Thanks Vipul for the quick reply! I’ve updated the hostname to be an fqdn that
is resolvable via DNS, though the same error still persists.
Please see the following changes:
[root@SNCFGSPWD01S ~]# cat /etc/hostname
SNCFGSPWD01S.stifelnet.stifel.local
Osa-dispatcher.log:
2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.__init__
2017/12/22 10:06:36 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did
not return a <features /> stanza, reconnecting',)
2017/12/22 10:06:37 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did
not return a <features /> stanza, reconnecting',)
2017/12/22 10:06:38 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('Server did
not return a <features /> stanza, reconnecting',)
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.connect('ERROR', 'Not
able to reconnect - See https://access.redhat.com/solutions/45332 for possible
solutions.\n')
2017/12/22 10:06:39 -05:00 6374 0.0.0.0:
osad/jabber_lib.print_message('SSLError',)
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.print_message('Could
not connect to jabber server', 'SNCFGSPWD01S.stifelnet.stifel.local')
2017/12/22 10:06:39 -05:00 6374 0.0.0.0: osad/jabber_lib.main('ERROR', 'Error
caught:')
rhn.conf:
# OSA configuration #
server.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local
osa-dispatcher.jabber_server = SNCFGSPWD01S.stifelnet.stifel.local
# set up SSL on the dispatcher
osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
# system snapshots enabled
enable_snapshots = 1
#cobbler host name
cobbler.host = SNCFGSPWD01S.stifelnet.stifel.local
SSL subjects:
[root@SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep
Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local,
CN=SNCFGSPWD01S.stifelnet.stifel.local/[email protected]
[root@SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf
| cut -f 2 -d' ') | grep Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S.stifelnet.stifel.local,
CN=SNCFGSPWD01S.stifelnet.stifel.local/[email protected]
Jabber configs:
[root@SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
/etc/jabberd/c2s.xml: <id require-starttls="false"
pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm=""
register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S.stifelnet.stifel.local</id>
[root@SNCFGSPWD01S ~]# grep require-starttls /etc/jabberd/c2s.xml | grep pemfile
<id require-starttls="false"
pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm=""
register-enable="true">SNCFGSPWD01S.stifelnet.stifel.local</id>
Thanks!
[new_sig]
[stifel-sig]
From: [email protected]
[mailto:[email protected]] On Behalf Of Vipul Sharma (DevOps)
Sent: Friday, December 22, 2017 9:56 AM
To: [email protected]
Subject: Re: [Spacewalk-list] osa-dispatcher fails to start with null ssl error
Some pointers -
* Your hostname should match your FQDN -
* Compare your SSL certs between /var/jabberd/server.pem &
/etc/pki/spacewalk/server.pem - They should be same.
* CN & OU should be your FQDN in your .crt & .pem files.
Thanks
Vipul
On Fri, Dec 22, 2017 at 8:29 PM, Adams, Nick
<[email protected]<mailto:[email protected]>> wrote:
All,
I have ran into what I hope is a simple misconfiguration during setup. I am
unable to start the osa-dispatcher service:
[root@SNCFGSPWD01S ~]# spacewalk-service restart
Shutting down spacewalk services...
Redirecting to /bin/systemctl stop taskomatic.service
Stopping cobblerd (via systemctl): [ OK ]
Redirecting to /bin/systemctl stop rhn-search.service
Redirecting to /bin/systemctl stop osa-dispatcher.service
Redirecting to /bin/systemctl stop httpd.service
Redirecting to /bin/systemctl stop tomcat.service
Redirecting to /bin/systemctl stop jabberd.service
Done.
Starting spacewalk services...
Redirecting to /bin/systemctl start jabberd.service
Redirecting to /bin/systemctl start tomcat.service
Waiting for tomcat to be ready ...
Redirecting to /bin/systemctl start httpd.service
Redirecting to /bin/systemctl start osa-dispatcher.service
Job for osa-dispatcher.service failed because the control process exited with
error code. See "systemctl status osa-dispatcher.service" and "journalctl -xe"
for details.
Redirecting to /bin/systemctl start rhn-search.service
Starting cobblerd (via systemctl): [ OK ]
Redirecting to /bin/systemctl start taskomatic.service
Done.
When reviewing the osa-dispatcher log:
2017/12/21 13:30:36 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.__init__
2017/12/21 13:30:36 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.connect('Server did not return a <features /> stanza,
reconnecting',)
2017/12/21 13:30:37 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.connect('Server did not return a <features /> stanza,
reconnecting',)
2017/12/21 13:30:38 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.connect('Server did not return a <features /> stanza,
reconnecting',)
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.connect('ERROR', 'Not able to reconnect - See
https://access.redhat.com/solutions/45332 for possible solutions.\n')
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.print_message('SSLError',)
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.print_message('Could not connect to jabber server',
'SNCFGSPWD01S')
2017/12/21 13:30:39 -05:00 3040 0.0.0.0<http://0.0.0.0>:
osad/jabber_lib.main('ERROR', 'Error caught:')
Some Jabber specific configs:
[root@SNCFGSPWD01S ~]# grep $(hostname) /etc/jabberd/*xml
/etc/jabberd/c2s.xml: <id require-starttls="false"
pemfile="/etc/pki/spacewalk/jabberd/server.pem" realm=""
register-enable="true">SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
/etc/jabberd/sm.xml: <id>SNCFGSPWD01S</id>
Seeing as this is an SSL error, makes sense to include these:
[root@SNCFGSPWD01S ~]# grep CN= $(grep spacewalk.crt /etc/httpd/conf.d/ssl.conf
| cut -f 2 -d' ') | grep Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S,
CN=SNCFGSPWD01S/[email protected]<mailto:CN=SNCFGSPWD01S/[email protected]>
[root@SNCFGSPWD01S ~]# grep CN= /etc/pki/spacewalk/jabberd/server.pem | grep
Subject
Subject: C=US, ST=MO, O=Stifel, OU=SNCFGSPWD01S,
CN=SNCFGSPWD01S/[email protected]<mailto:[email protected]>
The OSA configuration portion of rhn.conf:
# OSA configuration #
server.jabber_server = SNCFGSPWD01S
osa-dispatcher.jabber_server = SNCFGSPWD01S
# set up SSL on the dispatcher
osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT
# system snapshots enabled
enable_snapshots = 1
#cobbler host name
cobbler.host = SNCFGSPWD01S
And finally the contents of the up2date.conf:
# Red Hat Update Agent config file.
# Format: 1.0
debug[comment]=Whether or not debugging is enabled
debug=0
systemIdPath[comment]=Location of system id
systemIdPath=/etc/sysconfig/rhn/systemid
serverURL[comment]=Remote server URL (use FQDN)
serverURL=https://sncfgspwd01s/XMLRPC
hostedWhitelist[comment]=RHN Hosted URL's
hostedWhitelist=
enableProxy[comment]=Use a HTTP Proxy
enableProxy=0
versionOverride[comment]=Override the automatically determined system version
versionOverride=
httpProxy[comment]=HTTP proxy in host:port format, e.g.
squid.redhat.com:3128<http://squid.redhat.com:3128>
httpProxy=
noReboot[comment]=Disable the reboot actions
noReboot=0
networkRetries[comment]=Number of attempts to make at network connections
before giving up
networkRetries=1
disallowConfChanges[comment]=Config options that can not be overwritten by a
config update action
disallowConfChanges=noReboot;sslCACert;useNoSSLForPackages;serverURL;disallowConfChanges;
sslCACert[comment]=The CA cert used to verify the ssl server
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
# Akamai does not support http protocol, therefore setting this option as side
effect disable "Location aware" function
useNoSSLForPackages[comment]=Use HTTP for package, package list, and header
fetching (disable Akamai)
useNoSSLForPackages=0
retrieveOnly[comment]=Retrieve packages only
retrieveOnly=0
skipNetwork[comment]=Skips network information in hardware profile sync during
registration.
skipNetwork=0
writeChangesToLog[comment]=Log to /var/log/up2date which packages has been
added and removed
writeChangesToLog=0
stagingContent[comment]=Retrieve content of future actions in advance
stagingContent=1
stagingContentWindow[comment]=How much forward we should look for future
actions. In hours.
stagingContentWindow=24
Any help would be greatly appreciated! Thanks so much!
-Nick
[new_sig]
[stifel-sig]
This message, and any of its attachments, is for the intended recipient(s)
only, and it may contain information that is privileged, confidential, and/or
proprietary and subject to important terms and conditions available at
http://www.stifel.com/disclosures/emaildisclaimers/. If you are not the
intended recipient, please delete this message and immediately notify the
sender. No confidentiality, privilege, or property rights are waived or lost by
any errors in transmission.
_______________________________________________
Spacewalk-list mailing list
[email protected]<mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/spacewalk-list
Please consider the environment before printing this email.
*********************************************************************
This communication may contain information which is confidential, personal
and/or privileged. It is for the exclusive use of the intended recipient(s).
If you are not the intended recipient(s), please note that any distribution,
forwarding, copying or use of this communication or the information in it is
strictly prohibited. If you have received it in error please contact the sender
immediately by return e-mail. Please then delete the e-mail and any copies of
it and do not use or disclose its contents to any person.
Any personal views expressed in this e-mail are those of the individual sender
and the company does not endorse or accept responsibility for them. Prior to
taking any action based upon this e-mail message, you should seek appropriate
confirmation of its authenticity.
This message has been checked for viruses on behalf of the company.
*********************************************************************
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
