Thanks for your reply I need to get the port number with this command and I’m using 5222 This command does a CONNECTED(00000003) but return these following errors: (Do you need the whole output?)
Client side
================================================
# echo 1 | openssl s_client -connect serverXXX.YYY.ZZZ:5222 -starttls xmpp
[…]
verify error:num=20:unable to get local issuer certificate
verify return:1
[…]
verify error:num=21:unable to verify the first certificate
verify return:1
[…]
No client certificate CA names sent
[…]
CA and server certificates was provided by the command rhn-ssl-tool --gen-ca
and –gen-server as provided by the spacewalk documentation.
On the server, I’ve used the default configuration for c2s.xml, with the
require-starttls… please see value below, is it so ok?
Server side
================================================
<c2s>
<id>c2s</id>
<pidfile>/var/lib/jabberd/pid/c2s.pid</pidfile>
<router>
<ip>::1</ip> <!-- default: 127.0.0.1 -->
<port>5347</port> <!-- default: 5347 -->
<user>jabberd</user> <!-- default: jabberd -->
<pass>505f47a1d372b23eec4942bfaa0cac1ff0c6dfe1</pass> <!--
default: secret -->
<init>3</init>
<lost>3</lost>
<sleep>2</sleep>
</router>
<log type="file">
<file>/var/log/jabberd/c2s.log</file>
</log>
<local>
<id require-starttls="false" pemfile="/etc/pki/spacewalk/jabberd/server.pem"
realm="" register-enable="true"> serverXXX.YYY.ZZZ </id>
<ip>::</ip>
<port>5222</port>
</local>
<io>
<max_fds>1024</max_fds>
<limits>
<bytes>0</bytes>
<stanzas>0</stanzas>
<connects>0</connects>
<stanzasize>0</stanzasize>
</limits>
<access>
<order>allow,deny</order>
</access>
<check>
<interval>120</interval>
<idle>120</idle>
<keepalive>120</keepalive>
</check>
</io>
<authreg>
<path>/usr/lib64/jabberd</path>
<module>pgsql</module>
<pgsql>
<conninfo>dbname=jabberd2DB user=jabberd2
password=XXXXXXXXX</conninfo>
<host>localhost</host>
<port>5432</port>
<dbname>jabberd2</dbname>
<schema>public</schema>
<user>jabberd2</user>
<pass>505f47a1d372b23eec4942bfaa0cac1ff0c6dfe1</pass>
</pgsql>
<pipe>
<exec>/usr/bin/pipe-auth.pl</exec>
</pipe>
</authreg>
</c2s>
Best, J.
From: [email protected]
[mailto:[email protected]] On Behalf Of Matt Moldvan
Sent: Donnerstag, 5. Juli 2018 15:56
To: [email protected]
Subject: Re: [Spacewalk-list] spacewalk: jabber/osad connection issue
From the client, try "echo 1 | openssl s_client -connect serverXXX.YYY.ZZZ
-starttls xmpp". Does the client throw any errors about not being able to
verify the certificate presented by the server? Is the CA cert used to
generate that certificate present on the client?
Also, what is in /etc/jabber/c2s.xml in the line referring to the SSL
configuration?
On Thu, Jul 5, 2018 at 8:07 AM Jérôme Meyer
<[email protected]<mailto:[email protected]>> wrote:
Hi All,
I’ve cloned the spacewalk server to check the connection issue. I always need
TO USE the rhn_check to execute the spacewalk tasks.
Some changes was done on this server/client :
- Configure NTP
- Re-configure Certificat with the FQDN name.
- Change the local jabber DB to PostgreSQL.
- Read some RHEL docs and do the following:
https://github.com/spacewalkproject/spacewalk/wiki/JabberAndOSAD
The following error appears in osad from client:
===========================================
2018-07-05 13:36:40 rhn_log.log_error: 0 Received an error stanza:
<error><host-gone xmlns = 'urn:ietf:params:xml:ns:xmpp-streams' /><text xmlns
= 'urn:ietf:params:xml:ns:xmpp-streams' >connection timed out</text></error>
2018-07-05 13:36:50 rhn_log.log_error: 0 Error caught:
2018-07-05 13:36:50 rhn_log.log_error: 0 Traceback (most recent call last):
File "/usr/share/rhn/osad/jabber_lib.py", line 121, in main
self.process_forever(c)
File "/usr/share/rhn/osad/jabber_lib.py", line 179, in process_forever
self.process_once(client)
File "/usr/share/rhn/osad/osad.py", line 252, in process_once
client.process(timeout=180)
File "/usr/share/rhn/osad/jabber_lib.py", line 1076, in process
data = self._read(self.BLOCK_SIZE)
SSLError: ('OpenSSL error; will retry', "(-1, 'Unexpected EOF')")
When I start the “debugging” mode, here’re the result:
===========================================
# osad -N -vvv
2018-07-05 13:40:40 osad._setup_config: Updating configuration
2018-07-05 13:40:41 osad._setup_config: Time drift 1
2018-07-05 13:40:41 osad._setup_config: Client name ffe44b07bf9d5d1a
2018-07-05 13:40:41 osad._setup_config: Shared key
9a3d699d574f4173c1028f6a50e08b16723d4eba
2018-07-05 13:40:41 jabber_lib.setup_connection: Connecting to serverXXX.YYY.ZZZ
2018-07-05 13:40:41 jabber_lib._get_jabber_client:
2018-07-05 13:40:41 jabber_lib._get_jabber_client: Connecting to
serverXXX.YYY.ZZZ
2018-07-05 13:40:41 jabber_lib.__init__:
2018-07-05 13:40:41 jabber_lib.__init__:
2018-07-05 13:40:41 jabber_lib.connect:
2018-07-05 13:40:41 jabber_lib.process: 300
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib.setup_connection: Connected to jabber server
serverXXX.YYY.ZZZ
2018-07-05 13:40:41 osad_client.start: osad-d80b05695e 073290d0f3512c216958 osad
2018-07-05 13:40:41 jabber_lib.auth: osad-d80b05695e 073290d0f3512c216958 osad 1
2018-07-05 13:40:41 jabber_lib.process: 59.9999859333
2018-07-05 13:40:41 jabber_lib.process: 299.999978065
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method
Client._roster_callback of <osad.osad_client.Client object at 0x7eff0baaef50>>
iq None None None None
2018-07-05 13:40:41 jabber_lib.process: None
2018-07-05 13:40:41 jabber_lib._roster_callback: Updating the roster <iq
type='result' id='iq-request-6c1b20-2'><query xmlns = 'jabber:iq:roster' ><item
ask='subscribe' jid='rhn-dispatcher-sat@serverXXX' subscription='none'
/></query></iq>
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method
Client._presence_callback of <osad.osad_client.Client object at
0x7eff0baaef50>> presence None None None None
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method
Client._message_callback of <osad.osad_client.Client object at 0x7eff0baaef50>>
message None None None None
2018-07-05 13:40:41 jabber_lib.register_callback: <bound method
Runner._error_callback of <osad.osad.Runner instance at 0x7eff0bb58248>> error
None None None None
2018-07-05 13:40:41 jabber_lib.send_presence: None None
2018-07-05 13:40:41 jabber_lib.process_forever:
2018-07-05 13:40:41 jabber_lib.process: 180
Unfortunately, I didn’t have any more idea to do and in which way I should to
go to find this problem.
Has someone has an idea or more experience with this issue?
Thanks in advance and best regards,
Jerome
_______________________________________________
Spacewalk-list mailing list
[email protected]<mailto:[email protected]>
https://www.redhat.com/mailman/listinfo/spacewalk-list
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
