[Spacewalk-list] osad not working through proxy - resolver issue

Adam Glassman adam.glassman at amdocs.com
Tue Oct 25 18:14:07 UTC 2011 

I am running spacewalk 1.4 on RHEL 5u5

I am in the process of adding clients to a proxy server and so far none of them are showing up as 'online' in the Spacewalk UI.  My proxy server shows as online and I can run remote commands on it through the UI.  I can see connections from the clients on the proxy server port 5222.  In syslog on the proxy and on the server I see that dialback is failing

All hostnames are fqdn, sanitized here:
spacewalk-proxy:
Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: dns lookup for spacewalk-server failed
Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] outgoing connection for spacewalk-server
Oct 25 08:46:03 spacewalk-proxy jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] sending dialback auth request for route spacewalk-proxy /spacewalk-server
Oct 25 08:47:04 spacewalk-proxy jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] error: Stream error (dialback timed out)
Oct 25 08:47:04 spacewalk-proxy jabberd/s2s[21730]: [8] [10.57.199.45, port=5269] disconnect, packets: 0

spacewalk-server:
Oct 25 08:46:03 spacewalk-server jabberd/s2s[1913]: [8] [10.48.199.32, port=46525] received dialback auth request for route spacewalk-server /spacewalk-proxy
Oct 25 08:46:34 spacewalk-server jabberd/s2s[1913]: dns lookup for spacewalk-proxy failed
Oct 25 08:47:04 spacewalk-server jabberd/s2s[1913]: [8] [10.48.199.32, port=46525] dialback for incoming route spacewalk-server / spacewalk-proxy  timed out

The obvious thing here is the dns lookup failures.  The odd thing is that DNS is working fine in my environment.  I can lookup forward and reverse entries for both server and proxy.  So I added an entry in /etc/hosts on both servers.  I had to restart osad and run an rhn_check on a client to trigger the dialback request (pinging from the UI didn't do it).  Now the dialback route is showing valid in the logs and the client behind the proxy shows online in the UI.

So I dug a bit in the jabberd config files and found this stanza in the s2s.xml:

  <!-- Local network configuration -->
  <local>
    <!--
    Helper DNS resolver component - if this component is not
    connected, dialback connections will fail
    (default: resolver) -->
    <resolver>resolver</resolver>

According to the online documentation for OSA, /usr/bin/resolver is one of the 6 components of jabberd (https://fedorahosted.org/spacewalk/wiki/OsadHowTo).  However, /usr/bin/resolver does not exist on my servers and is not part of the jabberd package I have: jabberd-2.2.11-2.el5.  The resolver.xml is also absent from spacewalk-setup-jabberd-1.3.2-1.el5.

My question then is, given that the resolver service has been deprecated, how should s2s resolve names?  In my environment, adding /etc/hosts entries to all the proxies and the master is feasible, but using DNS would be less brittle over time.

--
Adam Glassman
Sr. Systems Engineer
Amdocs Interactive
Seattle, WA


This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20111025/745deb90/attachment.htm>

More information about the Spacewalk-list mailing list