[Spacewalk-list] osa-dispatcher fails to start with null ssl error

Adams, Nick adamsn at stifel.com
Fri Dec 22 14:59:10 UTC 2017 

All,

I have ran into what I hope is a simple misconfiguration during setup. I am unable to start the osa-dispatcher service:

[root at SNCFGSPWD01S ~]# spacewalk-service restart
Shutting down spacewalk services...
Redirecting to /bin/systemctl stop taskomatic.service
Stopping cobblerd (via systemctl):                         [  OK  ]
Redirecting to /bin/systemctl stop rhn-search.service
Redirecting to /bin/systemctl stop osa-dispatcher.service
Redirecting to /bin/systemctl stop httpd.service
Redirecting to /bin/systemctl stop tomcat.service
Redirecting to /bin/systemctl stop jabberd.service
Done.
Starting spacewalk services...
Redirecting to /bin/systemctl start jabberd.service
Redirecting to /bin/systemctl start tomcat.service
Waiting for tomcat to be ready ...
Redirecting to /bin/systemctl start httpd.service
Redirecting to /bin/systemctl start osa-dispatcher.service
Job for osa-dispatcher.service failed because the control process exited with error code. See "systemctl status osa-dispatcher.service" and "journalctl -xe" for details.
Redirecting to /bin/systemctl start rhn-search.service
Starting cobblerd (via systemctl):                         [  OK  ]
Redirecting to /bin/systemctl start taskomatic.service
Done.

When reviewing the osa-dispatcher log:
2017/12/21 13:30:36 -05:00 3040 0.0.0.0: osad/jabber_lib.__init__
2017/12/21 13:30:36 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/21 13:30:37 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/21 13:30:38 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n')
2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.print_message('SSLError',)
2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S')
2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:')

Some Jabber specific configs:
[root at SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
/etc/jabberd/c2s.xml:    <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:  <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:    <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:    <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:    <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:    <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:    <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml:    <id>SNCFGSPWD01S</id>


Seeing as this is an SSL error, makes sense to include these:
[root at SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject
        Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com<mailto:CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com>
[root at SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject
        Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com


The OSA configuration portion of rhn.conf:
# OSA configuration #

server.jabber_server = SNCFGSPWD01S
osa-dispatcher.jabber_server = SNCFGSPWD01S

# set up SSL on the dispatcher
osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

# system snapshots enabled
enable_snapshots = 1

#cobbler host name
cobbler.host = SNCFGSPWD01S



And finally the contents of the up2date.conf:
# Red Hat Update Agent config file.
# Format: 1.0

debug[comment]=Whether or not debugging is enabled
debug=0

systemIdPath[comment]=Location of system id
systemIdPath=/etc/sysconfig/rhn/systemid

serverURL[comment]=Remote server URL (use FQDN)
serverURL=https://sncfgspwd01s/XMLRPC

hostedWhitelist[comment]=RHN Hosted URL's
hostedWhitelist=

enableProxy[comment]=Use a HTTP Proxy
enableProxy=0

versionOverride[comment]=Override the automatically determined system version
versionOverride=

httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
httpProxy=

noReboot[comment]=Disable the reboot actions
noReboot=0

networkRetries[comment]=Number of attempts to make at network connections before giving up
networkRetries=1

disallowConfChanges[comment]=Config options that can not be overwritten by a config update action
disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;serverURL;disallowConfChanges;

sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

# Akamai does not support http protocol, therefore setting this option as side effect disable "Location aware" function
useNoSSLForPackages[comment]=Use HTTP for package, package list, and header fetching (disable Akamai)
useNoSSLForPackages=0

retrieveOnly[comment]=Retrieve packages only
retrieveOnly=0

skipNetwork[comment]=Skips network information in hardware profile sync during registration.
skipNetwork=0

writeChangesToLog[comment]=Log to /var/log/up2date which packages has been added and removed
writeChangesToLog=0

stagingContent[comment]=Retrieve content of future actions in advance
stagingContent=1

stagingContentWindow[comment]=How much forward we should look for future actions. In hours.
stagingContentWindow=24


Any help would be greatly appreciated! Thanks so much!

-Nick


[new_sig]
[stifel-sig]

This message, and any of its attachments, is for the intended recipient(s) only, and it may contain information that is privileged, confidential, and/or proprietary and subject to important terms and conditions available at http://www.stifel.com/disclosures/emaildisclaimers/. If you are not the intended recipient, please delete this message and immediately notify the sender. No confidentiality, privilege, or property rights are waived or lost by any errors in transmission.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/fb6a0d3d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5501 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/fb6a0d3d/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6099 bytes
Desc: image002.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/fb6a0d3d/attachment-0001.png>

More information about the Spacewalk-list mailing list