[Spacewalk-list] osa-dispatcher fails to start with null ssl error
Adams, Nick
adamsn at stifel.com
Fri Dec 22 16:29:42 UTC 2017
Thanks Vipul for the quick reply! I’ve updated the hostname to be an fqdn that is resolvable via DNS, though the same error still persists.
Please see the following changes:
[root at SNCFGSPWD01S ~]# cat /etc/hostname
SNCFGSPWD01S.stifelnet.stifel.local
Osa-dispatcher.log:
2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.__init__
2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/22 10:06:37 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/22 10:06:38 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n')
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('SSLError',)
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S.stifelnet.stifel.local')
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:')
rhn.conf:
# OSA configuration #
server.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local
osa-dispatcher.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local
# set up SSL on the dispatcher
osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
# system snapshots enabled
enable_snapshots = 1
#cobbler host name
cobbler.host = SNCFGSPWD01S.stifelnet.stifel.local
SSL subjects:
[root at SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local, CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=adamsn at stifel.com
[root at SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local, CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=adamsn at stifel.com
Jabber configs:
[root at SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
/etc/jabberd/c2s.xml: <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
[root at SNCFGSPWD01S ~]# grep require-starttls /etc/jabberd/c2s.xml | grep pemfile
<id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id>
Thanks!
[new_sig]
[stifel-sig]
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Vipul Sharma (DevOps)
Sent: Friday, December 22, 2017 9:56 AM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] osa-dispatcher fails to start with null ssl error
Some pointers -
* Your hostname should match your FQDN -
* Compare your SSL certs between /var/jabberd/server.pem & /etc/pki/spacewalk/server.pem - They should be same.
* CN & OU should be your FQDN in your .crt & .pem files.
Thanks
Vipul
On Fri, Dec 22, 2017 at 8:29 PM, Adams, Nick <adamsn at stifel.com<mailto:adamsn at stifel.com>> wrote:
All,
I have ran into what I hope is a simple misconfiguration during setup. I am unable to start the osa-dispatcher service:
[root at SNCFGSPWD01S ~]# spacewalk-service restart
Shutting down spacewalk services...
Redirecting to /bin/systemctl stop taskomatic.service
Stopping cobblerd (via systemctl): [ OK ]
Redirecting to /bin/systemctl stop rhn-search.service
Redirecting to /bin/systemctl stop osa-dispatcher.service
Redirecting to /bin/systemctl stop httpd.service
Redirecting to /bin/systemctl stop tomcat.service
Redirecting to /bin/systemctl stop jabberd.service
Done.
Starting spacewalk services...
Redirecting to /bin/systemctl start jabberd.service
Redirecting to /bin/systemctl start tomcat.service
Waiting for tomcat to be ready ...
Redirecting to /bin/systemctl start httpd.service
Redirecting to /bin/systemctl start osa-dispatcher.service
Job for osa-dispatcher.service failed because the control process exited with error code. See "systemctl status osa-dispatcher.service" and "journalctl -xe" for details.
Redirecting to /bin/systemctl start rhn-search.service
Starting cobblerd (via systemctl): [ OK ]
Redirecting to /bin/systemctl start taskomatic.service
Done.
When reviewing the osa-dispatcher log:
2017/12/21 13:30:36 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.__init__
2017/12/21 13:30:36 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/21 13:30:37 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/21 13:30:38 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n')
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.print_message('SSLError',)
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S')
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.main('ERROR', 'Error caught:')
Some Jabber specific configs:
[root at SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
/etc/jabberd/c2s.xml: <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
Seeing as this is an SSL error, makes sense to include these:
[root at SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com<mailto:CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com>
[root at SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com<mailto:adamsn at stifel.com>
The OSA configuration portion of rhn.conf:
# OSA configuration #
server.jabber_server = SNCFGSPWD01S
osa-dispatcher.jabber_server = SNCFGSPWD01S
# set up SSL on the dispatcher
osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
# system snapshots enabled
enable_snapshots = 1
#cobbler host name
cobbler.host = SNCFGSPWD01S
And finally the contents of the up2date.conf:
# Red Hat Update Agent config file.
# Format: 1.0
debug[comment]=Whether or not debugging is enabled
debug=0
systemIdPath[comment]=Location of system id
systemIdPath=/etc/sysconfig/rhn/systemid
serverURL[comment]=Remote server URL (use FQDN)
serverURL=https://sncfgspwd01s/XMLRPC
hostedWhitelist[comment]=RHN Hosted URL's
hostedWhitelist=
enableProxy[comment]=Use a HTTP Proxy
enableProxy=0
versionOverride[comment]=Override the automatically determined system version
versionOverride=
httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128<http://squid.redhat.com:3128>
httpProxy=
noReboot[comment]=Disable the reboot actions
noReboot=0
networkRetries[comment]=Number of attempts to make at network connections before giving up
networkRetries=1
disallowConfChanges[comment]=Config options that can not be overwritten by a config update action
disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;serverURL;disallowConfChanges;
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# Akamai does not support http protocol, therefore setting this option as side effect disable "Location aware" function
useNoSSLForPackages[comment]=Use HTTP for package, package list, and header fetching (disable Akamai)
useNoSSLForPackages=0
retrieveOnly[comment]=Retrieve packages only
retrieveOnly=0
skipNetwork[comment]=Skips network information in hardware profile sync during registration.
skipNetwork=0
writeChangesToLog[comment]=Log to /var/log/up2date which packages has been added and removed
writeChangesToLog=0
stagingContent[comment]=Retrieve content of future actions in advance
stagingContent=1
stagingContentWindow[comment]=How much forward we should look for future actions. In hours.
stagingContentWindow=24
Any help would be greatly appreciated! Thanks so much!
-Nick
[new_sig]
[stifel-sig]
This message, and any of its attachments, is for the intended recipient(s) only, and it may contain information that is privileged, confidential, and/or proprietary and subject to important terms and conditions available at http://www.stifel.com/disclosures/emaildisclaimers/. If you are not the intended recipient, please delete this message and immediately notify the sender. No confidentiality, privilege, or property rights are waived or lost by any errors in transmission.
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
Please consider the environment before printing this email.
*********************************************************************
This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person.
Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity.
This message has been checked for viruses on behalf of the company.
*********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/de452116/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5501 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/de452116/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6099 bytes
Desc: image002.png
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/de452116/attachment-0001.png>
More information about the Spacewalk-list
mailing list