Bug 1462789
| Summary: | osa-dispatcher wildcard certificate | ||
|---|---|---|---|
| Product: | [Community] Spacewalk | Reporter: | Raimund Hook <bugzilla.redhat> |
| Component: | Server | Assignee: | Tomáš Kašpárek <tkasparek> |
| Status: | CLOSED EOL | QA Contact: | Red Hat Satellite QA List <satqe-list> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 2.7 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-06 14:27:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I just upgraded to spacewalk 2.7.
The problem is still there, but at least it is a bit more obvious in the logs:
[root@spacewalklo boot]# journalctl -u osa-dispatcher
-- Logs begin at Fri 2017-10-06 08:28:47 BST, end at Mon 2017-10-16 14:29:00 BST. --
Oct 06 08:28:57 spacewalklo.example.com systemd[1]: Starting OSA Dispatcher daemon...
Oct 06 08:29:03 spacewalklo.example.com systemd[1]: Started OSA Dispatcher daemon.
Oct 16 13:12:46 spacewalklo.example.com systemd[1]: Stopping OSA Dispatcher daemon...
Oct 16 13:12:46 spacewalklo.example.com systemd[1]: Stopped OSA Dispatcher daemon.
Oct 16 14:24:50 spacewalklo.example.com systemd[1]: Starting OSA Dispatcher daemon...
Oct 16 14:24:50 spacewalklo.example.com osa-dispatcher[17728]: Spacewalk 17728 2017/10/16 14:24:50 +01:00: ('Traceback caught:',)
Oct 16 14:24:50 spacewalklo.example.com osa-dispatcher[17728]: Spacewalk 17728 2017/10/16 14:24:50 +01:00: ('Traceback (most recent call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 663, in connect\n self.verify_peer(ssl)\n File "/usr/share/rhn/osad/jabber_lib.py", line 744, in verify_peer\n (self._host, common_name))\nSSLVerifyError: Mismatch: peer name: spacewalklo.example.com; common name: *.EXAMPLE.com.\n',)
Oct 16 14:24:50 spacewalklo.example.com systemd[1]: osa-dispatcher.service: control process exited, code=exited status=1
Oct 16 14:24:50 spacewalklo.example.com systemd[1]: Failed to start OSA Dispatcher daemon.
Oct 16 14:24:50 spacewalklo.example.com systemd[1]: Unit osa-dispatcher.service entered failed state.
Oct 16 14:24:50 spacewalklo.example.com systemd[1]: osa-dispatcher.service failed.
Once again, commenting these lines solves the problem, but it's still painful (plus don't actually have any verification in place)
Spacewalk 2.8 (and older) has already reached it's End Of Life. Thank you for reporting this issue and we are sorry that we were not able to fix it before end of life. If you would still like to see this bug fixed and are able to reproduce it against current version of Spacewalk 2.9, you are encouraged change the 'version' and re-open it. |
Description of problem: OSA Dispatcher not starting with a wildcard certificate. This was supposedly fixed before (689939), but still encountering it. Version-Release number of selected component (if applicable): osa-dispatcher-5.11.74-1.el7.noarch osa-common-5.11.74-1.el7.noarch osa-dispatcher-selinux-5.11.74-1.el7.noarch jabberd-2.4.0-6.el7.x86_64 jabberpy-0.5-0.27.el7.noarch How reproducible: Steps to Reproduce: 1. configure jabber with a wildcard certificate 2. Start jabber 3. Try run 'systemctl start osa-dispatcher' Actual results: #/sbin/osa-dispatcher -v -N Jun 19 13:38:59 spacewalklo osa-dispatcher: Spacewalk 12814 2017/06/19 13:38:59 +01:00: ('Traceback caught:',) Jun 19 13:38:59 spacewalklo osa-dispatcher: Spacewalk 12814 2017/06/19 13:38:59 +01:00: ('Error caught:',) Jun 19 13:38:59 spacewalklo osa-dispatcher: ERROR: unhandled exception occurred: (unicode argument expected, got 'str'). # python /usr/share/rhn/osad/osa_dispatcher.py -v -N Spacewalk 13594 2017/06/19 14:42:37 +01:00: ('Traceback caught:',) Spacewalk 13594 2017/06/19 14:42:37 +01:00: ('Traceback (most recent call last):\n File "/usr/share/rhn/osad/jabber_lib.py", line 663, in connect\n self.verify_peer(ssl)\n File "/usr/share/rhn/osad/jabber_lib.py", line 744, in verify_peer\n (self._host, common_name))\nSSLVerifyError: Mismatch: peer name: spacewalklo.example.com; common name: *.EXAMPLE.com.\n',) Expected results: osa-dispatcher starts Additional info: the /sbin/osa-dispatcher script also doesn't log anything about this issue. I had to invoke the /usr/share/rhn/osad/osa_dispatcher.py script directly. I (quick hack) worked around this by commenting out lines 742-744 in jabber_lib.py Yes, the CN in my cert is partially uppercase. This is what I've received from my IT dept.