sorry for the late reply.
these are the only files in /etc/xcat/{ca,cert} on the SN:
/etc/xcat/ca/:
total 4
-rw-r----- 1 root system 1135 2012-04-03 18:22 ca-cert.pem
/etc/xcat/cert:
total 12
-rw------- 1 root system 1135 2012-04-03 18:24 ca.pem
-rw------- 1 root system 5831 2012-04-03 18:24 server-cred.pem
times are ntp synchronized and are the same.
the MN strangly had the SN hostname in the policy table at "1.2"
i'v corrected that to the MN's hostname (lrz0001c)
tabdump policy
MN:
"1.2","lrz0001c",,,,,,"trusted",,
MN:
$ grep "CN=" server-cred.pem
Issuer: CN=xCAT CA
Subject: CN=lrz0001c
SN:
$ grep CN= server-cred.pem
Issuer: CN=xCAT CA
Subject: CN=lrz0001c
and the mysql users:
mysql> select host, user from mysql.user;
+---------------+-----------+
| host | user |
+---------------+-----------+
| % | xcatadmin |
| 192.168.34.13 | xcatadmin | <- MN
| 192.168.34.17 | xcatadmin | <- SN
| arz0006c | xcatadmin | <- SN
| localhost | root |
+---------------+-----------+
5 rows in set (0.00 sec)
i tried a quick perl dbd script with a select query from the SN to the MN
and mysql seems to work fine.
can't find anything wrong - yet the permission is denied.
lrz0001c $ xdsh aixservice "/opt/xcat/sbin/tabdump site"
arz0006c: Error: Permission denied for request
--
Mit freundlichen Grüßen / Best Regards
Matthias Merk
Lissa Valletta <[email protected]> schrieb am 03.04.2012 19:31:54:
> Von: Lissa Valletta <[email protected]>
> An: xCAT Users Mailing list <[email protected]>
> Kopie: xCAT Users Mailing list <[email protected]>
> Datum: 03.04.2012 19:33
> Betreff: Re: [xcat-user] error while installing xcat on aix
>
> A couple of things on the Service Node, the files you copied should be
the
> only ones in those directories. Because you installed it as a MN, make
> sure there are no others that were generated during the MN install. Make
> sure date on MN and SN are close. This looks like an xCAT SSL
credential
> problem. The peername is missing in the message below and that is
taken
> from the SSL server-cred.pem file.
>
> On the MN
> tabdump policy, you should have an entry like
> "1.2","hpcrhmn",,,,,,"trusted",, where hpcrhmn is you MN.
>
> On the MN, look in /etc/xcat/ca/server-cred.pem file at the line with
> CN=<management node name> should match what is in the trusted line of
the
> policy table.
>
> If you are using long hostnames, make sure your domain is in the domain
of
> the site table and make sure you have a long hostname in the policy
table.
> You can add another one like.
> "1.3","hpcrhmn.domain",,,,,,"trusted",,
>
>
> Then on the SN
>
> [root@rhsn cert]# ls
> ca.pem server-cred.pem
>
> [root@rhsn ca]# ls
> ca-cert.pem
>
> vi server-cred.pem
>
> Look for the following line, is that the name of your MN and the ip
address
> should be 192.168.34.13
> Subject: CN=hpcrhmn (hpcrhmn is my MN)
>
>
> Also run this mysql command and make sure any name or ip address that
the
> SN might contact the Management Node is in the list (longnames,
> shortname,etc)
>
> mysql> SELECT host, user FROM mysql.user;
> +-----------+-----------+
> | host | user |
> +-----------+-----------+
> | % | xcatadmin |
> | 10.6.0.% | xcatadmin |
> | 10.6.0.1 | xcatadmin |
> | 127.0.0.1 | root |
> | hpcrhmn | |
> | hpcrhmn | root |
> | localhost | |
> | localhost | root |
>
>
>
>
> Lissa K. Valletta
> 2-3/T12
> Poughkeepsie, NY 12601
> (tie 293) 433-3102
>
>
>
>
>
> From: [email protected]
> To: xCAT Users Mailing list <[email protected]>
> Date: 04/03/2012 12:55 PM
> Subject: Re: [xcat-user] error while installing xcat on aix
>
>
>
> ok. i removed the xCAT-2.7*rpm and put on the xCATsn-2.7* rpm.
> copied /etc/xcat/cfgloc from the mgmt node to service node (arz0006c)
> copied /etc/xcat/ca/ca-cert.pem /etc/xcat/cert/{ca,server-cred}.pem from
> the mgmt node to service node
> restarted xcatd
> lsxcatd -a output looks correct but tabdump site gets a permission
> denied.
