[Spacewalk-list] clients can't register - ssl cert problem
Matthew Darcy
MDarcy at sch-group.net
Tue May 24 14:42:29 UTC 2011
I tried not to post this to the list as I thought I had it resolved, but I've hit a brick wall.
I've got a spacewalk 1.4 server on Centos 5.6 64bit with Oracle XE backend.
I had a mild DNS problem (see my prevous post to the list) which to resovle I had to change the SSL certificate on the spacwalk server to be the FQDN.
This resolved my problem, builds started registering again and could use the spacewalk server for updates etc.
I continued to tune/tweak some parts of the kickstart builds, nothing on the spacewalk server, just the builds and now the kickstart builds are not registering witht he server.
When I do a rhn_register on a client I get told it's failed and I should look in the up2date log.
The up2date log shows a large python backtrace
1.
[Tue May 24 13:12:38 2011] up2date
2.
Traceback (most recent call last):
3.
File "/usr/sbin/rhnreg_ks", line 213, in ?
4.
cli.run()
5.
File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
6.
sys.exit(self.main() or 0)
7.
File "/usr/sbin/rhnreg_ks", line 90, in main
8.
rhnreg.getCaps()
9.
File "/usr/share/rhn/up2date_client/rhnreg.py", line 231, in getCaps
10.
s.capabilities.validate()
11.
File "/usr/share/rhn/up2date_client/rhnserver.py", line 156, in __get_capabilities
12.
self.registration.welcome_message()
13.
File "/usr/share/rhn/up2date_client/rhnserver.py", line 64, in __call__
14.
raise up2dateErrors.SSLCertificateVerifyFailedError()
15.
up2date_client.up2dateErrors.SSLCertificateVerifyFailedError: The SSL certificate /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT failed verification.
16.
17.
[Tue May 24 13:18:40 2011] rhn_register
18.
Traceback (most recent call last):
19.
File "/usr/sbin/rhn_register", line 76, in ?
20.
app.run()
21.
File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
22.
sys.exit(self.main() or 0)
23.
File "/usr/sbin/rhn_register", line 58, in main
24.
ui.main()
25.
File "/usr/share/rhn/up2date_client/tui.py", line 1263, in main
26.
tui.run()
27.
File "/usr/share/rhn/up2date_client/tui.py", line 1221, in run
28.
result = win.run()
29.
File "/usr/share/rhn/up2date_client/tui.py", line 236, in run
30.
tui_call_wrapper(self.screen, rhnreg.getCaps)
31.
File "/usr/share/rhn/up2date_client/tui.py", line 86, in tui_call_wrapper
32.
FatalErrorWindow(screen, e.errmsg)
33.
exceptions.AttributeError: SSLCertificateVerifyFailedError instance has no attribute 'errmsg'
34.
35.
[Tue May 24 13:25:19 2011] rhn_register
36.
Traceback (most recent call last):
37.
File "/usr/sbin/rhn_register", line 76, in ?
38.
app.run()
39.
File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
40.
sys.exit(self.main() or 0)
41.
File "/usr/sbin/rhn_register", line 58, in main
42.
ui.main()
43.
File "/usr/share/rhn/up2date_client/tui.py", line 1263, in main
44.
tui.run()
45.
File "/usr/share/rhn/up2date_client/tui.py", line 1221, in run
46.
result = win.run()
47.
File "/usr/share/rhn/up2date_client/tui.py", line 236, in run
48.
tui_call_wrapper(self.screen, rhnreg.getCaps)
49.
File "/usr/share/rhn/up2date_client/tui.py", line 86, in tui_call_wrapper
50.
FatalErrorWindow(screen, e.errmsg)
51.
exceptions.AttributeError: SSLCertificateVerifyFailedError instance has no attribute 'errmsg'
52.
53.
[Tue May 24 13:28:23 2011] rhn_register
54.
Traceback (most recent call last):
55.
File "/usr/sbin/rhn_register", line 76, in ?
56.
app.run()
57.
File "/usr/share/rhn/up2date_client/rhncli.py", line 74, in run
58.
sys.exit(self.main() or 0)
59.
File "/usr/sbin/rhn_register", line 58, in main
60.
ui.main()
61.
File "/usr/share/rhn/up2date_client/tui.py", line 1263, in main
62.
tui.run()
63.
File "/usr/share/rhn/up2date_client/tui.py", line 1221, in run
64.
result = win.run()
65.
File "/usr/share/rhn/up2date_client/tui.py", line 236, in run
66.
tui_call_wrapper(self.screen, rhnreg.getCaps)
67.
File "/usr/share/rhn/up2date_client/tui.py", line 86, in tui_call_wrapper
68.
FatalErrorWindow(screen, e.errmsg)
69.
exceptions.AttributeError: SSLCertificateVerifyFailedError instance has no attribute 'errmsg'
I can see the problem is a failure with the SSL certificate at registration time
if I look in /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT on the CLIENT machine the certificate is exactly the same as the one on the spacewalk machine
[root at spacewalk01 auth]# ls -la /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
-rw-r--r-- 1 root root 5467 May 24 11:23 /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
[root at vmbuild01 rhn]# ls -la RHN-ORG-TRUSTED-SSL-CERT
-rw-r--r-- 1 root root 5467 May 24 11:29 RHN-ORG-TRUSTED-SSL-CERT
any suggestions as to what would cause this would be most welcome as I had a working spacewalk machine and I can't figure out what I've done to break this.
Thanks
Matt
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20110524/3106418f/attachment.htm>
More information about the Spacewalk-list
mailing list