A couple of things on the Service Node, the files you copied should be the only ones in those directories. Because you installed it as a MN, make sure there are no others that were generated during the MN install. Make sure date on MN and SN are close. This looks like an xCAT SSL credential problem. The peername is missing in the message below and that is taken from the SSL server-cred.pem file.
On the MN tabdump policy, you should have an entry like "1.2","hpcrhmn",,,,,,"trusted",, where hpcrhmn is you MN. On the MN, look in /etc/xcat/ca/server-cred.pem file at the line with CN=<management node name> should match what is in the trusted line of the policy table. If you are using long hostnames, make sure your domain is in the domain of the site table and make sure you have a long hostname in the policy table. You can add another one like. "1.3","hpcrhmn.domain",,,,,,"trusted",, Then on the SN [root@rhsn cert]# ls ca.pem server-cred.pem [root@rhsn ca]# ls ca-cert.pem vi server-cred.pem Look for the following line, is that the name of your MN and the ip address should be 192.168.34.13 Subject: CN=hpcrhmn (hpcrhmn is my MN) Also run this mysql command and make sure any name or ip address that the SN might contact the Management Node is in the list (longnames, shortname,etc) mysql> SELECT host, user FROM mysql.user; +-----------+-----------+ | host | user | +-----------+-----------+ | % | xcatadmin | | 10.6.0.% | xcatadmin | | 10.6.0.1 | xcatadmin | | 127.0.0.1 | root | | hpcrhmn | | | hpcrhmn | root | | localhost | | | localhost | root | Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: [email protected] To: xCAT Users Mailing list <[email protected]> Date: 04/03/2012 12:55 PM Subject: Re: [xcat-user] error while installing xcat on aix ok. i removed the xCAT-2.7*rpm and put on the xCATsn-2.7* rpm. copied /etc/xcat/cfgloc from the mgmt node to service node (arz0006c) copied /etc/xcat/ca/ca-cert.pem /etc/xcat/cert/{ca,server-cred}.pem from the mgmt node to service node restarted xcatd lsxcatd -a output looks correct but tabdump site gets a permission denied. xdsh aixservice "/opt/xcat/bin/lsxcatd -a" arz0006c: Version 2.7 (svn r11843, built Tue Mar 13 21:50:46 EDT 2012) arz0006c: This is a Service Node arz0006c: cfgloc=mysql:dbname=xcatdb;host=192.168.34.13|xcatadmin arz0006c: dbengine=mysql arz0006c: dbname=xcatdb arz0006c: dbhost=192.168.34.13 arz0006c: dbadmin=xcatadmin $ xdsh aixservice "/opt/xcat/sbin/tabdump site" arz0006c: Error: Permission denied for request from the console of arz0006c: (service node) Request matched no policy rule: peername=, peerhost=loopback tabdump Use of uninitialized value in concatenation (.) or string at /opt/xcat/sbin/xcatd line 1740. Permission denied for request: peername=, peerhost=loopback,peerfqdn=loopback,peerport=32811 command= tabdump i thought it might be a mysql permission issue, but GRANTS look ok mysql> show grants for xcatadmin; +----------------------------------------------------------------------------------------------------------+ | Grants for xcatadmin@% | +----------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'xcatadmin'@'%' IDENTIFIED BY PASSWORD [...] | +----------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) mysql> show grants for [email protected]; +----------------------------------------------------------------------------------------------------------------------+ | Grants for [email protected] | +----------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'xcatadmin'@'192.168.34.17' IDENTIFIED BY PASSWORD [...] | | GRANT ALL PRIVILEGES ON `xcatdb`.* TO 'xcatadmin'@'192.168.34.17' | +----------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) any other place to set a permission? thanks -- Mit freundlichen Grüßen / Best Regards Matthias Merk Lissa Valletta <[email protected]> schrieb am 02.04.2012 17:41:54: > Von: Lissa Valletta <[email protected]> > An: xCAT Users Mailing list <[email protected]> > Kopie: xCAT Users Mailing list <[email protected]> > Datum: 02.04.2012 17:44 > Betreff: Re: [xcat-user] error while installing xcat on aix > > If you were installing AIX xcat on the service node you should not have > used the instxcat script , that is only for the Management Node. > The Service Node uses the xCATsn* metapackage and the Management Node uses > the xCAT* metapackage. > YOu will need to remove the xCAT-2.7*rpm and put on the xCATsn-2.7* rpm > > Lissa K. Valletta > 2-3/T12 > Poughkeepsie, NY 12601 > (tie 293) 433-3102 > > > > > > From: [email protected] > To: xCAT Users Mailing list <[email protected]> > Date: 04/02/2012 10:21 AM > Subject: [xcat-user] error while installing xcat on aix > > > > Hi > > the following error occured during xcat-core 2.7 installation on AIX > (6100-07-03-1207). > > 0513-059 The xcatd Subsystem has been started. Subsystem PID is 3342558. > Command failed: /opt/xcat/sbin/makenetworks 2>&1. Error message: > Connection failure: IO::Socket::SSL: SSL connect attempt failed because of > handshake problemserror:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca at /opt/xcat/lib/perl/xCAT/Client.pm line 159. > Unable to open socket connection to xcatd daemon on localhost:3001. > Verify that the xcatd daemon is running and that your SSL setup is > correct.. > > all rpms of dep-aix-201203220548 where installed previously. > any idea on how to fix this error? > > thanks > > here's the full log: > $ ./instxcat > perl-xCAT ################################################## > xCAT-client ################################################## > xCAT-server ################################################## > xCAT ################################################## > Generating new node hostkeys... > Generating SSH1 RSA Key... > Generating SSH2 RSA Key... > Generating SSH2 DSA Key... > Copied /root/.ssh/id_rsa.pub to /install/postscripts/_ssh/authorized_keys. > 0513-059 The conserver Subsystem has been started. Subsystem PID is > 4391066. > 0513-075 The new subsystem name is already on file. > restartxcatd invoked by root. > > 0513-059 The xcatd Subsystem has been started. Subsystem PID is 3342558. > Command failed: /opt/xcat/sbin/makenetworks 2>&1. Error message: > Connection failure: IO::Socket::SSL: SSL connect attempt failed because of > handshake problemserror:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca at /opt/xcat/lib/perl/xCAT/Client.pm line 159. > Unable to open socket connection to xcatd daemon on localhost:3001. > Verify that the xcatd daemon is running and that your SSL setup is > correct.. > > xCAT is now running. > xCAT-rmc ################################################## > Copying files to /install/postscripts directory... > restartxcatd invoked by root. > > 0513-044 The xcatd Subsystem was requested to stop. > 0513-059 The xcatd Subsystem has been started. Subsystem PID is 5112010. > -- > Mit freundlichen Grüßen / Best Regards > > Matthias Merk > > > > > Von: Lissa Valletta <[email protected]> > An: xCAT Users Mailing list <[email protected]> > Kopie: XCAT Help <[email protected]> > Datum: 02.04.2012 13:39 > Betreff: Re: [xcat-user] error while loading OS > > > > Could you give us some background on what you are doing? > What level of xCAT are your running? > What OS and level are you using. > What type of hardware/ > What documentation did you follow to setup the MN and the nodes. > > I think a lsdef <nodename> might help. > > Lissa K. Valletta > 2-3/T12 > Poughkeepsie, NY 12601 > (tie 293) 433-3102 > > > > > > From: SYED ASIF ZAHEER <[email protected]> > To: XCAT Help <[email protected]> > Date: 04/02/2012 07:02 AM > Subject: [xcat-user] error while loading OS > > > > Hi, > > I'm trying to load an O/S on another machine on the network. > > After getting its IP address and loading xcat/nbk.x86 and xcat/nbfs.x86.gz > > I get pages full of > > cat: can't open '/tmp/dhcpserver': no such file or directory > grep: can't open '/tmp/destiny': no such file or directory > grep: can't open '/tmp/destiny': no such file or directory > > > > Regards > Syed Asif Zaheer > [email protected] > > > ------------------------------------------------------------------------------ > > > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > ---------------- > Disclaimer: > Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur > für den Gebrauch des angesprochenen Adressaten bestimmt. > > This message is only for informational purposes and is intended solely for > the use of the addressee. > ---------------- > > ------------------------------------------------------------------------------ > > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > xCAT-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/xcat-user ---------------- Disclaimer: Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur für den Gebrauch des angesprochenen Adressaten bestimmt. This message is only for informational purposes and is intended solely for the use of the addressee. ---------------- ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
