Re: [xcat-user] xCAT start_SSL Bug?
In that defect there is also a post for Centos 6.4 from Vadim I have the exact same issue on CentOS 6.4 with the fresh install of 2.8.2 using the latest xcat-dep package for Linux Please check what they did and see if it helps you. Resolved by setting local xcat-dep repo to point to xcat-dep/rh6/x86_64 instead of just to xcat-dep Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net, Date: 01/24/2014 04:49 PM Subject:[xcat-user] xCAT start_SSL Bug? Now that I've installed my Service Node there is an issue querying the Management Node's database because of an SSL related error. If I turn on XCATBYPASS=1 however for testing it grabs the database information with 'tabdump' from the MN fine (which I imagine must turn off SSL else it would encounter the same error). The error that I am seeing is the same as reported in this xCAT Bug Report: http://sourceforge.net/p/xcat/bugs/3874/. # lsxcatd -d Can't locate object method start_SSL via package IO::Socket::SSL at /opt/xcat/lib/perl/xCAT/Client.pm line 222. That bug report was for AIX but it looks like the fix was for perl-NET-SSLeay to be rebuilt: Xiao Peng updated the problem rpm on dave's mgmt node to Net-SSLeay-1.55-3, which was built with newer source code and on aix 71L. I have Centos 6.4: # uname -a Linux xcat-serv1 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux However, the perl-NET-SSLeay package does not seem to be present in xcat-dep for xCAT 2.8.3. I have a version of it already installed but it came from the Centos repo: perl-Net-SSLeay.x86_64 1.35-9.el6 installed The only perl files I see in xcat/xcat-dep/rh6/x86_64 are: perl-AppConfig-1.52-4.noarch.rpm perl-Crypt-CBC-2.29-3.el6.noarch.rpm perl-Crypt-Rijndael-1.09-2.el6.x86_64.rpm perl-Expect-1.21-1.noarch.rpm perl-IO-Stty-0.03-1.noarch.rpm perl-IO-Tty-1.07-1.x86_64.rpm perl-JSON-2.50-1.el6.rfx.noarch.rpm perl-SOAP-Lite-0.710.08-1.noarch.rpm perl-XML-Simple-2.18-1.noarch.rpm Is it the version of perl-NET-SSLeay? Thanks, Josh -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user inline: graycol.gif-- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
Re: [xcat-user] xCAT start_SSL Bug?
Actually there is a disparity between the MN and SN OS type/version. First of all the MN is RedHat, and my service nodes will be Centos. That's shouldn't be a large problem. However the real difference is that the MN is running Red Hat Enterprise Linux Server release 5.9 (Tikanga) right now. I need the SN up to serve DNS and DHCP while I take the MN down to update it to RHEL 6.X. Would the versioning difference cause a problem? The OS repo for the SN is of course only pulling from the Centos 6.4 RPMs. Currently the MN has these package versions: # rpm -qa | grep -i ssl | sort gskssl64-8.0-14.14 openssl-0.9.8e-20.el5 openssl-0.9.8e-20.el5 openssl-0.9.8e-20.el5_7.1 openssl-0.9.8e-20.el5_7.1 openssl-0.9.8e-22.el5 openssl-0.9.8e-22.el5 openssl-0.9.8e-22.el5_8.1 openssl-0.9.8e-22.el5_8.1 