Actually there is something I still don't understand. When I run geninitrd the new initial ramdisk does not contain /etc/resolve.conf but when the xCATCmd is being run via openssl and fails the resolve.conf exists but is wrong. reslove.conf that is being created by dracut does not reflect the one on xcat server or the one in statelite image. So question is at which point it is being created and how?
Best regards, W On 23 May 2013 10:58, Wojciech Turek <[email protected]> wrote: > Ok I solved this problem. I straced the openssl s_client commandline and > it turned out that it was trying to contact DNS but the data in the > /etc/rsolve.conf were incorrect. The source of the problem was that I have > imported that statelite profile from other xcat cluster and I forgot to > adjust resolve.conf file to reflect correct DNS address and search domains. > So after running geninitrd this incorrect data has gotten into the dracut > and were causing the problem. I am not sure though why openssl needs to > contact DNS at that stage since it is supplied with IP address of the xcat > server. > > Best regards > > On 23 May 2013 08:18, Xiao Peng Wang <[email protected]> wrote: > >> I assume the arch of your env is x86_64. >> >> Inside the statelite procedure, the following command is run to get the >> litefile entries, you could try it in the debug shell. If it also prompts >> same error message, it should be a ssl connection issue. Jarrod could help. >> >> echo "<xcatrequest>\n<command>litefile</command>\n</xcatrequest>" | >> LD_LIBRARY_PATH=/sysroot/lib64:/sysroot/usr/lib64 /sysroot/usr/bin/openssl >> s_client -quiet -connect 10.141.255.254:3001 -rand /bin/nice >> >> >> Thanks >> Best Regards >> ---------------------------------------------------------------------- >> Wang Xiaopeng (王晓朋) >> IBM China System Technology Laboratory >> Tel: 86-10-82453455 >> Email: [email protected] >> Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, >> Haidian District Beijing P.R.China 100193 >> >> [image: Inactive hide details for Wojciech Turek ---2013/05/23 >> 00:41:22---I should also probably mention that this is xCAT2.7 running >> o]Wojciech >> Turek ---2013/05/23 00:41:22---I should also probably mention that this is >> xCAT2.7 running on RHEL5 and the statelite image is with >> >> From: Wojciech Turek <[email protected]> >> To: xCAT Users Mailing list <[email protected]>, >> Date: 2013/05/23 00:41 >> Subject: Re: [xcat-user] Problem with openssl when fetching litetree in >> statelite >> ------------------------------ >> >> >> >> I should also probably mention that this is xCAT2.7 running on RHEL5 and >> the statelite image is with RHEL6 >> >> Best regards >> >> On 22 May 2013 17:20, Wojciech Turek <*[email protected]*<[email protected]>> >> wrote: >> >> My statelite image boot gets stuck at the statelite init script, so I >> enabled debugging mode and I can see that it can not fetch the litefile >> table, after 15 retries it drops to shell. I have tried to manually run >> the >> command line from teh script and it looks like the ssl communication is >> not >> working. Some help with this would me much appreciated. >> >> bash-4.1# /sysroot/usr/bin/openssl s_client -connect * >> 10.141.255.254:3001* <http://10.141.255.254:3001/> -ran> >> WARNING: can't open config file: /etc/pki/tls/openssl.cnf >> 0 semi-random bytes loaded >> CONNECTED(00000003) >> 140061100427080:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >> failure:s23_lib.c:184: >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 0 bytes and written 112 bytes >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> --- >> >> -- >> -- >> Wojciech Turek >> >> Assistant System Manager >> >> High Performance Computing Service >> >> >> >> >> -- >> -- >> Wojciech Turek >> >> Assistant System Manager >> >> >> >
<<graycol.gif>>
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
