[Spacewalk-list] spacewalk: jabber/osad connection issue
Jérôme Meyer
Jerome.Meyer at lcsystems.ch
Fri Jul 6 06:12:39 UTC 2018
Thanks for your reply
I need to get the port number with this command and I’m using 5222
This command does a CONNECTED(00000003) but return these following errors: (Do you need the whole output?)
Client side
================================================
# echo 1 | openssl s_client -connect serverXXX.YYY.ZZZ:5222 -starttls xmpp
[…]
verify error:num=20:unable to get local issuer certificate
verify return:1
[…]
verify error:num=21:unable to verify the first certificate
verify return:1
[…]
No client certificate CA names sent
[…]
CA and server certificates was provided by the command rhn-ssl-tool --gen-ca and –gen-server as provided by the spacewalk documentation.
On the server, I’ve used the default configuration for c2s.xml, with the require-starttls… please see value below, is it so ok?
Server side
================================================
<c2s>
<id>c2s</id>
<pidfile>/var/lib/jabberd/pid/c2s.pid</pidfile>
<router>
<ip>::1</ip> <!-- default: 127.0.0.1 -->
<port>5347</port> <!-- default: 5347 -->
<user>jabberd</user> <!-- default: jabberd -->
<pass>505f47a1d372b23eec4942bfaa0cac1ff0c6dfe1</pass> <!-- default: secret -->
<init>3</init>
<lost>3</lost>
<sleep>2</sleep>
</router>
<log type="file">
<file>/var/log/jabberd/c2s.log</file>
</log>
<local>
<id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true"> serverXXX.YYY.ZZZ </id>
<ip>::</ip>
<port>5222</port>
</local>
<io>
<max_fds>1024</max_fds>
<limits>
<bytes>0</bytes>
<stanzas>0</stanzas>
<connects>0</connects>
<stanzasize>0</stanzasize>
</limits>
<access>
<order>allow,deny</order>
</access>
<check>
<interval>120</interval>
<idle>120</idle>
<keepalive>120</keepalive>
</check>
</io>
<authreg>
<path>/usr/lib64/jabberd</path>
<module>pgsql</module>
<pgsql>
<conninfo>dbname=jabberd2DB user=jabberd2 password=XXXXXXXXX</conninfo>
<host>localhost</host>
<port>5432</port>
<dbname>jabberd2</dbname>
<schema>public</schema>
<user>jabberd2</user>
<pass>505f47a1d372b23eec4942bfaa0cac1ff0c6dfe1</pass>
</pgsql>
<pipe>
<exec>/usr/bin/pipe-auth.pl</exec>
</pipe>
</authreg>
</c2s>
Best, J.
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Matt Moldvan
Sent: Donnerstag, 5. Juli 2018 15:56
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] spacewalk: jabber/osad connection issue
From the client, try "echo 1 | openssl s_client -connect serverXXX.YYY.ZZZ -starttls xmpp". Does the client throw any errors about not being able to verify the certificate presented by the server? Is the CA cert used to generate that certificate present on the client?
Also, what is in /etc/jabber/c2s.xml in the line referring to the SSL configuration?
On Thu, Jul 5, 2018 at 8:07 AM Jérôme Meyer <Jerome.Meyer at lcsystems.ch<mailto:Jerome.Meyer at lcsystems.ch>> wrote:
Hi All,
I’ve cloned the spacewalk server to check the connection issue. I always need TO USE the rhn_check to execute the spacewalk tasks.
Some changes was done on this server/client :
- Configure NTP
- Re-configure Certificat with the FQDN name.
- Change the local jabber DB to PostgreSQL.
- Read some RHEL docs and do the following: https://github.com/spacewalkproject/spacewalk/wiki/JabberAndOSAD
The following error appears in osad from client:
===========================================
2018-07-05 13:36:40 rhn_log.log_error: 0 Received an error stanza: <error><host-gone xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' /><text xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' >connection timed out</text></error>
2018-07-05 13:36:50 rhn_log.log_error: 0 Error caught:
2018-07-05 13:36:50 rhn_log.log_error: 0 Traceback (most recent call last):
File "/usr/share/rhn/osad/jabber_lib.py", line 121, in main
self.process_forever(c)
File "/usr/share/rhn/osad/jabber_lib.py", line 179, in process_forever
self.process_once(client)
File "/usr/share/rhn/osad/osad.py", line 252, in process_once
client.process(timeout=180)
File "/usr/share/rhn/osad/jabber_lib.py", line 1076, in process
data = self._read(self.BLOCK_SIZE)
SSLError: ('OpenSSL error; will retry', "(-1, 'Unexpected EOF')")
When I start the “debugging” mode, here’re the result:
===========================================
# osad -N -vvv
2018-07-05 13:40:40 osad._setup_config: Updating configuration
2018-07-05 13:40:41 osad._setup_config: Time drift 1
2018-07-05 13:40:41 osad._setup_config: Client name ffe44b07bf9d5d1a
2018-07-05 13:40:41 osad._setup_config: Shared key 9a3d699d574f4173c1028f6a50e08b16723d4eba
2018-07-05 13:40:41 jabber_lib.setup_connection: Connecting to serverXXX.YYY.ZZZ
2018-07-05 13:40:41 jabber_lib._get_jabber_client:
2018-07-05 13:40:41 jabber_lib._get_jabber_client: Connecting to serverXXX.YYY.ZZZ
2018-07-05 13:40:41 jabber_lib.__init__:
2018-07-05 13:40:41 jabber_lib.__init__:
2018-07-05 13:40:41 jabber_lib.connect:
2018-07-05 13:40:41 jabber_lib.process: 300
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib.setup_connection: Connected to jabber server serverXXX.YYY.ZZZ
2018-07-05 13:40:41 osad_client.start: osad-d80b05695e 073290d0f3512c216958 osad
2018-07-05 13:40:41 jabber_lib.auth: osad-d80b05695e 073290d0f3512c216958 osad 1
2018-07-05 13:40:41 jabber_lib.process: 59.9999859333
2018-07-05 13:40:41 jabber_lib.process: 299.999978065
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method Client._roster_callback of <osad.osad_client.Client object at 0x7eff0baaef50>> iq None None None None
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib._roster_callback: Updating the roster <iq type='result' id='iq-request-6c1b20-2'><query xmlns = 'jabber:iq:roster' ><item ask='subscribe' jid='rhn-dispatcher-sat at serverXXX' subscription='none' /></query></iq>
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method Client._presence_callback of <osad.osad_client.Client object at 0x7eff0baaef50>> presence None None None None
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method Client._message_callback of <osad.osad_client.Client object at 0x7eff0baaef50>> message None None None None
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method Runner._error_callback of <osad.osad.Runner instance at 0x7eff0bb58248>> error None None None None
2018-07-05 13:40:41 jabber_lib.send_presence: None None
2018-07-05 13:40:41 jabber_lib.process_forever:
2018-07-05 13:40:41 jabber_lib.process: 180
Unfortunately, I didn’t have any more idea to do and in which way I should to go to find this problem.
Has someone has an idea or more experience with this issue?
Thanks in advance and best regards,
Jerome
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180706/ff5f7710/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180706/ff5f7710/attachment.p7s>
More information about the Spacewalk-list
mailing list