openssl-0.9.8e-22.el5_8.3 openssl-0.9.8e-22.el5_8.3 openssl-0.9.8e-22.el5_8.4 openssl-0.9.8e-22.el5_8.4 openssl-devel-0.9.8e-22.el5_8.4 openssl-devel-0.9.8e-22.el5_8.4 perl-Crypt-SSLeay-0.51-11.el5 perl-IO-Socket-SSL-1.01-1.fc6 perl-Net-SSLeay-1.30-4.fc6 pyOpenSSL-0.6-2.el5 And the SN: # rpm -qa | grep -i ssl | sort openssl098e-0.9.8e-17.el6.centos.2.x86_64 openssl-1.0.0-27.el6.x86_64 perl-Crypt-SSLeay-0.57-16.el6.x86_64 perl-IO-Socket-SSL-1.77-1.x86_64 perl-Net-SSLeay-1.35-9.el6.x86_64 -Josh On Mon, Jan 27, 2014 at 10:34 AM, Lissa Valletta lis...@us.ibm.com wrote: Running in XCATBYPASS mode only stops you from using the daemon which stops the SSL Credential use, which is why you do not get errors in XCATBYPASS. Is you MN Centos 6.4?I would run rpm -qa | grep -i ssl and see what perl ssl rpms are installed. Do the same on the SErvice node. My service node has these for Redhat. openssl098e-0.9.8e-17.el6_2.2.ppc64 perl-Net-SSLeay-1.35-9.el6.ppc64 openssl-1.0.0-20.el6_2.5.ppc64 openssl098e-0.9.8e-17.el6_2.2.ppc perl-IO-Socket-SSL-1.31-2.el6.noarch perl-Crypt-SSLeay-0.57-16.el6.ppc64 Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 [image: Inactive hide details for Josh Nielsen ---01/27/2014 10:36:13 AM---Yes, I read that on the bug report but mine is already set t]Josh Nielsen ---01/27/2014 10:36:13 AM---Yes, I read that on the bug report but mine is already set to that, and that is only useful if the r From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net, Date: 01/27/2014 10:36 AM Subject: Re: [xcat-user] xCAT start_SSL Bug? -- Yes, I read that on the bug report but mine is already set to that, and that is only useful if the repo has the files needed. If it is perl-NET-SSLeay then even pointing it to xcat-dep/rh6/x86_64 won't help since it isn't present. Here are my yum repos: /etc/yum.repos.d/xCAT-otherpkgs0.repo: [xcat-otherpkgs0] name=xcat-otherpkgs0 baseurl=*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/ . enabled=1 gpgcheck=0 /etc/yum.repos.d/xCAT-otherpkgs1.repo: [xcat-otherpkgs1] name=xcat-otherpkgs1 baseurl= *http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-core*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-core enabled=1 gpgcheck=0 /etc/yum.repos.d/xCAT-otherpkgs2.repo: [xcat-otherpkgs2] name=xcat-otherpkgs2 baseurl= *http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-dep/rh6/x86_64*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-dep/rh6/x86_64 enabled=1 gpgcheck=0 I decided to remove the xCAT-otherpkgs0.repo, just in case it was interfering, then uninstall all xCAT packages, and reinstall them but it still has the same problem after all that. Here were the yum packages grabbed for the install: Dependencies Resolved PackageArch Version Repository Size Installing: conserver-xcat x86_64 8.1.16-10 xcat-otherpkgs2 218 k cpio x86_64 2.11-20 xcat-otherpkgs2 252 k elilo-xcat noarch 3.14-4xcat-otherpkgs2 75 k ipmitool-xcat x86_64 1.8.11-3 xcat-otherpkgs2 244
Re: [xcat-user] xCAT start_SSL Bug?
