clonezilla. On Fri, Jan 22, 2010 at 11:01 AM, Eric Varsanyi <[email protected]> wrote:
> The procedure below does indeed cover it (even w/o the rm's), my problem > was that while I changed the hostname in /etc/hosts I had left the host > there pointing at the old host. Since the resolver on this box is set up to > use /etc/hosts first before going to DNS the wrong IP came back when you > tried to connect to the host using its hostname (internally). Sipxsupervisor > was trying to validate the certificates using the RPC server on the other > (still running) box. Hilarity ensued. > > I realized what was going on by running strace on sipxsupervisor as it > started and noting that it established a connection off the box. > > FWIW the docs here: > http://sipx-wiki.calivia.com/index.php/Notes_on_SSL_Keys_and_Keystores_used_by_sipxare > useful and interesting but actively misleading (wrong) for 4.1; for > example the authorities.jks file is not generated nor installed by the cert > scripts mentioned. > > In case someone is googling around here's a rough outline of how to clone a > working Fedora (12) system (useful if there's no ISO to install from) then > clear it out so it can be used on a new IP. I have a side project to figure > out how to update the config database so you don't have to clear it out but > that's not fully working for me yet (it seems OK to export the whole > sipxconfig database to text with dumpdb, edit the results changing the ips > and hostnames, then after initializing everything re-import it, but I > suspect I've still missed something and need to test a bit more). > > 1) clone the filesystems to the new box (I used a live CD boot then > manually fdisked and mkfs'ed the root and boot, then used 'tar' to copy the > working system over the net) > - fdisk /dev/sda , create a boot and root (and swap if needed) > - mke2fs -L/boot /dev/sda1 > - mke2fs -L/ /dev/sda3 > - mkswap -L swap /dev/sda2 > - mkdir /zz; mount /dev/sda3 /zz; mkdir /zz/boot; mount /dev/sda1 > /zz/boot > - cd /zz; ssh r...@source 'cd /; tar --one-file-system -c -f - boot > .' | tar -xvpf - > 2) install boot blocks and remake the boot initrd > - cp -rp /dev /zz/dev > - chroot /zz > - mount /proc > - grub-install > - vi /etc/fstab, change it so root and boot are mounted via LABEL= > - mkinitrd -f /boot/initram... ... > - update /etc/hosts (both the hostname and IP! :) ) > - update /etc/sysconfig/network-scripts/ifcfg-eth0 > - update /etc/sysconfig/network > - update /etc/resolv.conf > - rm /etc/udev/rules.d/70-persistent* > - chkconfig sipxecs off > - exit, unmount everything, sync, reboot > 3) log in as the sipxecs user and do the traditional clear/setup > - sipxconfig.sh --database drop > - sipxconfig.sh --first-run > - rm -rf XXX/etc/sipxpbx/ssl/* (paranoia, probably not needed) > - sipxecs-setup > - sudo chkconfig sipxecs on > - sudo service sipxecs start > > -Eric > > On Jan 21, 2010, at 5:46 PM, Eric Varsanyi wrote: > > > I have an installed system that was working fine (EDE 'designer' setup, > recent SVN checkout (see below) with some changes to work on FC12. I cloned > this system to another box to do some further testing, I tried to completely > clear it out and start over (reusing just the installed code, nothing from > the configuration) and set it back up again from scratch. > > > > To clear things out and reset I did: > > (change networking setup, reboot) > > sipxconfig.sh --database drop > > rm -rf $INSTALL/etc/sipxpbx/ssl/* > > rm -rf $INSTALL/var/sipxdata/certdb/* > > rm `grep -R -l $INSTALL/etc/sipxecs pbxdev12` [pbxdev12 was the > OLD machine name] > > rm `grep -R -l $INSTALL/var/sipxdata pbxdev12` > > sipxconfig.sh --database create > > sipxconfig.sh --first-run > > sipxecs-setup > > sstart > > > > hostname -f reports the correct hostname and /etc/hosts is set up without > any real hostname on either flavor of localhost (ipv4 or ipv6). > > > > This keeps failing with an SSL certificate check error while trying to > distribute the config files from sipxconfig to the local machine as shown > below. Full log also included in case there is some other hint. > > > > I realize that I must be missing clearing out something related to the > SSL certificates used internally to distribute config files, can anyone give > a clue what I might have missed? Is there some script/utility that 