Re: [xcat-user] conserver issues

Tue, 10 Dec 2013 03:50:16 -0800

Apologies for the confusion,

What I meant to say there was about that potentially then package has been updated through RHN, and may not be the stock rhels6.4 version. Everything else in xCAT is runnning without any problems, the cluster (12 Blade Centers2) were all re-installed last night, so everything else works.

I even tried taking out the sections in  conserer.cf wrt the certificates, but I realised that the was needed. The individial exec commands inside the conserver.cfg individually worked, so I was able to view the console.

I am just waiting to get the details from the customer, so once received I will forward on the details wrt to the certificate details.

regards,

Arif Ali MBCS
Senior HPC Technical Architect
OCF plc

Tel: +44 (0)114 257 2200
Mob: +44 (0)7970 148 122
Fax: +44 (0)114 257 0022
Web: www.ocf.co.uk
Blog: blog.ocf.co.uk
Twitter: @ocfplc

OCF plc is a company registered in England and Wales. Registered number 4132533, VAT number GB 780 6803 14. Registered office address: OCF plc, 5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield, S35 2PG.

This message is private and confidential. If you have received this message in error, please notify us and remove it from your system.
On 10/12/13 10:53, Lissa Valletta wrote:

Arif did you say you are not using the OpenSSL shipped with Redhat 6.4.    What OpenSSL are you using.   We have had issues recently with new levels of SSL in AIX.
Can you run xCAT commands ok on the Management Node,  anything like lsdef command without gettting complaints from Client.pm?

Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102



Inactive hide details for Ling Gao---12/09/2013 05:12:37 PM---rcons uses xCAT credentials to verify. In /etc/conserver.cf fileLing Gao---12/09/2013 05:12:37 PM---rcons uses xCAT credentials to verify.  In /etc/conserver.cf file it has the following:

From: Ling Gao/Poughkeepsie/IBM@IBMUS
To: xCAT Users Mailing list <[email protected]>,
Cc: "[email protected]" <[email protected]>
Date: 12/09/2013 05:12 PM
Subject: Re: [xcat-user] conserver issues




rcons uses xCAT credentials to verify.
In /etc/conserver.cf file it has the following: 

config * { 
 sslrequired yes; 
 sslauthority /etc/xcat/cert/ca.pem; 
 sslcredentials /etc/xcat/cert/server-cred.pem; 
} 

Can you check those 2 files?  I am just curious on the error you gave us: 
console: SSLVerifyCallback():  issuer  = /CN=xCAT CA
console: SSLVerifyCallback():  subject = /CN=xCAT CA

My  /etc/xcat/cert/server-cred.pem look like this: 
# cat /etc/xcat/cert/server-cred.pem 
Certificate: 
   Data: 
       Version: 3 (0x2) 
       Serial Number: 1 (0x1) 
       Signature Algorithm: sha1WithRSAEncryption 
       Issuer: CN=xCAT CA 
       Validity 
           Not Before: Dec 27 11:47:51 2010 GMT 
           Not After : Dec 22 11:47:51 2030 GMT 
       Subject: CN=x3550n01      <--- the node mn name 
       Subject Public Key Info: 
           Public Key Algorithm: rsaEncryption 
               Public-Key: (2048 bit) 
               Modulus: 
         .... 
         ..... 

Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692  
External: [email protected], 845-433-5692

"I never worry about the future. It comes soon enough." --- Albert Einstein



From:        Arif Ali <[email protected]> 
To:        "[email protected]" <[email protected]>,
Cc:        "[email protected]" <[email protected]> 
Date:        12/09/2013 04:12 PM 
Subject:        Re: [xcat-user] conserver issues 



Yes to all

Removed the certificates and recreated using xcatconfig -c

I even did a killall -9 conserver

Could it be a version of openssl, it is above the rhels6.4 standard level. Prob updated a few weeks back



Sent from my Android phone using TouchDown (www.nitrodesk.com)

-----Original Message-----
From: Ling Gao [[email protected]]
Received: Monday, 09 Dec 2013, 18:47
To: xCAT Users Mailing list [[email protected]]
CC: xCAT-user [[email protected]]
Subject: Re: [xcat-user] conserver issues

Hi Arif, 
   Have you run makeconservercf and "service conserver stop; service conserver start" (not service conserver restart) after xcatconfig? 
If it still does not work, can you remove /etc/conserver.cf and run makeconservercf? 

Ling 

Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692  
External: [email protected], 845-433-5692

"I never worry about the future. It comes soon enough." --- Albert Einstein



From:        Arif Ali <[email protected]> 
To:        xCAT-user <[email protected]>,
Date:        12/09/2013 11:27 AM 
Subject:        [xcat-user] conserver issues 



Hi all,

I have checked the mailinglist and googled the info, but cannot find a fix

I have done a "xcatconfig -c" several times (as suggested by Lissa on another post), with also removing the /etc/xcat/{cert,ca}, but I am having no luck.

xCAT version 2.8.3, upgraded from 2.8.1 today, and we had the same issue before the upgrade
OS: CentOS 6.4

Maybe I have missed looking at something.  


# rcons blade089
console: SSLVerifyCallback(): error with certificate at depth: 1
console: SSLVerifyCallback():  issuer  = /CN=xCAT CA
console: SSLVerifyCallback():  subject = /CN=xCAT CA
console: SSLVerifyCallback():  error #19: self signed certificate in certificate chain
console: SSL negotiation failed
3788:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:912:

thanks in advance
--
Arif Ali

IRC: arif-ali at freenode
LinkedIn: http://uk.linkedin.com/in/arifali------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user


------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user

Reply via email to