Is the certificate a wildcard ? /Alex
From: "Daryl Rose" <darylr...@outlook.com> To: spacewalk-list@redhat.com Sent: Tuesday, March 13, 2018 8:30:26 PM Subject: Re: [Spacewalk-list] osa-dispatcher fails to start Alex, I just realized that I had more errors to look at. I didn't check the error log prior to my last update. 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.check_cert('Loading cert', <X509Name object '/C=US/ST=VA/L=Herndon/O=Network Solutions L.L.C./CN=Network Solutions OV Server CA 2'>) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: rhnSQL/driver_postgresql.convert_named_query_params('Converting query for PostgreSQL: \n select id, password\n from rhnPushDispatcher\n where jabber_id like :jabber_id\n ',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: rhnSQL/driver_postgresql.convert_named_query_params('New query: \n select id, password\n from rhnPushDispatcher\n where jabber_id like %(jabber_id)s\n ',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: rhnSQL/driver_postgresql._execute_wrapper('Executing SQL: "\n select id, password\n from rhnPushDispatcher\n where jabber_id like %(jabber_id)s\n " with bind params: {jabber_id: rhn-dispatcher-sat%}',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.setup_connection('Connecting to', '<FQDN SW SERVER>') 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib._get_jabber_client 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib._get_jabber_client('Connecting to', '<FQDN SW SERVER>') 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.__init__ 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.__init__ 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.check_cert('Loading cert', <X509Name object '/C=US/ST=VA/L=Herndon/O=Network Solutions L.L.C./CN=Network Solutions OV Server CA 2'>) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('Attempting to connect',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.process(300,) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.process('before select(); timeout', 299.99999904632568) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.process('select() returned',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib._auth_dispatch(<jabber.xmlstream.Node instance at 0x24bf950>,) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('Connected',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('Expecting features stanza, got:', <features><address xmlns = 'http://affinix.com/jabber/address' >::ffff:</address><auth xmlns = 'http://jabber.org/features/iq-auth' /><register xmlns = 'http://jabber.org/features/iq-register' /><starttls xmlns = 'urn:ietf:params:xml:ns:xmpp-tls' ><required /></starttls></features>) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('starttls node', <jabber.xmlstream.Node instance at 0x25389e0>) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.process(None,) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.process('before select(); timeout', None) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.process('select() returned',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib._auth_dispatch(<jabber.xmlstream.Node instance at 0x2538b90>,) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('Expecting proceed stanza, got:', <proceed />) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('Preparing for TLS handshake',) 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Traceback caught:') 2018/03/13 14:24:59 -05:00 8164 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:') Anything here that might be a clue as to what is going on? Thanks Daryl From: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> on behalf of Daryl Rose <darylr...@outlook.com> Sent: Tuesday, March 13, 2018 1:51 PM To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] osa-dispatcher fails to start Alex, Sorry, can't/won't post /etc/hosts and /etc/sysconfig/network. Trust me when I say that he server name is fully qualified. Nothing in that regard has changed. My suspicion was and still is that it's the cert. Looking back on this, I realize that I should have kept the self-signed certs in place, but for some reason I had to use a signed cert. I used a doc that I found on Oracle explaining how to replace the self-signed certs with a CA signed cert. The cert expired in January. I posted a question asking if I have to re-register all of our clients with a new, updated cert. I was told no, that all I had to do was update the certificate for the WUI portion of SW. However, I see that the jabber certificate, server.pem, did expire in January. I replaced the server.pem cert with the one that was generated when I updated the cert earlier this year. I just now verified it against /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT and it came back okay. openssl verify -CAfile /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/spacewalk/jabberd/server.pem /etc/pki/spacewalk/jabberd/server.pem: OK However, I still get the same error when starting the osa-dispatcher. - -> <?xml version='1.0' encoding='UTF-8'?