OSAD SSLError troubleshooting

Nov 3, 2013 · 3 min read · red-hat-satellite spacewalk suse-manager ·

If problems occur while starting the Open Source Architecture Daemons the issue can have multiple problem causes. This service is used amongst others in combination with Spacewalk, Red Hat Satellite, or SUSE Manager to push configuration jobs or software packages.

The following problem causes are possible:

The firewall on the Spacewalk / Red Hat Satellite or SUSE Manager Server does not permit any connections on the TCP and UDP ports 5269 and 5222.
The firewall on the client system does not permit any connections on the TCP and UDP port 5222
The Jabber service jabberd on the Spacewalk / Red Hat Satellite or SUSE Manager server isn't starting properly. If the command "service jabberd status" answers with "dead but subsys locked" there can be a problem because of invalid file permissions or SELinux contexts - this happens quickly if you fiddle with the appropriate configuration files and create backups.
The client system wasn't registered using the FQDN with the Spacewalk, Red Hat Satellite or SUSE Manager system

In every case it is useful to have a look in the OSAD protocol on the client system:

1# cat /var/log/osad
22013-11-02 18:29:26 jabber_lib.__init__:
32013-11-02 18:29:26 jabber_lib.connect: Server did not return a <features /> stanza, reconnecting
42013-11-02 18:29:27 jabber_lib.connect: Server did not return a <features /> stanza, reconnecting
52013-11-02 18:29:28 jabber_lib.connect: Server did not return a <features /> stanza, reconnecting
62013-11-02 18:29:29 jabber_lib.print_message: SSLError
72013-11-02 18:29:29 jabber_lib.print_message: Could not connect to jabber server 10.xx.xx.xx
82013-11-02 18:29:29 jabber_lib.setup_connection: Could not connect to any jabber server
92013-11-02 18:29:29 jabber_lib.main: Unable to connect to jabber servers, sleeping 106 seconds

When looking in the configuration file of up2date I saw that I registered the system with Spacewalk using the IP instead of the FQDN - first error:

1# grep serverURL /etc/sysconfig/rhn/up2date
2serverURL[comment]=Remote server URL (use FQDN)
3serverURL=http://10.xx.xx.xx/XMLRPC

I changes the line like this:

1serverURL=http://10.xx.xx.xx/XMLRPC

Beyond that I was fiddling with the configurations file of the jabber servers (which is used by osa-dispatcher). Of course I made backups and restored them - but during this the file permissions become lost. Customizing the permissions solved the problem:

1# service jabberd status
2router (pid 5466) is running...
3sm dead but subsys locked
4c2s dead but subsys locked
5s2s dead but subsys locked
6
7# chmod 640 /etc/jabberd/*.xml
8# service jabberd restart
9# service osa-dispatcher start

There are plenty of tipps in the Red Hat Knowledge Base - you'll need a valid RHN Account for reading them:

"jabber services are dead but subsys locked" - https://access.redhat.com/site/solutions/43777
"osad startup failed with SSLDisabledError" - https://access.redhat.com/site/solutions/45332
"What TCP/IP ports are required to be open on a Red Hat Network (RHN) Satellite, Proxy and/or Client system?"- https://access.redhat.com/site/solutions/10818

🙂

OSAD SSLError troubleshooting

Translations: