Bug 812003

Summary: Monitoring Scout will not start: Certificate verify failed.
Product: [Community] Spacewalk Reporter: William Brown <william>
Component: ServerAssignee: Jan Pazdziora <jpazdziora>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Red Hat Satellite QA List <satellite-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.7CC: jpazdziora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-10 07:18:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1484117    

Description William Brown 2012-04-12 13:57:01 UTC
Description of problem:
After enabling monitoring, when the spacewalk server is restarted the Monitoring Scout will not launch, citing an SSL verification error.

Version-Release number of selected component (if applicable):
Fedora 17 x86_64
Spacewalk 1.7

How reproducible:
Always

Steps to Reproduce:
1. Install Fedora and Spacewalk-postgresql.
2. Activate monitoring via the Spacewalk Admin panel
3. Run spacewalk-service restart
  
Actual results:
SSL verification error is thrown.

Expected results:
Monitoring Scout starts.

Additional info:

No channels have yet been configured - The first action taken on the spacewalk system was to enable monitoring which caused this error.
Spacewalk.crt appears to exist in /etc/ssl/certs/, and has world readable permissions.
SELinux has been temporarily set to permissive.

Output is:

Starting Monitoring ...  
	Starting InstallSoftwareConfig ...  [ OK ]
	Starting NotifEscalator ...  [ OK ]
	Starting GenerateNotifConfig ...  [ OK ]
	Starting NotifLauncher ...  [ OK ]
	Starting Notifier ...  [ OK ]
	Starting AckProcessor ...  [ OK ]
	Starting TSDBLocalQueue ...  [ OK ]
[ OK ]
Starting MonitoringScout ...  
	Starting NPBootstrap ...  2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
[ FAIL ]
2012-04-12 23:19:12 NPBootstrap: WARNING: STARTED BUT *NOT* RUNNING
2012-04-12 23:19:12 NPBootstrap: ERRORS ENCOUNTERED DURING LAST ACTION:
2012-04-12 23:19:12 NPBootstrap: 	!! ERROR FROM SHELL COMMAND: 
2012-04-12 23:19:12 NPBootstrap: 	!! STDOUT: Requesting https://spacewalk.dev.firstyear.id.au/satconfig/cgi-bin/fetch_netsaintid.cgi?ssk=571081bf0906&publickey=ssh-dss%20AAAAB3NzaC1kc3MAAACBAK3QJPk3%2FbCmraoTCDO2tlVNA4sF9mI%2FdC%2FI0MdRzFNcQTkGqHYyJkxFJXL%2Fe10xwx3zjXr9SanAIZb5MpHht2KVHjDkPuxeHeAsYRP2g8cKMEtABUNddClmTRv5DoFq7h%2BkE6Ou6FGHoosVNseHD7SmMOKaOa7yguW3ilScNWOLAAAAFQD4A8LUC%2BZLrK3AQNV5Ok0%2Fhw%2BrRwAAAIEAqZNnPJdDlDmzcI77njcQfGbuh%2BzsLXQBxdWzUOjDP6EaLucc03VaxeJYlg3Rt1VNhaOY%2FmgBAmvYY2tIz3N3X2SkQrTv42YOAcEXAUReVSGQG0wNwMiNmKTtacB3LU7A2FVDRcuID7Z2AKAvMn22RBVJa9qnxvyE%2B5vR%2B2oI1TkAAACAfDLTSlSvqWiEoELL4gl2kCBJ3kvVYccsh54PPw6fsztT%2FEGWcaaam%2FVGER7yaOpOOnX%2BsjYLgB9CuarVyO6Ln%2B6rggYOzjrVbm1Dh%2BmepJlOgnvNb4v7GvxQpKfAYlOe9JL5ycaSanLKISthv8ABKHFfTHySrMYiGCpPjHR0qdc%3D%20nocpulse%40spacewalk%2Edev%2Efirstyear%2Eid%2Eau%0A
Error on attempt 1:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 2:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 3:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Error on attempt 4:  Status: '500 Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content: 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
'
Failed 5 times to get data for this node.

2012-04-12 23:19:12 NPBootstrap: 	!! STDERR: 
2012-04-12 23:19:12 NPBootstrap: 	!! EXIT: 256
	Starting SputLite ...  [ OK ]
	Starting Dequeuer ...  [ OK ]
	Starting Dispatcher ...  [ OK ]
[ OK ]
Starting rhn-search...

Comment 1 Jan Pazdziora 2012-06-29 14:16:46 UTC
(In reply to comment #0)
> Description of problem:
> After enabling monitoring, when the spacewalk server is restarted the
> Monitoring Scout will not launch, citing an SSL verification error.
> 
> Version-Release number of selected component (if applicable):
> Fedora 17 x86_64

What Fedora and LWP versions are these exactly?

> Error on attempt 4:  Status: '500 Can't connect to
> spacewalk.dev.firstyear.id.au:443 (certificate verify failed)'; content:
> 'Can't connect to spacewalk.dev.firstyear.id.au:443 (certificate verify
> failed)

If you do

export PERL_LWP_SSL_VERIFY_HOSTNAME=0 

before running that spacewalk-service restart, does it seem to help?

Comment 2 Eric Herget 2017-09-28 17:57:09 UTC
This BZ closed some time during 2.5, 2.6 or 2.7.  Adding to 2.7 tracking bug.