Also, as far as I can tell, all the correct SSL certs are present and I can ssh directly into the SN without providing login credentials. I don't see any SSL related errors in the system logs either. What is the basic issue that causes the error? An incorrect perl library? On Mon, Jan 27, 2014 at 11:07 AM, Josh Nielsen jniel...@hudsonalpha.orgwrote: Actually there is a disparity between the MN and SN OS type/version. First of all the MN is RedHat, and my service nodes will be Centos. That's shouldn't be a large problem. However the real difference is that the MN is running Red Hat Enterprise Linux Server release 5.9 (Tikanga) right now. I need the SN up to serve DNS and DHCP while I take the MN down to update it to RHEL 6.X. Would the versioning difference cause a problem? The OS repo for the SN is of course only pulling from the Centos 6.4 RPMs. Currently the MN has these package versions: # rpm -qa | grep -i ssl | sort gskssl64-8.0-14.14 openssl-0.9.8e-20.el5 openssl-0.9.8e-20.el5 openssl-0.9.8e-20.el5_7.1 openssl-0.9.8e-20.el5_7.1 openssl-0.9.8e-22.el5 openssl-0.9.8e-22.el5 openssl-0.9.8e-22.el5_8.1 openssl-0.9.8e-22.el5_8.1 openssl-0.9.8e-22.el5_8.3 openssl-0.9.8e-22.el5_8.3 openssl-0.9.8e-22.el5_8.4 openssl-0.9.8e-22.el5_8.4 openssl-devel-0.9.8e-22.el5_8.4 openssl-devel-0.9.8e-22.el5_8.4 perl-Crypt-SSLeay-0.51-11.el5 perl-IO-Socket-SSL-1.01-1.fc6 perl-Net-SSLeay-1.30-4.fc6 pyOpenSSL-0.6-2.el5 And the SN: # rpm -qa | grep -i ssl | sort openssl098e-0.9.8e-17.el6.centos.2.x86_64 openssl-1.0.0-27.el6.x86_64 perl-Crypt-SSLeay-0.57-16.el6.x86_64 perl-IO-Socket-SSL-1.77-1.x86_64 perl-Net-SSLeay-1.35-9.el6.x86_64 -Josh On Mon, Jan 27, 2014 at 10:34 AM, Lissa Valletta lis...@us.ibm.comwrote: Running in XCATBYPASS mode only stops you from using the daemon which stops the SSL Credential use, which is why you do not get errors in XCATBYPASS. Is you MN Centos 6.4?I would run rpm -qa | grep -i ssl and see what perl ssl rpms are installed. Do the same on the SErvice node. My service node has these for Redhat. openssl098e-0.9.8e-17.el6_2.2.ppc64 perl-Net-SSLeay-1.35-9.el6.ppc64 openssl-1.0.0-20.el6_2.5.ppc64 openssl098e-0.9.8e-17.el6_2.2.ppc perl-IO-Socket-SSL-1.31-2.el6.noarch perl-Crypt-SSLeay-0.57-16.el6.ppc64 Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 [image: Inactive hide details for Josh Nielsen ---01/27/2014 10:36:13 AM---Yes, I read that on the bug report but mine is already set t]Josh Nielsen ---01/27/2014 10:36:13 AM---Yes, I read that on the bug report but mine is already set to that, and that is only useful if the r From: Josh Nielsen jniel...@hudsonalpha.org To: xCAT Users Mailing list xcat-user@lists.sourceforge.net, Date: 01/27/2014 10:36 AM Subject: Re: [xcat-user] xCAT start_SSL Bug? -- Yes, I read that on the bug report but mine is already set to that, and that is only useful if the repo has the files needed. If it is perl-NET-SSLeay then even pointing it to xcat-dep/rh6/x86_64 won't help since it isn't present. Here are my yum repos: /etc/yum.repos.d/xCAT-otherpkgs0.repo: [xcat-otherpkgs0] name=xcat-otherpkgs0 baseurl=*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/ . enabled=1 gpgcheck=0 /etc/yum.repos.d/xCAT-otherpkgs1.repo: [xcat-otherpkgs1] name=xcat-otherpkgs1 baseurl= *http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-core*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-core enabled=1 gpgcheck=0 /etc/yum.repos.d/xCAT-otherpkgs2.repo: [xcat-otherpkgs2] name=xcat-otherpkgs2 baseurl= *http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-dep/rh6/x86_64*http://10.20.0.1/install/post/otherpkgs/centos6.4/x86_64/xcat/xcat-dep/rh6/x86_64 enabled=1 gpgcheck=0 I decided to remove the xCAT-otherpkgs0.repo, just in case it was interfering, then uninstall all xCAT packages, and reinstall them but it still has the same problem after all that. Here were the yum packages grabbed for the install: Dependencies Resolved PackageArch Version Repository Size Installing: conserver-xcat x86_64 8.1.16-10 xcat-otherpkgs2 218 k cpio x86_64 2.11-20