index 13 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'privacy' added to
chain 'in-router' (order 3 index 3 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'privacy' added to
chain 'out-router' (order 0 index 3 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-last' added to
chain 'pkt-sm' (order 0 index 1 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-ping' added to
chain 'pkt-sm' (order 1 index 7 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-time' added to
chain 'pkt-sm' (order 2 index 16 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-version' added to
chain 'pkt-sm' (order 3 index 17 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'amp' added to chain
'pkt-sm' (order 4 index 10 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'disco' added to
chain 'pkt-sm' (order 5 index 9 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'announce' added to
chain 'pkt-sm' (order 6 index 12 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'help' added to chain
'pkt-sm' (order 7 index 18 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'echo' added to chain
'pkt-sm' (order 8 index 19 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'status' added to
chain 'pkt-sm' (order 9 index 0 seq 3)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'presence' added to
chain 'pkt-sm' (order 10 index 13 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'roster' added to
chain 'pkt-user' (order 0 index 4 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'presence' added to
chain 'pkt-user' (order 1 index 13 seq 3)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-vcard' added to
chain 'pkt-user' (order 2 index 6 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'amp' added to chain
'pkt-user' (order 3 index 10 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'deliver' added to
chain 'pkt-user' (order 4 index 14 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'vacation' added to
chain 'pkt-user' (order 5 index 5 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'offline' added to
chain 'pkt-user' (order 6 index 11 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-last' added to
chain 'pkt-user' (order 7 index 1 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'session' added to
chain 'pkt-router' (order 0 index 15 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'disco' added to
chain 'pkt-router' (order 1 index 9 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'active' added to
chain 'user-load' (order 0 index 20 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'roster' added to
chain 'user-load' (order 1 index 4 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'roster-publish'
added to chain 'user-load' (order 2 index 21 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'privacy' added to
chain 'user-load' (order 3 index 3 seq 3)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'vacation' added to
chain 'user-load' (order 4 index 5 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'active' added to
chain 'user-create' (order 0 index 20 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'template-roster'
added to chain 'user-create' (order 1 index 22 seq 0)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'active' added to
chain 'user-delete' (order 0 index 20 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'announce' added to
chain 'user-delete' (order 1 index 12 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'offline' added to
chain 'user-delete' (order 2 index 11 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'privacy' added to
chain 'user-delete' (order 3 index 3 seq 4)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'roster' added to
chain 'user-delete' (order 4 index 4 seq 3)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'vacation' added to
chain 'user-delete' (order 5 index 5 seq 3)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'status' added to
chain 'user-delete' (order 6 index 0 seq 4)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-last' added to
chain 'user-delete' (order 7 index 1 seq 3)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-private' added to
chain 'user-delete' (order 8 index 8 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-vcard' added to
chain 'user-delete' (order 9 index 6 seq 2)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'iq-version' added to
chain 'disco-extend' (order 0 index 17 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: module 'help' added to chain
'disco-extend' (order 1 index 18 seq 1)
Jan 24 14:15:32 myserver jabberd/sm[24802]: version: jabberd sm 2.2.14
Jan 24 14:15:32 myserver jabberd/sm[24802]: [myserver.fqdn] configured
Jan 24 14:15:32 myserver jabberd/sm[24802]: [localhost.localdomain]
configured
Jan 24 14:15:32 myserver jabberd/sm[24802]: attempting connection to
router at ::1, port=5347
Jan 24 14:15:32 myserver jabberd/router[24795]: [::1, port=56046]
connect
Jan 24 14:15:32 myserver jabberd/router[24795]: [::1, port=56046]
authenticated as jabberd at jabberd-router
Jan 24 14:15:32 myserver jabberd/sm[24802]: connection to router
established
Jan 24 14:15:32 myserver jabberd/router[24795]: [myserver.isdc.unige.ch]
online (bound to ::1, port 56046)
Jan 24 14:15:32 myserver jabberd/router[24795]: [localhost.localdomain]
online (bound to ::1, port 56046)
Jan 24 14:15:32 myserver jabberd/sm[24802]: myserver.isdc.unige.ch ready
for sessions
Jan 24 14:15:32 myserver jabberd/c2s[24809]: starting up
Jan 24 14:15:32 myserver jabberd/c2s[24809]: process id is 24809,
written to /var/lib/jabberd/pid/c2s.pid
Jan 24 14:15:32 myserver jabberd/c2s[24809]: modules search
path: /usr/lib64/jabberd
Jan 24 14:15:32 myserver jabberd/c2s[24809]: loading 'db' authreg module
Jan 24 14:15:32 myserver jabberd/c2s[24809]: initialized auth module
'db'
Jan 24 14:15:32 myserver jabberd/c2s[24809]: [myserver.isdc.unige.ch]
configured; realm=, registration enabled
Jan 24 14:15:32 myserver jabberd/c2s[24809]: attempting connection to
router at ::1, port=5347
Jan 24 14:15:32 myserver jabberd/router[24795]: [::1, port=56048]
connect
Jan 24 14:15:32 myserver jabberd/router[24795]: [::1, port=56048]
authenticated as jabberd at jabberd-router
Jan 24 14:15:32 myserver jabberd/c2s[24809]: connection to router
established
Jan 24 14:15:32 myserver jabberd/router[24795]: [c2s] online (bound
to ::1, port 56048)
Jan 24 14:15:32 myserver jabberd/s2s[24816]: starting up (interval=3,
queue=60, keepalive=0, idle=86400)
Jan 24 14:15:32 myserver jabberd/s2s[24816]: process id is 24816,
written to /var/lib/jabberd/pid/s2s.pid
Jan 24 14:15:32 myserver jabberd/s2s[24816]: attempting connection to
router at ::1, port=5347
Jan 24 14:15:32 myserver jabberd/router[24795]: [::1, port=56050]
connect
Jan 24 14:15:32 myserver jabberd/router[24795]: [::1, port=56050]
authenticated as jabberd at jabberd-router
Jan 24 14:15:32 myserver jabberd/s2s[24816]: connection to router
established
Jan 24 14:15:32 myserver jabberd/router[24795]: [s2s] set as default
route
Jan 24 14:15:32 myserver jabberd/router[24795]: [s2s] online (bound
to ::1, port 56050)
Jan 24 14:15:32 myserver jabberd/c2s[24809]: [::, port=5222] listening
for connections
Jan 24 14:15:32 myserver jabberd/c2s[24809]: ready for connections
What am doing wrong, thanks in advance ?
i see on redhat website, spacewalk , fedora website but i can't resolve
my issue durng two weeks about ssl issue like this :
https://access.redhat.com/site/solutions/22692
--
Cheers,
Manuel CARRILLO.
System Administrator
Department of Astronomy - University of Geneva
16, ch. d'Ecogia
CH-1290 VERSOIX
Tel.: +41 (0)22 379 21 53
More information about the Spacewalk-list
mailing list