TroubleShootingSindes

From Begrid Wiki
Jump to navigationJump to search

Troubleshooting and FAQ's for Sindes

How do I do basic trouble shooting for Sindes ?

Look at the logs in /var/log/httpd/*sindes*log.

problems connecting to sindes

On the client side: no quattor updates are installed. And ccm-fetch gives this error:

[root@ui tmp]# ccm-fetch
2011/10/03-15:54:45 [WARN] Retrieve: <https://quattorclient.begrid.be:444/profiles/profile_ui.begrid.be.xml>: 500 Server closed connection without sending any data back

And on the quattorclient, you get these errors in /var/log/httpd/sinds_ssl_error.log

[Mon Oct 03 15:54:36 2011] [error] Re-negotiation request failed

This was the case after an update of apache. It was solved by putting the following line in /etc/httpd/conf.d/sindes-ssl.conf

SSLInsecureRenegotiation on

Then restart apache.


I'm getting error 22 on the client

example:

warning: /var/tmp/rpm-xfer.TSA3NS: V3 DSA signature: NOKEY, key ID 0c98ff9d
warning: /var/tmp/rpm-xfer.LviAa5: V3 DSA signature: NOKEY, key ID 0c98ff9d
Makefile.crt    ... Skipped
Will make needed symlinks for new CA certificate
ca-gridy4.begrid.be.crt ... 41403b28.0
Makefile.crt    ... Skipped
Generating key-pair: [RSA/1024] OK
Creating certificate request
All went fine.
Private key in /var/tmp/get-crt-zi3086/client.key
Certificate request in /var/tmp/get-crt-zi3086/client.csr
Sending the request to gridy4.begrid.be...
Something went wrong while contacting CA (curl returned 22)
Cleaning /var/tmp/get-crt-zi3086
2009/09/24-10:42:35 [WARN] Retrieve: <https://gridy4.begrid.be:444/profiles/profile_ce02.begrid.be.xml>: 500 configure certs failed: /etc/sindes/certs/client_cert.pem file does not exist: No such file or directory

2009/09/24-10:43:05 [WARN] Retrieve: <https://gridy4.begrid.be:444/profiles/profile_ce02.begrid.be.xml>: 500 configure certs failed: /etc/sindes/certs/client_cert.pem file does not exist: No such file or directory

2009/09/24-10:43:35 [WARN] Retrieve: <https://gridy4.begrid.be:444/profiles/profile_ce02.begrid.be.xml>: 500 configure certs failed: /etc/sindes/certs/client_cert.pem file does not exist: No such file or directory

2009/09/24-10:44:05 [ERROR] can't get: <https://gridy4.begrid.be:444/profiles/profile_ce02.begrid.be.xml>
Quattor installation on  failed: ccm-fetch failed with code 1
    • Check the forward and reverse DNS resolve for the Sindes server.
      • Also check for double records
      • Use nslookup and dig to debug.
    • Ensure that your Sindes certificate is uploaded to the Quattor repository (ask BEgrid sysadmin).
    • Ensure the version setting in the templates match with Sindes.

The security informations like root and user’s passwords are transmitted by the Secure INformation DElivery System (SINDES) mechanism. SINDES consists of a CA that issues SSL certificates for each machine. At the installation time, the NCM component that initiates this information exchanging process , sends a message like CLIENT_HELLO to the SINDES server. The server now validates the connection with the standard SSL handshaking mechanism, validating the certificate against its own CA. If the validation succeed, SINDES takes the password and sends to the agent which will install the password on the machine


Back to Troubleshooting


Template:TracNotice