[Spacewalk-list] problems with osad

Daryl Rose darylrose at outlook.com
Wed Aug 19 15:02:53 UTC 2015 

I decided to revert my two clients back to initial install (I love VM :) )  I recreated the certificate on the spacewalk server and re-registered both clients.  All is now good.  I am now scheduling updates, and osad is picking them up and patching my systems.

Thank you to everyone who replied and gave me assistance.

Daryl


________________________________________
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Daryl Rose <darylrose at outlook.com>
Sent: Tuesday, August 18, 2015 2:04 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] problems with osad

Firewall is not running on any of my demo/test servers.  One of the first things that I do when building a new server is shutdown, and disable iptables.  I verified just to make sure before I posted this reply.

>From the documentation that I read, the osad is supposed to use the same cert that is defied in the up2date file, unless I need a different one, then I would configure osad.conf to point to that cert.

As I was typing this reply, I decided to test using rhn_check again.  This time, I received an error telling me there were SSL errors.  Certificate verify failed.  So, perhaps I am still having certificate errors and perhaps when I ran the rhn_check previously it was just a fluke.

I'll do some more digging and post back.

Thank you.

Daryl

________________________________________
From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Sebastian Meyer <meyer at b1-systems.de>
Sent: Tuesday, August 18, 2015 1:24 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] problems with osad

Hi Daryl,

the check in interval is for rhnsd, not osad. The first is checking in
regularly, minimum interval is 60 minutes. The latter is for instant
communication between server and clients.

So you schedule an action, the clients get notified via
osa-dispatcher/osad that there are new events.

You renewed your certificate, did you also replace the one
osa-dispatcher is using? If you have build an rpm for the certificate
that should have taken care of that, otherwise you might need to switch
the osa-dispatcher certificate for the new one..

On your spacewalk server, are the jabber services and osa-dispatcher
running? -> check with 'spacewalk-service status'

On the firewall, are the necessary ports open? See
https://fedorahosted.org/spacewalk/wiki/HowToInstall for the
ports/directions they have to be open

Regards
Sebastian

On 18.08.2015 20:10, Daryl Rose wrote:
> Larry,
>
> I hope that you don't mind me piggybacking on to your posting, but I'm dealing with osad issue myself and instead of starting a new thread, I thought that I would hijack yours. :)
>
> Anyway, I've been working on a Proof-of-Concept  Spacewalk environment.  I've finally worked through all of my previous issues and the last hurdle to jump over is OSAD.
>
> The original issue that I had was the osa-dispatcher not starting.  I finally found a posting online that stopped the jabber and osa-dispatcher, remove the jabber db files and restart jabber, followed by osa-dispatcher.  Dispatcher finally started, and stayed running.
>
> Next I adjusted the interval for osad to check in.  The default was 240, but I changed it to 60 minutes, so the updates will get picked up quicker.  I don't want to wait for four hours to see if things work or not.
>
> After two hours, the updates had not been picked up. I read this posting and tried running the osad command manually:
> osad -N -v -v -v -v as.  I get "Unable to connect to jabber servers, sleeping 114 seconds".
>
> I tried what you used to resolve your issue Larry:
> 1) service osad stop
> 2) /bin/rm /etc/sysconfig/rhn/osad-auth.conf
> 3) service osad start
>
> But that did not resolve my issue.
>
> Just to let everyone know, I did recently change the certificate on the server and re-registered my clients.  The original certificate did not contain the FQDN of the server and the SLES 11 client would not work unless I recreated the certificate.  I unregistered both of my test clients, RHEL 6.x and SLES 11, and re-registered both of them using the latest certificate.  I can update both environments using the rhn_check -vv, so I'm assuming that the certificate is working just fine.  And yes, the FQDN in the certificate matched the FQDN in the up2date config file.
>
> What else should I check, or tweak in order to get osad working?
>
> Thanks
>
> Daryl
> ________________________________________
> From: spacewalk-list-bounces at redhat.com <spacewalk-list-bounces at redhat.com> on behalf of Clegg, Larry E [HDS] <Larry.Clegg at hdsupply.com>
> Sent: Tuesday, August 18, 2015 11:52 AM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] problems with osad
>
> Thank you Silvio...you identified the issue.....we're a heavy VMware shop with lots of clones and systems built from templates.  The templates work great but apparently my clone script is missing the removal of the osad-auth.conf file.
>
> I did these three steps on all the problem systems:
> 1) service osad stop
> 2) /bin/rm /etc/sysconfig/rhn/osad-auth.conf
> 3) service osad start
>
> All of the problem systems began responding correctly to OSAD requests.
>
> I also updated my clone script to accommodate for this issue.  Thank you Thank you Thank you,
>
> Larry
>
> -----Original Message-----
> From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Silvio Moioli
> Sent: Sunday, August 16, 2015 11:26 PM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] problems with osad
>
> On 14/08/2015 18:36, Larry E [HDS] Clegg wrote:
>> SSLError: ('OpenSSL error; will retry', "(-1, 'Unexpected EOF')")
>
> This means that the XMPP connection between client and server got interrupted from the server side, which leads me to the following hypotheses:
>
>   - you have networking problems, like dropped packets, which broke the connection;
>   - server has interrupted the connection because two clients have the same OSAD auth credentials (identical osad-auth.conf files across different hosts). This can happen if some clients are cloned virtual machines, cure is simply to delete those files and they will be automatically regenerated;
>   - client tools version is badly outdated.
>
> After checking the above I would recommend a Wireshark capture to figure out what went wrong. At least you should be able to see if there are networking issues or not. Here are instructions and commands for SUSE Manager on SLES:
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.novell.com_index.php_SUSE-5FManager_XMPPDumping&d=BQIF-g&c=_8VcuiJ--MukFqz6Sy5gel64o52_IbhiNdatg8Zb5Gs&r=b7IEz3ofaK6POXcDGRHJcwu-GqbKHox-4tfx-bQLxLo&m=GYrj7GE9nD2eN90AdDoTRjarEsgB39EugzpSnrXHIjA&s=JIrQMKoWUoDQ3Fn8jd_0pf4ZJKHZJ2TSrAdc8vLOxtw&e=
>
> In your setup instructions are still valid, while commands need a little tweaking.
>
> Hth,
> --
> Silvio Moioli
> SUSE LLC
> Maxfeldstraße 5, 90409 Nürnberg Germany
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailman_listinfo_spacewalk-2Dlist&d=BQIF-g&c=_8VcuiJ--MukFqz6Sy5gel64o52_IbhiNdatg8Zb5Gs&r=b7IEz3ofaK6POXcDGRHJcwu-GqbKHox-4tfx-bQLxLo&m=GYrj7GE9nD2eN90AdDoTRjarEsgB39EugzpSnrXHIjA&s=i4ObyA0JwB0e4M4t4fv1f6qA5LegFDsSUGU5ql2LN38&e=
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
--
Sebastian Meyer
Linux Consultant & Trainer

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537


_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-list

More information about the Spacewalk-list mailing list