> xdsh aixservice "/opt/xcat/bin/lsxcatd -a"
> arz0006c: Version 2.7 (svn r11843, built Tue Mar 13 21:50:46 EDT 2012)
> arz0006c: This is a Service Node
> arz0006c: cfgloc=mysql:dbname=xcatdb;host=192.168.34.13|xcatadmin
> arz0006c: dbengine=mysql
> arz0006c: dbname=xcatdb
> arz0006c: dbhost=192.168.34.13
> arz0006c: dbadmin=xcatadmin
>
> $ xdsh aixservice "/opt/xcat/sbin/tabdump site"
> arz0006c: Error: Permission denied for request
>
> from the console of arz0006c: (service node)
> Request matched no policy rule: peername=, peerhost=loopback tabdump
> Use of uninitialized value in concatenation (.) or string at
> /opt/xcat/sbin/xcatd line 1740.
> Permission denied for request: peername=,
> peerhost=loopback,peerfqdn=loopback,peerport=32811 command= tabdump
>
> i thought it might be a mysql permission issue, but GRANTS look ok
>
> mysql> show grants for xcatadmin;
>
+----------------------------------------------------------------------------------------------------------
> +
>
> | Grants for xcatadmin@% |
>
+----------------------------------------------------------------------------------------------------------
> +
>
> | GRANT USAGE ON *.* TO 'xcatadmin'@'%' IDENTIFIED BY PASSWORD [...] |
>
+----------------------------------------------------------------------------------------------------------
> +
>
> 1 row in set (0.00 sec)
>
> mysql> show grants for [email protected];
>
+----------------------------------------------------------------------------------------------------------------------
> +
>
> | Grants for [email protected] |
>
+----------------------------------------------------------------------------------------------------------------------
> +
>
> | GRANT USAGE ON *.* TO 'xcatadmin'@'192.168.34.17' IDENTIFIED BY
PASSWORD
> [...] |
> | GRANT ALL PRIVILEGES ON `xcatdb`.* TO 'xcatadmin'@'192.168.34.17'
> |
>
+----------------------------------------------------------------------------------------------------------------------
> +
>
> 2 rows in set (0.00 sec)
>
> any other place to set a permission?
>
> thanks
>
> --
> Mit freundlichen Grüßen / Best Regards
>
> Matthias Merk
>
> Lissa Valletta <[email protected]> schrieb am 02.04.2012 17:41:54:
>
> > Von: Lissa Valletta <[email protected]>
> > An: xCAT Users Mailing list <[email protected]>
> > Kopie: xCAT Users Mailing list <[email protected]>
> > Datum: 02.04.2012 17:44
> > Betreff: Re: [xcat-user] error while installing xcat on aix
> >
> > If you were installing AIX xcat on the service node you should not
have
> > used the instxcat script , that is only for the Management Node.
> > The Service Node uses the xCATsn* metapackage and the Management Node
> uses
> > the xCAT* metapackage.
> > YOu will need to remove the xCAT-2.7*rpm and put on the xCATsn-2.7*
rpm
> >
> > Lissa K. Valletta
> > 2-3/T12
> > Poughkeepsie, NY 12601
> > (tie 293) 433-3102
> >
> >
> >
> >
> >
> > From: [email protected]
> > To: xCAT Users Mailing list <[email protected]>
> > Date: 04/02/2012 10:21 AM
> > Subject: [xcat-user] error while installing xcat on aix
> >
> >
> >
> > Hi
> >
> > the following error occured during xcat-core 2.7 installation on AIX
> > (6100-07-03-1207).
> >
> > 0513-059 The xcatd Subsystem has been started. Subsystem PID is
3342558.
> > Command failed: /opt/xcat/sbin/makenetworks 2>&1. Error message:
> > Connection failure: IO::Socket::SSL: SSL connect attempt failed
because
> of
> > handshake problemserror:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert
> > unknown ca at /opt/xcat/lib/perl/xCAT/Client.pm line 159.
> > Unable to open socket connection to xcatd daemon on localhost:3001.
> > Verify that the xcatd daemon is running and that your SSL setup is
> > correct..
> >
> > all rpms of dep-aix-201203220548 where installed previously.
> > any idea on how to fix this error?
> >
> > thanks
> >
> > here's the full log:
> > $ ./instxcat
> > perl-xCAT ##################################################
> > xCAT-client ##################################################
> > xCAT-server ##################################################
> > xCAT ##################################################
> > Generating new node hostkeys...
> > Generating SSH1 RSA Key...
> > Generating SSH2 RSA Key...
> > Generating SSH2 DSA Key...
> > Copied /root/.ssh/id_rsa.pub to
> /install/postscripts/_ssh/authorized_keys.