><stream:stream to='<FQDN SW SERVER>' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'> <-- <features><address xmlns = 'http://affinix.com/jabber/address' >::ffff:<IP></address><auth xmlns = 'http://jabber.org/features/iq-auth' /><register xmlns = 'http://jabber.org/features/iq-register' /><starttls xmlns = 'urn:ietf:params:xml:ns:xmpp-tls' ><required /></starttls></features> <-- <proceed /> Spacewalk 6928 2018/03/13 13:41:37 -05:00: ('Traceback caught:',) Spacewalk 6928 2018/03/13 13:41:37 -05:00: ('Error caught:',) ERROR: unhandled exception occurred: (can't write str to text stream). One question that I have, is what are these URL's? http://affinix.com/jabber/address http://jabber.org/features/iq-register I'm not knowledgeable in python, but it looks to me as if its registering with an external url and is using tls. First of, why is jabber registering with an external url? And, if it is, is it possible that the ca-certificates are out of date and need to be updated? Thanks Daryl From: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> on behalf of Alexandru Raceanu <a...@capeno.com> Sent: Tuesday, March 13, 2018 12:18 PM To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] osa-dispatcher fails to start Can you post the /etc/hosts and /etc/sysconfig/network ? if not... check this one: https://access.redhat.com/solutions/327903 /Alex From: "Daryl Rose" <darylr...@outlook.com> To: spacewalk-list@redhat.com Sent: Tuesday, March 13, 2018 4:22:41 PM Subject: Re: [Spacewalk-list] osa-dispatcher fails to start Yes, really, that was all. Here is the output from the very verbose osa-dispatcher start: /usr/sbin/osa-dispatcher -N -v -v -v -v -v -v -v --> <?xml version='1.0' encoding='UTF-8'?><stream:stream to='<FQDN SW SERVER>' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'> <-- <features><address xmlns = 'http://affinix.com/jabber/address' >::ffff:10.255.0.6</address><auth xmlns = 'http://jabber.org/features/iq-auth' /><register xmlns = 'http://jabber.org/features/iq-register' /><starttls xmlns = 'urn:ietf:params:xml:ns:xmpp-tls' ><required /></starttls></features> <-- <proceed /> Spacewalk 653 2018/03/13 10:18:35 -05:00: ('Traceback caught:',) Spacewalk 653 2018/03/13 10:18:35 -05:00: ('Error caught:',) ERROR: unhandled exception occurred: (can't write str to text stream). Thank you Daryl From: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> on behalf of Paschedag, Robert <paschedag.netlut...@swr.de> Sent: Tuesday, March 13, 2018 8:47 AM To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] osa-dispatcher fails to start Is that really all?? With this information only, it is impossible to help. You can try to run osa-dispatcher manually Stop it /etc/init.d/osa-dispatcher stop Run it manually /usr/sbin/osa-dispatcher -N -v -v -v -v -v -v -v and post errors you get. Robert Von: spacewalk-list-boun...@redhat.com <spacewalk-list-boun...@redhat.com> Im Auftrag von Daryl Rose Gesendet: Dienstag, 13. März 2018 14:14 An: spacewalk-list@redhat.com Betreff: Re: [Spacewalk-list] osa-dispatcher fails to start Here are the requested entries. 2018/03/13 08:11:08 -05:00 45604 0.0.0.0: osad/jabber_lib.__init__ 2018/03/13 08:11:08 -05:00 45604 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Traceback caught:') 2018/03/13 08:11:08 -05:00 45604 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error caught:') Thank you. Daryl From: spacewalk-list-boun...@redhat.com < spacewalk-list-boun...@redhat.com > on behalf of Alexandru Raceanu < a...@capeno.com > Sent: Monday, March 12, 2018 12:52 PM To: spacewalk-list@redhat.com Subject: Re: [Spacewalk-list] osa-dispatcher fails to start Can you provide the entries after a "/etc/init.d/osa-dispatcher restart" from /var/log/rhn/osa-dispatcher.log ? /Alex From: "Daryl Rose" < darylr...@outlook.com > To: spacewalk-list@redhat.com Sent: Monday, March 12, 2018 4:28:18 PM Subject: Re: [Spacewalk-list] osa-dispatcher fails to start I'm sorry, I just realized that I should have provided more information. 1. This is a RHEL 6.8 server 2. SW v2.6. Also, we use a signed cert and the certificate expired January. I inquired on this list and I was told that I only needed to update the cert for the website portion of the cert that they cert used to communicate between the systems did not need to be changed. I'm guessing its a cert issue from some of the research that I did, but I'm not sure what I should update, or if I really need to. Thanks Daryl From: spacewalk-list-boun...@redhat.com < spacewalk-list-boun...@redhat.com > on behalf of Daryl Rose < darylr...@outlook.com > Sent: Monday, March 12, 2018 10:19 AM To: spacewalk-list@redhat.com Subject: [Spacewalk-list] osa-dispatcher fails to start osa-dispatcher is down and won't start. I get the following error when trying to start it: Starting osa-dispatcher: Spacewalk 43238 2018/03/12 10:17:13 -05:00: ('Traceback caught:',) Spacewalk 43238 2018/03/12 10:17:13 -05:00: ('Error caught:',) ERROR: unhandled exception occurred: (can't write str to text stream). [FAILED] Any suggestions? Thanks Daryl _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list _______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list
_______________________________________________ Spacewalk-list mailing list Spacewalk-list@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-list