'zeroes' > out a system to just installed state (if I were using RPM's would an > remove/install of the sipxecs RPMS fully clear things? if so I'll look at > what the pre/post scripts do in them)? > > > > Thanks for any tips, > > -Eric Varsanyi > > > > "2010-01-21T23:15:30.884000Z":3:JAVA:INFO:pbx.foo21.com:main:00000000:FirstRunTask:"Executing > first run tasks..." > > "2010-01-21T23:15:30.888000Z":4:JAVA:INFO:pbx.foo21.com:main:00000000:DomainManagerImpl:"Attempting > to load initial domain-config from > /home/sipxchange/sip1/INSTALL/etc/sipxpbx):" > > "2010-01-21T23:15:32.510000Z":5:JAVA:INFO:pbx.foo21.com:background:00000000:SipxReplicationContextImpl:"Start > replication: File replication: domain-config" > > "2010-01-21T23:15:32.968000Z":6:JAVA:INFO:pbx.foo21.com:background:00000000:XmlRpcClientInterceptor:"XML/RPC > File.replace with [pbx.foo21.com, /home/sipxchange/sip1/..., 420, > U0lQX0RPTUFJTl9OQU1FID...] on https://pbx.foo21.com:8092/RPC2"; > > "2010-01-21T23:15:34.008000Z":7:JAVA:ERR:pbx.foo21.com:background:00000000:XmlRpcClientInterceptor:"Exception > in XML/RPC call" > > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1627) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:204) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:198) > > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994) > > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142) > > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533) > > at sun.security.ssl.Handshaker.process_record(Handshaker.java:471) > > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904) > > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132) > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1159) > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1143) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > > at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:858) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) > > at > org.apache.xmlrpc.DefaultXmlRpcTransport.sendXmlRpc(DefaultXmlRpcTransport.java:83) > > at > org.apache.xmlrpc.XmlRpcClientWorker.execute(XmlRpcClientWorker.java:71) > > at org.apache.xmlrpc.XmlRpcClient.execute(XmlRpcClient.java:193) > > at org.apache.xmlrpc.XmlRpcClient.execute(XmlRpcClient.java:184) > > at > org.sipfoundry.sipxconfig.xmlrpc.XmlRpcClientInterceptor$1.call(XmlRpcClientInterceptor.java:118) > > at > java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) > > at java.util.concurrent.FutureTask.run(FutureTask.java:166) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) > > at java.lang.Thread.run(Thread.java:636) > > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:302) > > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:205) > > at sun.security.validator.Validator.validate(Validator.java:235) > > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147) > > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230) > > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270) > > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973) > > ... 21 more > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:191) > > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255) > > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:297) > > ... 27 more > > "2010-01-21T23:15:34.024000Z":8:JAVA:ERR:pbx.foo21.com:background:00000000:ReplicationManagerImpl:"File > replication failed: domain-config" > > .. (many more like it) > > > > ---- > > > > URL: http://sipxecs.sipfoundry.org/rep/sipXecs/main > > Repository Root: http://sipxecs.sipfoundry.org/rep/sipXecs > > Repository UUID: ab1d8caa-1f67-47f1-9e81-24633a41865c > > Revision: 17748 > > Node Kind: directory > > Schedule: normal > > Last Changed Author: fowlerp > > Last Changed Rev: 17748 > > Last Changed Date: 2010-01-20 12:35:02 -0600 (Wed, 20 Jan 2010) > > > > ---- > > > > <sipxconfig.log.gz>_______________________________________________ > > sipx-users mailing list [email protected] > > List Archive: http://list.sipfoundry.org/archive/sipx-users > > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > > sipXecs IP PBX -- http://www.sipfoundry.org/ > > _______________________________________________ > sipx-users mailing list [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users > sipXecs IP PBX -- http://www.sipfoundry.org/ > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