> > 0513-059 The conserver Subsystem has been started. Subsystem PID is
> > 4391066.
> > 0513-075 The new subsystem name is already on file.
> > restartxcatd invoked by root.
> >
> > 0513-059 The xcatd Subsystem has been started. Subsystem PID is
3342558.
> > Command failed: /opt/xcat/sbin/makenetworks 2>&1. Error message:
> > Connection failure: IO::Socket::SSL: SSL connect attempt failed
because
> of
> > handshake problemserror:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert
> > unknown ca at /opt/xcat/lib/perl/xCAT/Client.pm line 159.
> > Unable to open socket connection to xcatd daemon on localhost:3001.
> > Verify that the xcatd daemon is running and that your SSL setup is
> > correct..
> >
> > xCAT is now running.
> > xCAT-rmc ##################################################
> > Copying files to /install/postscripts directory...
> > restartxcatd invoked by root.
> >
> > 0513-044 The xcatd Subsystem was requested to stop.
> > 0513-059 The xcatd Subsystem has been started. Subsystem PID is
5112010.
> > --
> > Mit freundlichen Grüßen / Best Regards
> >
> > Matthias Merk
> >
> >
> >
> >
> > Von: Lissa Valletta <[email protected]>
> > An: xCAT Users Mailing list <[email protected]>
> > Kopie: XCAT Help <[email protected]>
> > Datum: 02.04.2012 13:39
> > Betreff: Re: [xcat-user] error while loading OS
> >
> >
> >
> > Could you give us some background on what you are doing?
> > What level of xCAT are your running?
> > What OS and level are you using.
> > What type of hardware/
> > What documentation did you follow to setup the MN and the nodes.
> >
> > I think a lsdef <nodename> might help.
> >
> > Lissa K. Valletta
> > 2-3/T12
> > Poughkeepsie, NY 12601
> > (tie 293) 433-3102
> >
> >
> >
> >
> >
> > From: SYED ASIF ZAHEER <[email protected]>
> > To: XCAT Help <[email protected]>
> > Date: 04/02/2012 07:02 AM
> > Subject: [xcat-user] error while loading OS
> >
> >
> >
> > Hi,
> >
> > I'm trying to load an O/S on another machine on the network.
> >
> > After getting its IP address and loading xcat/nbk.x86 and
> xcat/nbfs.x86.gz
> >
> > I get pages full of
> >
> > cat: can't open '/tmp/dhcpserver': no such file or directory
> > grep: can't open '/tmp/destiny': no such file or directory
> > grep: can't open '/tmp/destiny': no such file or directory
> >
> >
> >
> > Regards
> > Syed Asif Zaheer
> > [email protected]
> >
> >
> >
>
------------------------------------------------------------------------------
>
> >
> >
> > This SF email is sponsosred by:
> > Try Windows Azure free for 90 days Click Here
> > http://p.sf.net/sfu/sfd2d-msazure
> > _______________________________________________
> > xCAT-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
> >
> >
> >
> >
>
------------------------------------------------------------------------------
>
> >
> > This SF email is sponsosred by:
> > Try Windows Azure free for 90 days Click Here
> > http://p.sf.net/sfu/sfd2d-msazure
> > _______________________________________________
> > xCAT-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
> >
> >
> > ----------------
> > Disclaimer:
> > Diese Nachricht dient ausschließlich zu Informationszwecken und ist
nur
> > für den Gebrauch des angesprochenen Adressaten bestimmt.
> >
> > This message is only for informational purposes and is intended solely
> for
> > the use of the addressee.
> > ----------------
> >
> >
>
------------------------------------------------------------------------------
>
> >
> > This SF email is sponsosred by:
> > Try Windows Azure free for 90 days Click Here
> > http://p.sf.net/sfu/sfd2d-msazure
> > _______________________________________________
> > xCAT-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
> >
> >
> >
> >
> >
>
------------------------------------------------------------------------------
>
> > This SF email is sponsosred by:
> > Try Windows Azure free for 90 days Click Here
> > http://p.sf.net/sfu/sfd2d-msazure
> > _______________________________________________
> > xCAT-user mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
>
> ----------------
> Disclaimer:
> Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur
> für den Gebrauch des angesprochenen Adressaten bestimmt.
>
> This message is only for informational purposes and is intended solely
for
> the use of the addressee.
> ----------------
>
>
------------------------------------------------------------------------------
>
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> xCAT-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/xcat-user
>
>
>
>
>
------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> xCAT-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/xcat-user
----------------
Disclaimer:
Diese Nachricht dient ausschließlich zu Informationszwecken und ist nur
für den Gebrauch des angesprochenen Adressaten bestimmt.
This message is only for informational purposes and is intended solely for
the use of the addressee.
----------------
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
