Osad

Recovered from the older tannerjc.net wiki snapshot dated January 23, 2016.

Info

• https://fedorahosted.org/spacewalk/wiki/OsadHowTo
• https://fedorahosted.org/spacewalk/wiki/JabberAndOSAD

Osad’s sole purpose is to launch rhn_check if notified by osa-dispatcher (jabberd).

Server

Configuration

• Keepalive

sed -i 's/interval.*/interval120\/interval/' /etc/jabberd/*.xml*
sed -i 's/keepalive.*/keepalive120\/keepalive/' /etc/jabberd/*.xml*
sed -i 's/idle.*/idle600\/idle/' /etc/jabberd/*.xml* |grep 'idle'

Ports

[root@satellite ~]# lsof -i | fgrep -i -e jabb -e osa
router    21838 jabberd    4u  IPv4 224315       TCP *:5347 (LISTEN)
router    21838 jabberd    5u  IPv4 224328       TCP localhost.localdomain:5347-localhost.localdomain:57169 (ESTABLISHED)
router    21838 jabberd    6u  IPv4 224337       TCP localhost.localdomain:5347-localhost.localdomain:57170 (ESTABLISHED)
router    21838 jabberd    7u  IPv4 224339       TCP localhost.localdomain:5347-localhost.localdomain:57171 (ESTABLISHED)
router    21838 jabberd    8u  IPv4 224609       TCP localhost.localdomain:5347-localhost.localdomain:57178 (ESTABLISHED)
resolver  21839 jabberd    4u  IPv4 224332       TCP localhost.localdomain:57170-localhost.localdomain:5347 (ESTABLISHED)
sm        21840 jabberd    4u  IPv4 224334       TCP localhost.localdomain:57171-localhost.localdomain:5347 (ESTABLISHED)
s2s       21841 jabberd    4u  IPv4 224608       TCP localhost.localdomain:57178-localhost.localdomain:5347 (ESTABLISHED)
s2s       21841 jabberd    5u  IPv4 224610       TCP *:xmpp-server (LISTEN)
c2s       21842 jabberd    4u  IPv4 224327       TCP localhost.localdomain:57169-localhost.localdomain:5347 (ESTABLISHED)
c2s       21842 jabberd    5u  IPv4 224353       TCP *:xmpp-client (LISTEN)
c2s       21842 jabberd    6u  IPv4 224682       TCP satellite.sat53.net:xmpp-client-satellite.sat53.net:44833 (ESTABLISHED)
c2s       21842 jabberd    9u  IPv4 229613       TCP satellite.sat53.net:xmpp-client-ractarget.sat53.net:34386 (ESTABLISHED)
osa-dispa 21961    root    4u  IPv4 224659       UDP localhost.localdomain:37555
osa-dispa 21961    root    5u  IPv4 224662       TCP localhost.localdomain:47058-localhost.localdomain:ncube-lm (ESTABLISHED)
osa-dispa 21961    root    6u  IPv4 224681       TCP satellite.sat53.net:44833-satellite.sat53.net:xmpp-client (ESTABLISHED)
osa-dispa 21961    root    7u  IPv4 224741       TCP *:winjaserver (LISTEN)

Client connection log

[root@satellite rhn]# tail /var/log/rhn/rhn_server_xmlrpc.log
2010/09/20 18:56:58 -04:00 20052 10.0.0.10: xmlrpc/registration.register_osad_jid
2010/09/20 18:57:14 -04:00 14669 10.0.0.10: xmlrpc/registration.welcome_message('lang: None',)
2010/09/20 18:57:14 -04:00 20051 10.0.0.10: xmlrpc/registration.register_osad

