Ok I solved this problem. I straced the openssl s_client commandline and it turned out that it was trying to contact DNS but the data in the /etc/rsolve.conf were incorrect. The source of the problem was that I have imported that statelite profile from other xcat cluster and I forgot to adjust resolve.conf file to reflect correct DNS address and search domains. So after running geninitrd this incorrect data has gotten into the dracut and were causing the problem. I am not sure though why openssl needs to contact DNS at that stage since it is supplied with IP address of the xcat server.
Best regards On 23 May 2013 08:18, Xiao Peng Wang <[email protected]> wrote: > I assume the arch of your env is x86_64. > > Inside the statelite procedure, the following command is run to get the > litefile entries, you could try it in the debug shell. If it also prompts > same error message, it should be a ssl connection issue. Jarrod could help. > > echo "<xcatrequest>\n<command>litefile</command>\n</xcatrequest>" | > LD_LIBRARY_PATH=/sysroot/lib64:/sysroot/usr/lib64 /sysroot/usr/bin/openssl > s_client -quiet -connect 10.141.255.254:3001 -rand /bin/nice > > > Thanks > Best Regards > ---------------------------------------------------------------------- > Wang Xiaopeng (王晓朋) > IBM China System Technology Laboratory > Tel: 86-10-82453455 > Email: [email protected] > Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, > Haidian District Beijing P.R.China 100193 > > [image: Inactive hide details for Wojciech Turek ---2013/05/23 > 00:41:22---I should also probably mention that this is xCAT2.7 running > o]Wojciech > Turek ---2013/05/23 00:41:22---I should also probably mention that this is > xCAT2.7 running on RHEL5 and the statelite image is with > > From: Wojciech Turek <[email protected]> > To: xCAT Users Mailing list <[email protected]>, > Date: 2013/05/23 00:41 > Subject: Re: [xcat-user] Problem with openssl when fetching litetree in > statelite > ------------------------------ > > > > I should also probably mention that this is xCAT2.7 running on RHEL5 and > the statelite image is with RHEL6 > > Best regards > > On 22 May 2013 17:20, Wojciech Turek <*[email protected]*<[email protected]>> > wrote: > > My statelite image boot gets stuck at the statelite init script, so I > enabled debugging mode and I can see that it can not fetch the litefile > table, after 15 retries it drops to shell. I have tried to manually run the > command line from teh script and it looks like the ssl communication is not > working. Some help with this would me much appreciated. > > bash-4.1# /sysroot/usr/bin/openssl s_client -connect * > 10.141.255.254:3001* <http://10.141.255.254:3001/> -ran> > WARNING: can't open config file: /etc/pki/tls/openssl.cnf > 0 semi-random bytes loaded > CONNECTED(00000003) > 140061100427080:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:184: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 112 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- > > -- > -- > Wojciech Turek > > Assistant System Manager > > High Performance Computing Service > > > > > -- > -- > Wojciech Turek > > Assistant System Manager > > >
<<graycol.gif>>
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
