Lissa/Ling,
here's an update
# rcons blade151
console: SSLVerifyCallback(): error with certificate at
depth: 1
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
console: SSLVerifyCallback(): error #19: self signed
certificate in certificate chain
console: SSL negotiation failed
6452:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:s3_clnt.c:912:
All the ssl rpms installed, it's very similar to what you have
# rpm -qa | grep -i ssl
openssl-1.0.0-27.el6_4.2.x86_64
perl-Crypt-SSLeay-0.57-16.el6.x86_64
perl-Net-SSLeay-1.35-9.el6.x86_64
perl-IO-Socket-SSL-1.31-2.el6.noarch
openssl-devel-1.0.0-27.el6_4.2.x86_64
openssl098e-0.9.8e-17.el6_2.2.x86_64
nss_compat_ossl-0.9.6-1.el6.x86_64
qpid-cpp-client-ssl-0.14-22.el6_3.x86_64
qpid-cpp-server-ssl-0.14-22.el6_3.x86_64
pyOpenSSL-0.10-2.el6.x86_64
and then the last 20 commands I ran to remove all the
certificates, and regenerate them, and check for rcons, and we
still have the same issue
# history | tail -n 20
1092 ls
1093 service xcatd stop
1094 mv ca ca.20131211
1095 mv cert cert.20131211
1096 cd
1097 cd .xcat/
1098 ls
1099 cd ../
1100 ls
1101 mv .xcat .xcat/20131211
1102 mv .xcat .xcat.20131211
1103 xcatconfig -c
1104 makeconservercf
1105 rm /etc/conserver.cf
1106 killall -9 conserver
1107 makeconservercf
1108 service conserver status
1109 rcons blade151
I'm all lost on what the issue might be
regards,
Arif Ali MBCS
Senior HPC Technical Architect
OCF plc
Tel: +44
(0)114 257 2200
Mob: +44
(0)7970 148 122
Fax: +44
(0)114 257 0022
Web: www.ocf.co.uk
Blog: blog.ocf.co.uk
Twitter: @ocfplc
OCF plc is a company registered in England and Wales.
Registered
number 4132533, VAT number GB 780 6803 14. Registered office
address: OCF plc, 5 Rotunda Business Centre, Thorncliffe Park,
Chapeltown, Sheffield, S35 2PG.
This message is private and confidential. If you have received
this message in error, please notify us and remove it from
your system.
On 11/12/13 11:17, Lissa Valletta wrote:
I logged on our Redhat 6.4
machine and ran xcatconfig -c and then when I ran rcons
rhcn1, I got this error, not quite the same as yours.
[root@ls21n01 ~]# rcons rhcn1
console: SSLVerifyCallback():
error with certificate at depth: 1
console: SSLVerifyCallback():
issuer = /CN=xCAT CA
console: SSLVerifyCallback():
subject = /CN=xCAT CA
console: SSLVerifyCallback():
error #19: self signed certificate in certificate
console: SSL negotiation failed
12769:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
I then ran makeconservercf
service conserver stop
service conserver start
I could then run cons rhcn1
without an error.
What level of openssl is on
your MN
This is what I am running with
[root@ls21n01 ~]# rpm -qa |
grep -i SSL
perl-IO-Socket-SSL-1.31-2.el6.noarch
perl-Crypt-SSLeay-0.57-16.el6.x86_64
perl-Net-SSLeay-1.35-9.el6.x86_64
openssl098e-0.9.8e-17.el6_2.2.x86_64
openssl-1.0.0-27.el6.x86_64
pyOpenSSL-0.10-2.el6.x86_64
openssl-devel-1.0.0-27.el6.x86_64
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
Ling Gao---12/10/2013 02:43:38 PM---Arif, Can
you check $HOME/.consolerc file. Mine looks like this:
From: Ling Gao/Poughkeepsie/IBM@IBMUS
To: xCAT Users Mailing list
<[email protected]>,
Cc: xCAT Users Mailing list
<[email protected]>
Date: 12/10/2013 02:43 PM
Subject: Re: [xcat-user] conserver issues
Arif,
Can you check $HOME/.consolerc file. Mine looks like this:
# cat ~/.consolerc
config * {
port 782;
sslenabled yes;
sslauthority /root/.xcat/ca.pem;
sslcredentials /root/.xcat/client-cred.pem;
}
Can you also check if there is conserver associated with the
node?
nodels <nodename> nodehm.conserver
Thanks,
Ling
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." ---
Albert Einstein
From: Lissa
Valletta/Poughkeepsie/IBM@IBMUS
To: xCAT Users
Mailing list <[email protected]>,
Date: 12/10/2013
12:56 PM
Subject: Re:
[xcat-user] conserver issues
There is one other piece to the certificate when you run
xcatconfig -c that is under /root/.xcat that is getting
regenerated also-- correct? It should. I would think the
other xCAT commands would fail also. Do you have service
nodes? If so are they working?