Errata update scheduled

2010-09-20 19:08:40 osad_client._message_callback:
2010-09-20 19:08:40 jabber_lib._check_signature_from_message: message from='rhn-dispatcher-sat@satellite.sat53.net/superclient' type='normal' to='osad-557477d4f9@satellite.sat53.net/osad'x xmlns = 'http://jabber.rhn.redhat.com/jabber/signed'  action='http://jabber.rhn.redhat.com/jabber/message/request/checkin' timestamp='1285024120' jid='rhn-dispatcher-sat@satellite.sat53.net/superclient' serial='604c07-31088' signature='d2b8f03490a11485002ec4e500fbdf9cb1707c3e' //message
2010-09-20 19:08:40 osad_client._check_signature: Signature args ['9f9ae8fcb5cf68402e0531bb59cbbfe732f35e48', 'osad-557477d4f9@satellite.sat53.net/osad', u'1285024120', u'604c07-31088', u'http://jabber.rhn.redhat.com/jabber/message/request/checkin', u'rhn-dispatcher-sat@satellite.sat53.net/superclient']
2010-09-20 19:08:40 osad_client._create_signature: rhn-dispatcher-sat@satellite.sat53.net/superclient http://jabber.rhn.redhat.com/jabber/message/response/checkin
2010-09-20 19:08:40 osad_client._create_signature: Signature args ['9f9ae8fcb5cf68402e0531bb59cbbfe732f35e48', rhn-dispatcher-sat@satellite.sat53.net/superclient, 'bb2c0540c3b5c960', 1285024120, '129f1f-3', 'http://jabber.rhn.redhat.com/jabber/message/response/checkin', 'osad-557477d4f9@satellite.sat53.net/osad']
2010-09-20 19:08:40 osad_client._message_callback: About to execute: ['/usr/sbin/rhn_check']
2010-09-20 19:08:40 osad_client._message_callback: run_rhn_check: 1

Proxy

Ports

[root@sat5proxy ~]# lsof -i | fgrep -i -e jabb -e osa
router    3282 jabberd    4u  IPv4  16418       TCP *:5347 (LISTEN)
router    3282 jabberd    5u  IPv4  16437       TCP localhost.localdomain:5347-localhost.localdomain:34754 (ESTABLISHED)
router    3282 jabberd    6u  IPv4  16477       TCP localhost.localdomain:5347-localhost.localdomain:34755 (ESTABLISHED)
router    3282 jabberd    7u  IPv4  16480       TCP localhost.localdomain:5347-localhost.localdomain:34756 (ESTABLISHED)
router    3282 jabberd    8u  IPv4  16482       TCP localhost.localdomain:5347-localhost.localdomain:34757 (ESTABLISHED)
resolver  3283 jabberd    4u  IPv4  16427       TCP localhost.localdomain:34754-localhost.localdomain:5347 (ESTABLISHED)
sm        3284 jabberd    4u  IPv4  16479       TCP localhost.localdomain:34757-localhost.localdomain:5347 (ESTABLISHED)
s2s       3285 jabberd    4u  IPv4  16476       TCP localhost.localdomain:34755-localhost.localdomain:5347 (ESTABLISHED)
s2s       3285 jabberd    5u  IPv4  16481       TCP *:xmpp-server (LISTEN)
c2s       3286 jabberd    4u  IPv4  16478       TCP localhost.localdomain:34756-localhost.localdomain:5347 (ESTABLISHED)
c2s       3286 jabberd    5u  IPv4  16483       TCP *:xmpp-client (LISTEN)

Client

Config

[root@ractarget ~]# cat /etc/sysconfig/rhn/osad.conf  | egrep -v -e ^\# -e ^\$
[osad]
systemid = /etc/sysconfig/rhn/systemid
debug_level = 0
server_handler = /XMLRPC
proto = https
server_url = %(proto)s://%(server_name)s%(server_handler)s
osa_ssl_cert =
logfile = /var/log/osad
max_time_drift = 120
run_rhn_check = 1
rhn_check_command = /usr/sbin/rhn_check
enable_failover = 0

[root@ractarget ~]# fgrep -i sslCACert /etc/sysconfig/rhn/up2date | fgrep -i trusted
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

Port

[root@ractarget ~]# lsof -i | fgrep -i -e jabber -e osad
osad       3784  root    3u  IPv4  11165       TCP 10.0.0.10:34386-satellite.sat53.net:xmpp-client (ESTABLISHED)

