Hi Iman, I had the same problem I was assembling some patches to send to the upstream but I didn't finish it, here:https://gist.github.com/dhilst/90bc7e6bf0c4dab10cb0e923297eba0f
There are two patches of for the certificate scripts which should solve the problem, the patch for genimage, I'm not sure if it is required or not yet I hope this helps Regards, Daniel ________________________________ From: Imam Toufique <techie...@gmail.com> Sent: Friday, January 3, 2025 4:13 AM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Subject: Re: [xcat-user] xCAT latest version install failure in Rocky 9.5 Hello, After looking further , it looks to me that the installer fails to do the smoke test since the SSL client certificates are not installed .. This script , /opt/xcat/share/xcat/scripts/setup-local-client.sh is probably the script that generates the client certs in /root/.xcat directory . When it runs , it seems to be failing here: openssl req -config /etc/xcat/ca/openssl.cnf -new -key client-key.pem -out client-req.pem -extensions usr_cert -subj /CN=root Error adding request extensions from section usr_cert 001EDAAFD77F0000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto/x509/v3_akid.c:156: 001EDAAFD77F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=usr_cert, name=authorityKeyIdentifier, value=keyid,issuer So, the client-req.pem file creation fails and then the rest of the file creations fail . I am not sure what could be the problem in openssl.cnf file in the [usr_cert] section. Something in that section openssl does not like , that's my suspicion . I compared it to a installation done in Rocky 8.10 OS , and openssl.cnf is the same file as the new installation. Only difference I see is openssl version changed in Rocky 9 linux. That might be the cause of it? Has anyone installed the latest xcat in RHEL 9 or Rocky 9 ? thanks again. On Thu, Jan 2, 2025 at 10:09 PM Imam Toufique <techie...@gmail.com<mailto:techie...@gmail.com>> wrote: Hello, Happy new year to everyone! I am attempting to do a new install with the go-xcat script in Rocky 9.5 . And it is not happy towards the end of installation. Here is the error I see: yaboot-xcat 1.3.17-rc1 1.3.17-rc1 .======== '-> test_case_000_version ... returned with 0 .-> test_case_001_xcatd '======== .======== '-> test_case_001_xcatd ... returned with 0 .-> test_case_002_lsdef '======== go-xcat: Attempt of run `lsdef' failed .======== '-> test_case_002_lsdef ... returned with 25 Boo-boo ======= Something went wrong. :( It looks like xcatd starts though [root@poc-mgmt ~]# systemctl status xcatd ● xcatd.service - xCAT management service Loaded: loaded (/usr/lib/systemd/system/xcatd.service; enabled; preset: disabled) Active: active (running) since Thu 2025-01-02 22:01:12 PST; 42s ago Main PID: 142694 (xcatd: SSL list) Tasks: 7 (limit: 1646266) Memory: 70.2M CPU: 2.352s CGroup: /system.slice/xcatd.service ├─142693 /usr/sbin/in.tftpd -v -l -s /tftpboot -m /etc/tftpmapfile4xcat.conf ├─142694 "xcatd: SSL listener" ├─142695 "xcatd: DB Access" ├─142696 "xcatd: UDP listener" ├─142697 "xcatd: install monitor" ├─142698 "xcatd: Discovery worker" └─142699 "xcatd: Command log writer" Jan 02 22:01:10 poc-mgmt systemd[1]: Starting xCAT management service... Jan 02 22:01:11 poc-mgmt xcat[142664]: xcatd is going to start... Jan 02 22:01:12 poc-mgmt xcat[142697]: xcatd: install monitor process 142697 start Jan 02 22:01:12 poc-mgmt xcat[142696]: xcatd: UDP listener process 142696 start Jan 02 22:01:12 poc-mgmt xcat[142699]: xcatd: Command log writer process 142699 start Jan 02 22:01:12 poc-mgmt xcat[142698]: xcatd: Discovery worker process 142698 start But when I want to do any look ups then the SSL certificates are causing issues: [root@poc-mgmt ~]# tabdump site Unable to open socket connection to xcatd daemon on localhost:3001. Verify that the xcatd daemon is running and that your SSL setup is correct. Connection failure: at /opt/xcat/lib/perl/xCAT/Client.pm line 282. That tells me the installation script must have had more things to do and it did not complete those steps. Any help would be appreciated! Thanks --imam -- Regards, Imam Toufique 213-700-5485
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