Lissa K. Valletta
8-3/B10
Poughkeepsie, NY 12601
(tie 293) 433-3102
Arif Ali ---12/10/2013 12:28:58
PM---Hi Ling, See below for the excerpt similar to yours, it
looks very similar
From: Arif Ali
<[email protected]>
To: <[email protected]>,
Date: 12/10/2013 12:28
PM
Subject: Re:
[xcat-user] conserver issues
Hi Ling,
See below for the excerpt similar to yours, it looks very
similar
$ cat etc/xcat/cert/server-cred.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=xCAT CA
Validity
Not Before: Dec 9 11:55:02 2013 GMT
Not After : Dec 4 11:55:02 2033 GMT
Subject: CN=gondor
<------- This is correctly the hostname of the MN
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
regards,
Arif Ali MBCS
Senior HPC Technical Architect
OCF plc
Tel: +44 (0)114 257 2200
Mob: +44 (0)7970 148 122
Fax: +44 (0)114 257 0022
Web: www.ocf.co.uk
Blog: blog.ocf.co.uk
Twitter: @ocfplc
OCF plc is a company registered in England and Wales. Registered
number 4132533, VAT number GB 780 6803 14. Registered office
address: OCF plc, 5 Rotunda Business Centre, Thorncliffe Park,
Chapeltown, Sheffield, S35 2PG.
This message is private and confidential. If you have received
this message in error, please notify us and remove it from your
system.
On 09/12/13 22:10, Ling Gao wrote:
rcons uses xCAT credentials to verify.
In /etc/conserver.cf file it has the following:
config * {
sslrequired yes;
sslauthority /etc/xcat/cert/ca.pem;
sslcredentials /etc/xcat/cert/server-cred.pem;
}
Can you check those 2 files? I am just curious on the error you
gave us:
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
My /etc/xcat/cert/server-cred.pem look like this:
# cat /etc/xcat/cert/server-cred.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=xCAT
CA
Validity
Not Before: Dec 27 11:47:51 2010 GMT
Not After : Dec 22 11:47:51 2030 GMT
Subject:
CN=x3550n01 <--- the node mn name
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
....
.....
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." ---
Albert Einstein
From: Arif Ali <[email protected]>
To: "[email protected]" <[email protected]>,
Cc: "[email protected]" <[email protected]>
Date: 12/09/2013
04:12 PM
Subject: Re:
[xcat-user] conserver issues
Yes to all
Removed the certificates and recreated using xcatconfig -c
I even did a killall -9 conserver
Could it be a version of openssl, it is above the rhels6.4
standard level. Prob updated a few weeks back
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: Ling Gao [[email protected]]
Received: Monday, 09
Dec 2013, 18:47
To: xCAT Users
Mailing list [[email protected]]
CC: xCAT-user [[email protected]]
Subject: Re:
[xcat-user] conserver issues
Hi Arif,
Have you run makeconservercf and "service conserver stop;
service conserver start" (not service conserver restart) after
xcatconfig?
If it still does not work, can you remove /etc/conserver.cf and
run makeconservercf?
Ling
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: [email protected], 845-433-5692
"I never worry about the future. It comes soon enough." ---
Albert Einstein
From: Arif Ali <[email protected]>
To: xCAT-user <[email protected]>,
Date: 12/09/2013
11:27 AM
Subject: [xcat-user]
conserver issues
Hi all,
I have checked the mailinglist and googled the info, but cannot
find a fix
I have done a "xcatconfig -c" several times (as suggested by
Lissa on another post), with also removing the
/etc/xcat/{cert,ca}, but I am having no luck.
xCAT version 2.8.3, upgraded from 2.8.1 today, and we had the
same issue before the upgrade
OS: CentOS 6.4
Maybe I have missed looking at something.
# rcons blade089
console: SSLVerifyCallback(): error with certificate at depth: 1
console: SSLVerifyCallback(): issuer = /CN=xCAT CA
console: SSLVerifyCallback(): subject = /CN=xCAT CA
console: SSLVerifyCallback(): error #19: self signed
certificate in certificate chain
console: SSL negotiation failed
3788:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:s3_clnt.c:912:
thanks in advance
--
Arif Ali
IRC: arif-ali at freenode
LinkedIn: http://uk.linkedin.com/in/arifali------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single
code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Sponsored by Intel(R) XDK
Develop, test and display web and hybrid apps with a single
code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your
business. Most IT
organizations don't have a clear picture of how application
performance
affects their revenue. With AppDynamics, you get 100%
visibility into your
Java,.NET, & PHP application. Start your 15-day FREE
TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your
business. Most IT
organizations don't have a clear picture of how application
performance
affects their revenue. With AppDynamics, you get 100%
visibility into your
Java,.NET, & PHP application. Start your 15-day FREE
TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your
business. Most IT
organizations don't have a clear picture of how application
performance
affects their revenue. With AppDynamics, you get 100%
visibility into your
Java,.NET, & PHP application. Start your 15-day FREE
TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
