Description of problem: Trying to use wsman to fire off any commands to a remote machine immediately returns "Connection failed. response code = 0". Version-Release number of selected component (if applicable): wsmancli-2.3.0-3.fc20.x86_64 Steps to Reproduce: [root@server ~]# rpm -q fedora-release fedora-release-20-1.noarch [root@server ~]# uname -a Linux server.localdomain 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec 23 16:44:31 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux [root@server ~]# read -p "Password: " -s AMT_PASSWORD && export AMT_PASSWORD && echo Password: [root@server ~]# AMT_HOST=192.168.2.1 && export AMT_HOST [root@server ~]# wsman identify -h ${AMT_HOST} --port 16992 --username admin -p ${AMT_PASSWORD} Connection failed. response code = 0 [root@server ~]# journalctl _COMM=wsman | tail -n 1 Jan 13 19:33:27 server.localdomain wsman[4536]: [wrn][4536:/builddir/build/BUILD/openwsman-2.3.6/src/lib/wsman-client-transport.c:91:wsman_send_request] Couldn't send request to client: (null) [root@server ~]# Actual results: Error. strace shows the process not actually sending anything to the network. [root@server ~]# strace wsman identify -h ${AMT_HOST} --port 16992 --username admin -p ${AMT_PASSWORD} 2>&1 | tail -n 25 statfs("/sys/fs/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 statfs("/sys/fs/selinux", {f_type=0xf97cff8c, f_bsize=4096, f_blocks=0, f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255, f_frsize=4096}) = 0 stat("/sys/fs/selinux", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 brk(0) = 0xeee000 brk(0xf0f000) = 0xf0f000 access("/etc/system-fips", F_OK) = -1 ENOENT (No such file or directory) futex(0x7f3256b260d0, FUTEX_WAKE_PRIVATE, 2147483647) = 0 gettid() = 22669 rt_sigaction(SIGPIPE, {SIG_IGN, [], SA_RESTORER, 0x7f32570e2cd0}, NULL, 8) = 0 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2917, ...}) = 0 fstat(3, {st_mode=S_IFREG|0644, st_size=2917, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3257cd1000 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\r\0\0\0\r\0\0\0\0"..., 4096) = 2917 lseek(3, -1843, SEEK_CUR) = 1074 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\16\0\0\0\16\0\0\0\0"..., 4096) = 1843 close(3) = 0 munmap(0x7f3257cd1000, 4096) = 0 socket(PF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3 connect(3, {sa_family=AF_LOCAL, sun_path="/dev/log"}, 110) = 0 sendto(3, "<28>Jan 13 19:40:04 wsman: [wrn]"..., 173, MSG_NOSIGNAL, NULL, 0) = 173 write(2, "Connection failed. response code"..., 37Connection failed. response code = 0 ) = 37 exit_group(0) = ? +++ exited with 0 +++ [root@server ~]# Expected results: A recent checkout of openwsman and wsmancli built within a mock chroot works as expected. <mock-chroot>[root@server src]# pwd /builddir/build/BUILD/wsmancli/src <mock-chroot>[root@server src]# LD_LIBRARY_PATH=/usr/local/lib64 ./wsman identify -h ${AMT_HOST} --port 16992 --username admin -p ${AMT_PASSWORD} <?xml version="1.0" encoding="UTF-8"?> <a:Envelope xmlns:a="http://www.w3.org/2003/05/soap-envelope" xmlns:b="http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd" xmlns:c="http://schemas.dmtf.org/wbem/dash/1/dash.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <a:Header/> <a:Body> <b:IdentifyResponse> <b:ProtocolVersion>http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd</b:ProtocolVersion> <b:ProductVendor>Intel(r)</b:ProductVendor> <b:ProductVersion>AMT 8.1</b:ProductVersion> <c:DASHVersion>1.0.0</c:DASHVersion> <b:SecurityProfiles> <b:SecurityProfileName>http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/digest</b:SecurityProfileName> <b:SecurityProfileName>http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/digest</b:SecurityProfileName> <b:SecurityProfileName>http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual/digest</b:SecurityProfileName> <b:SecurityProfileName>http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/http/spnego-kerberos</b:SecurityProfileName> <b:SecurityProfileName>http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/spnego-kerberos</b:SecurityProfileName> <b:SecurityProfileName>http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual/spnego-kerberos</b:SecurityProfileName> </b:SecurityProfiles> </b:IdentifyResponse> </a:Body> </a:Envelope> <mock-chroot>[root@server src]#
Some further debugging shows, that this is more likely a problem in openwsman libwsman1-2.3.6-8.fc20.x86_64. That package needs an upgrade.
Created attachment 853922 [details] Patch to .spec file upgrading to 2.4.3 Attached is a patch to the openwsman.spec file upgrading the library to 2.4.3, updating the source URL to the new github release page and fixing a date warning. This has been tested and does fix the bug for my testcase.
There are two problems: a) /etc/pam.d/openwsman is wrong - you have got to modify all pam_unix2.so to pam_unix.so I'll fix that in updated package. b) by default, openwsman-server uses SSL connection, the wsman command should look like: # wsman identify -h localhost --port 5986 --username root -p $PASS -v -c /etc/openwsman/servercert.pem If are not connecting to localhost, get the certificate from server. Even if you reconfigured server to _not_ use SSL, the "-v" flag is necessary.
libvirt-1.1.3.3-5.fc20,openwsman-2.4.3-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/libvirt-1.1.3.3-5.fc20,openwsman-2.4.3-1.fc20
libvirt-1.1.3.3-5.fc20, openwsman-2.4.3-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Just verified that wsmancli can be correctly installed from the repo, that dependencies are all correct as well. Functionality of wsmancli is fixed as well. Thanks everyone, closing bug.