[Spacewalk-list] osa-dispatcher fails to start with null ssl error
Bruce Wainer
bruce at brucewainer.com
Fri Dec 22 20:40:39 UTC 2017
Hostname for spacewalk/satellite servers can be lowercase only, otherwise it causes exactly the type of issue with OSA that you are experiencing. This is documented in the satellite documentation, and was added just days ago to the spacewalk wiki.
> On Dec 22, 2017, at 11:29 AM, Adams, Nick <adamsn at stifel.com> wrote:
>
> Thanks Vipul for the quick reply! I’ve updated the hostname to be an fqdn that is resolvable via DNS, though the same error still persists.
>
> Please see the following changes:
> [root at SNCFGSPWD01S ~]# cat /etc/hostname
> SNCFGSPWD01S.stifelnet.stifel.local
>
> Osa-dispatcher.log:
> 2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.__init__
> 2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
> 2017/12/22 10:06:37 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
> 2017/12/22 10:06:38 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
> 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n')
> 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('SSLError',)
> 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S.stifelnet.stifel.local')
> 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:')
>
> rhn.conf:
> # OSA configuration #
>
> server.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local
> osa-dispatcher.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local
>
> # set up SSL on the dispatcher
> osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
>
> # system snapshots enabled
> enable_snapshots = 1
>
> #cobbler host name
> cobbler.host = SNCFGSPWD01S.stifelnet.stifel.local
>
>
> SSL subjects:
> [root at SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject
> Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local, CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=adamsn at stifel.com
> [root at SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject
> Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local, CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=adamsn at stifel.com
>
>
> Jabber configs:
> [root at SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
> /etc/jabberd/c2s.xml: <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
> [root at SNCFGSPWD01S ~]# grep require-starttls /etc/jabberd/c2s.xml | grep pemfile
> <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id>
>
>
> Thanks!
>
>
> <image001.png>
>
>
> From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Vipul Sharma (DevOps)
> Sent: Friday, December 22, 2017 9:56 AM
> To: spacewalk-list at redhat.com
> Subject: Re: [Spacewalk-list] osa-dispatcher fails to start with null ssl error
>
> Some pointers -
>
> Your hostname should match your FQDN -
> Compare your SSL certs between /var/jabberd/server.pem & /etc/pki/spacewalk/server.pem - They should be same.
> CN & OU should be your FQDN in your .crt & .pem files.
> Thanks
>
> Vipul
>
>
>
> On Fri, Dec 22, 2017 at 8:29 PM, Adams, Nick <adamsn at stifel.com> wrote:
> All,
>
> I have ran into what I hope is a simple misconfiguration during setup. I am unable to start the osa-dispatcher service:
>
> [root at SNCFGSPWD01S ~]# spacewalk-service restart
> Shutting down spacewalk services...
> Redirecting to /bin/systemctl stop taskomatic.service
> Stopping cobblerd (via systemctl): [ OK ]
> Redirecting to /bin/systemctl stop rhn-search.service
> Redirecting to /bin/systemctl stop osa-dispatcher.service
> Redirecting to /bin/systemctl stop httpd.service
> Redirecting to /bin/systemctl stop tomcat.service
> Redirecting to /bin/systemctl stop jabberd.service
> Done.
> Starting spacewalk services...
> Redirecting to /bin/systemctl start jabberd.service
> Redirecting to /bin/systemctl start tomcat.service
> Waiting for tomcat to be ready ...
> Redirecting to /bin/systemctl start httpd.service
> Redirecting to /bin/systemctl start osa-dispatcher.service
> Job for osa-dispatcher.service failed because the control process exited with error code. See "systemctl status osa-dispatcher.service" and "journalctl -xe" for details.
> Redirecting to /bin/systemctl start rhn-search.service
> Starting cobblerd (via systemctl): [ OK ]
> Redirecting to /bin/systemctl start taskomatic.service
> Done.
>
> When reviewing the osa-dispatcher log:
> 2017/12/21 13:30:36 -05:00 3040 0.0.0.0: osad/jabber_lib.__init__
> 2017/12/21 13:30:36 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
> 2017/12/21 13:30:37 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
> 2017/12/21 13:30:38 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',)
> 2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n')
> 2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.print_message('SSLError',)
> 2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S')
> 2017/12/21 13:30:39 -05:00 3040 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:')
>
> Some Jabber specific configs:
> [root at SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
> /etc/jabberd/c2s.xml: <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
>
>
> Seeing as this is an SSL error, makes sense to include these:
> [root at SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject
> Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com
> [root at SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject
> Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=adamsn at stifel.com
>
>
> The OSA configuration portion of rhn.conf:
> # OSA configuration #
>
> server.jabber_server = SNCFGSPWD01S
> osa-dispatcher.jabber_server = SNCFGSPWD01S
>
> # set up SSL on the dispatcher
> osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
>
> # system snapshots enabled
> enable_snapshots = 1
>
> #cobbler host name
> cobbler.host = SNCFGSPWD01S
>
>
>
> And finally the contents of the up2date.conf:
> # Red Hat Update Agent config file.
> # Format: 1.0
>
> debug[comment]=Whether or not debugging is enabled
> debug=0
>
> systemIdPath[comment]=Location of system id
> systemIdPath=/etc/sysconfig/rhn/systemid
>
> serverURL[comment]=Remote server URL (use FQDN)
> serverURL=https://sncfgspwd01s/XMLRPC
>
> hostedWhitelist[comment]=RHN Hosted URL's
> hostedWhitelist=
>
> enableProxy[comment]=Use a HTTP Proxy
> enableProxy=0
>
> versionOverride[comment]=Override the automatically determined system version
> versionOverride=
>
> httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128
> httpProxy=
>
> noReboot[comment]=Disable the reboot actions
> noReboot=0
>
> networkRetries[comment]=Number of attempts to make at network connections before giving up
> networkRetries=1
>
> disallowConfChanges[comment]=Config options that can not be overwritten by a config update action
> disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;serverURL;disallowConfChanges;
>
> sslCACert[comment]=The CA cert used to verify the ssl server
> sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
>
> # Akamai does not support http protocol, therefore setting this option as side effect disable "Location aware" function
> useNoSSLForPackages[comment]=Use HTTP for package, package list, and header fetching (disable Akamai)
> useNoSSLForPackages=0
>
> retrieveOnly[comment]=Retrieve packages only
> retrieveOnly=0
>
> skipNetwork[comment]=Skips network information in hardware profile sync during registration.
> skipNetwork=0
>
> writeChangesToLog[comment]=Log to /var/log/up2date which packages has been added and removed
> writeChangesToLog=0
>
> stagingContent[comment]=Retrieve content of future actions in advance
> stagingContent=1
>
> stagingContentWindow[comment]=How much forward we should look for future actions. In hours.
> stagingContentWindow=24
>
>
> Any help would be greatly appreciated! Thanks so much!
>
> -Nick
>
>
> <image001.png>
>
>
>
> This message, and any of its attachments, is for the intended recipient(s) only, and it may contain information that is privileged, confidential, and/or proprietary and subject to important terms and conditions available at http://www.stifel.com/disclosures/emaildisclaimers/. If you are not the intended recipient, please delete this message and immediately notify the sender. No confidentiality, privilege, or property rights are waived or lost by any errors in transmission.
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
>
>
> Please consider the environment before printing this email.
> *********************************************************************
> This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s).
> If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person.
> Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity.
> This message has been checked for viruses on behalf of the company.
> *********************************************************************
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/cd3ed6f2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6099 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/cd3ed6f2/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6099 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20171222/cd3ed6f2/attachment-0001.png>
More information about the Spacewalk-list
mailing list