Thank you Bruce, you have just made my holidays complete! Worked like a charm, service is now starting successfully!
Thank you, [new_sig] [stifel-sig] From: spacewalk-list-boun...@redhat.com [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of Bruce Wainer Sent: Friday, December 22, 2017 2:41 PM To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] osa-dispatcher fails to start with null ssl error Hostname for spacewalk/satellite servers can be lowercase only, otherwise it causes exactly the type of issue with OSA that you are experiencing. This is documented in the satellite documentation, and was added just days ago to the spacewalk wiki. On Dec 22, 2017, at 11:29 AM, Adams, Nick <ada...@stifel.com<mailto:ada...@stifel.com>> wrote: Thanks Vipul for the quick reply! I’ve updated the hostname to be an fqdn that is resolvable via DNS, though the same error still persists. Please see the following changes: [root@SNCFGSPWD01S ~]# cat /etc/hostname SNCFGSPWD01S.stifelnet.stifel.local Osa-dispatcher.log: 2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.__init__ 2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',) 2017/12/22 10:06:37 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',) 2017/12/22 10:06:38 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',) 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n') 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('SSLError',) 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S.stifelnet.stifel.local') 2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:') rhn.conf: # OSA configuration # server.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local osa-dispatcher.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local # set up SSL on the dispatcher osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT # system snapshots enabled enable_snapshots = 1 #cobbler host name cobbler.host = SNCFGSPWD01S.stifelnet.stifel.local SSL subjects: [root@SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local, CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=ada...@stifel.com<mailto:CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=ada...@stifel.com> [root@SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local, CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=ada...@stifel.com<mailto:CN=SNCFGSPWD01S.stifelnet.stifel.local/emailAddress=ada...@stifel.com> Jabber configs: [root@SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml /etc/jabberd/c2s.xml: <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id> [root@SNCFGSPWD01S ~]# grep require-starttls /etc/jabberd/c2s.xml | grep pemfile <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id> Thanks! <image001.png> [stifel-sig] From: spacewalk-list-boun...@redhat.com<mailto:spacewalk-list-boun...@redhat.com> [mailto:spacewalk-list-boun...@redhat.com] On Behalf Of Vipul Sharma (DevOps) Sent: Friday, December 22, 2017 9:56 AM To: spacewalk-list@redhat.com<mailto:spacewalk-list@redhat.com> Subject: Re: [Spacewalk-list] osa-dispatcher fails to start with null ssl error Some pointers - * Your hostname should match your FQDN - * Compare your SSL certs between /var/jabberd/server.pem & /etc/pki/spacewalk/server.pem - They should be same. * CN & OU should be your FQDN in your .crt & .pem files. Thanks Vipul On Fri, Dec 22, 2017 at 8:29 PM, Adams, Nick <ada...@stifel.com<mailto:ada...@stifel.com>> wrote: All, I have ran into what I hope is a simple misconfiguration during setup. I am unable to start the osa-dispatcher service: [root@SNCFGSPWD01S ~]# spacewalk-service restart Shutting down spacewalk services... Redirecting to /bin/systemctl stop taskomatic.service Stopping cobblerd (via systemctl): [ OK ] Redirecting to /bin/systemctl stop rhn-search.service Redirecting to /bin/systemctl stop osa-dispatcher.service Redirecting to /bin/systemctl stop httpd.service Redirecting to /bin/systemctl stop tomcat.service Redirecting to /bin/systemctl stop jabberd.service Done. Starting spacewalk services... Redirecting to /bin/systemctl start jabberd.service Redirecting to /bin/systemctl start tomcat.service Waiting for tomcat to be ready ... Redirecting to /bin/systemctl start httpd.service Redirecting to /bin/systemctl start osa-dispatcher.service Job for osa-dispatcher.service failed because the control process exited with error code. See "systemctl status osa-dispatcher.service" and "journalctl -xe" for details. Redirecting to /bin/systemctl start rhn-search.service Starting cobblerd (via systemctl): [ OK ] Redirecting to /bin/systemctl start taskomatic.service Done. When reviewing the osa-dispatcher log: 2017/12/21 13:30:36 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.__init__ 2017/12/21 13:30:36 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',) 2017/12/21 13:30:37 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',) 2017/12/21 13:30:38 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('Server did not return a <features /> stanza, reconnecting',) 2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See https://access.redhat.com/solutions/45332 for possible solutions.