Does it have "; generated by /sbin/dhclient-script" at the top.
Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Wojciech Turek <[email protected]> To: xCAT Users Mailing list <[email protected]> Date: 05/23/2013 08:07 AM Subject: Re: [xcat-user] Problem with openssl when fetching litetree in statelite Actually there is something I still don't understand. When I run geninitrd the new initial ramdisk does not contain /etc/resolve.conf but when the xCATCmd is being run via openssl and fails the resolve.conf exists but is wrong. reslove.conf that is being created by dracut does not reflect the one on xcat server or the one in statelite image. So question is at which point it is being created and how? Best regards, W On 23 May 2013 10:58, Wojciech Turek <[email protected]> wrote: Ok I solved this problem. I straced the openssl s_client commandline and it turned out that it was trying to contact DNS but the data in the /etc/rsolve.conf were incorrect. The source of the problem was that I have imported that statelite profile from other xcat cluster and I forgot to adjust resolve.conf file to reflect correct DNS address and search domains. So after running geninitrd this incorrect data has gotten into the dracut and were causing the problem. I am not sure though why openssl needs to contact DNS at that stage since it is supplied with IP address of the xcat server. Best regards On 23 May 2013 08:18, Xiao Peng Wang <[email protected]> wrote: I assume the arch of your env is x86_64. Inside the statelite procedure, the following command is run to get the litefile entries, you could try it in the debug shell. If it also prompts same error message, it should be a ssl connection issue. Jarrod could help. echo "<xcatrequest>\n<command>litefile</command>\n</xcatrequest>" | LD_LIBRARY_PATH=/sysroot/lib64:/sysroot/usr/lib64 /sysroot/usr/bin/openssl s_client -quiet -connect 10.141.255.254:3001 -rand /bin/nice Thanks Best Regards ---------------------------------------------------------------------- Wang Xiaopeng (王晓朋) IBM China System Technology Laboratory Tel: 86-10-82453455 Email: [email protected] Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193 Inactive hide details for Wojciech Turek ---2013/05/23 00:41:22---I should also probably mention that this is xCAT2.7 running oWojciech Turek ---2013/05/23 00:41:22---I should also probably mention that this is xCAT2.7 running on RHEL5 and the statelite image is with From: Wojciech Turek <[email protected]> To: xCAT Users Mailing list <[email protected]>, Date: 2013/05/23 00:41 Subject: Re: [xcat-user] Problem with openssl when fetching litetree in statelite I should also probably mention that this is xCAT2.7 running on RHEL5 and the statelite image is with RHEL6 Best regards On 22 May 2013 17:20, Wojciech Turek <[email protected]> wrote: My statelite image boot gets stuck at the statelite init script, so I enabled debugging mode and I can see that it can not fetch the litefile table, after 15 retries it drops to shell. I have tried to manually run the command line from teh script and it looks like the ssl communication is not working. Some help with this would me much appreciated. bash-4.1# /sysroot/usr/bin/openssl s_client -connect 10.141.255.254:3001 -ran> WARNING: can't open config file: /etc/pki/tls/openssl.cnf 0 semi-random bytes loaded CONNECTED(00000003) 140061100427080:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 112 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- -- -- Wojciech Turek Assistant System Manager High Performance Computing Service -- -- Wojciech Turek Assistant System Manager ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
<<inline: graycol.gif>>
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