\n') 2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.print_message('SSLError',) 2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.print_message('Could not connect to jabber server', 'SNCFGSPWD01S') 2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>: osad/jabber_lib.main('ERROR', 'Error caught:') Some Jabber specific configs: [root@SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml /etc/jabberd/c2s.xml: <id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm="" register-enable="true">SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> /etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id> Seeing as this is an SSL error, makes sense to include these: [root@SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf | cut -f 2 -d' ') | grep Subject Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=ada...@stifel.com<mailto:CN=SNCFGSPWD01S/emailAddress=ada...@stifel.com> [root@SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep Subject Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S, CN=SNCFGSPWD01S/emailAddress=ada...@stifel.com<mailto:ada...@stifel.com> The OSA configuration portion of rhn.conf: # OSA configuration # server.jabber_server = SNCFGSPWD01S osa-dispatcher.jabber_server = SNCFGSPWD01S # set up SSL on the dispatcher osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT # system snapshots enabled enable_snapshots = 1 #cobbler host name cobbler.host = SNCFGSPWD01S And finally the contents of the up2date.conf: # Red Hat Update Agent config file. # Format: 1.0 debug[comment]=Whether or not debugging is enabled debug=0 systemIdPath[comment]=Location of system id systemIdPath=/etc/sysconfig/rhn/systemid serverURL[comment]=Remote server URL (use FQDN) serverURL=https://sncfgspwd01s/XMLRPC hostedWhitelist[comment]=RHN Hosted URL's hostedWhitelist= enableProxy[comment]=Use a HTTP Proxy enableProxy=0 versionOverride[comment]=Override the automatically determined system version versionOverride= httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128<http://squid.redhat.com:3128> httpProxy= noReboot[comment]=Disable the reboot actions noReboot=0 networkRetries[comment]=Number of attempts to make at network connections before giving up networkRetries=1 disallowConfChanges[comment]=Config options that can not be overwritten by a config update action disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;serverURL;disallowConfChanges; sslCACert[comment]=The CA cert used to verify the ssl server sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT # Akamai does not support http protocol, therefore setting this option as side effect disable "Location aware" function useNoSSLForPackages[comment]=Use HTTP for package, package list, and header fetching (disable Akamai) useNoSSLForPackages=0 retrieveOnly[comment]=Retrieve packages only retrieveOnly=0 skipNetwork[comment]=Skips network information in hardware profile sync during registration. skipNetwork=0 writeChangesToLog[comment]=Log to /var/log/up2date which packages has been added and removed writeChangesToLog=0 stagingContent[comment]=Retrieve content of future actions in advance stagingContent=1 stagingContentWindow[comment]=How much forward we should look for future actions. In hours. stagingContentWindow=24 Any help would be greatly appreciated! Thanks so much! -Nick <image001.png> [stifel-sig] This message, and any of its attachments, is for the intended recipient(s) only, and it may contain information that is privileged, confidential, and/or proprietary and subject to important terms and conditions available at http://www.stifel.com/disclosures/emaildisclaimers/. If you are not the intended recipient, please delete this message and immediately notify the sender. No confidentiality, privilege, or property rights are waived or lost by any errors in transmission. _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list Please consider the environment before printing this email. ********************************************************************* This communication may contain information which is confidential, personal and/or privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. If you have received it in error please contact the sender immediately by return e-mail. Please then delete the e-mail and any copies of it and do not use or disclose its contents to any person. Any personal views expressed in this e-mail are those of the individual sender and the company does not endorse or accept responsibility for them. Prior to taking any action based upon this e-mail message, you should seek appropriate confirmation of its authenticity. This message has been checked for viruses on behalf of the company. ********************************************************************* _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com<mailto:Spacewalk-list@redhat.com> https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list