[root@ractarget ~]# fgrep xmpp-client /etc/services
xmpp-client	5222/tcp			# XMPP Client Connection
xmpp-client	5222/udp			# XMPP Client Connection

Startup

[root@ractarget ~]# osad  -N -v -v -v -v
2010-09-20 18:58:07 osad._setup_config: Updating configuration
2010-09-20 18:58:07 osad._setup_config: Time drift 0
2010-09-20 18:58:07 osad._setup_config: Client name 9ca0a626d6e45659
2010-09-20 18:58:07 osad._setup_config: Shared key 24c8128ead37b7b64d1d4776cc934deabd2ca981
2010-09-20 18:58:07 jabber_lib.setup_connection: Connecting to satellite.sat53.net
2010-09-20 18:58:07 jabber_lib._get_jabber_client:
2010-09-20 18:58:07 jabber_lib._get_jabber_client: Connecting to satellite.sat53.net
2010-09-20 18:58:07 jabber_lib.__init__:
2010-09-20 18:58:07 jabber_lib.__init__:
2010-09-20 18:58:07 jabber_lib.check_cert: Loading cert X509Name object '/C=US/ST=NC/L=Raleigh/O=Red Hat/OU=satellite.sat53.net/CN=satellite.sat53.net'
2010-09-20 18:58:07 jabber_lib.connect:
2010-09-20 18:58:07 jabber_lib.process: 300
2010-09-20 18:58:07 jabber_lib.process: None
2010-09-20 18:58:07 jabber_lib.connect: Preparing for TLS handshake
2010-09-20 18:58:07 jabber_lib.process: None
2010-09-20 18:58:07 jabber_lib.process: None
2010-09-20 18:58:07 jabber_lib.setup_connection: Connected to jabber server satellite.sat53.net
2010-09-20 18:58:07 osad_client.start: osad-557477d4f9 e4ec9157b1ed8b17df3d osad
2010-09-20 18:58:07 jabber_lib.auth: osad-557477d4f9 e4ec9157b1ed8b17df3d osad 1
2010-09-20 18:58:07 jabber_lib.auth: Sending auth request iq type='get' id='auth-get-e333cc-0'query xmlns = 'jabber:iq:auth' usernameosad-557477d4f9/username/query/iq
2010-09-20 18:58:07 jabber_lib.process: 59.9999861717
2010-09-20 18:58:07 jabber_lib.dispatch: Unhandled stanza iq type='result' id='auth-get-e333cc-0'query xmlns = 'jabber:iq:auth' usernameosad-557477d4f9/usernameresource /password /digest /sequence494/sequencetoken4C926058/token/query/iq
2010-09-20 18:58:07 jabber_lib.auth: Auth response iq type='result' id='auth-get-e333cc-0'query xmlns = 'jabber:iq:auth' usernameosad-557477d4f9/usernameresource /password /digest /sequence494/sequencetoken4C926058/token/query/iq
2010-09-20 18:58:07 jabber_lib.auth: Sending auth info iq type='set' id='auth-set-e333cc-1'query xmlns = 'jabber:iq:auth' usernameosad-557477d4f9/usernameresourceosad/resourcehash4701264531c23ddd23860fdfd9d82af0cdce5eaf/hash/query/iq
2010-09-20 18:58:07 jabber_lib.process: 299.999988079
2010-09-20 18:58:07 jabber_lib.dispatch: Unhandled stanza iq type='result' id='auth-set-e333cc-1' /
2010-09-20 18:58:07 jabber_lib.auth: Authenticated
2010-09-20 18:58:07 jabber_lib.register_callback: bound method Client._roster_callback of osad.osad_client.Client instance at 0x2b8eb6cca2d8 iq None None None None
2010-09-20 18:58:07 jabber_lib.process: None
2010-09-20 18:58:07 jabber_lib._roster_callback: Updating the roster iq type='result' id='iq-request-e333cc-2'query xmlns = 'jabber:iq:roster' item jid='rhn-dispatcher-sat@satellite.sat53.net' subscription='both' //query/iq
2010-09-20 18:58:07 jabber_lib.register_callback: bound method Client._presence_callback of osad.osad_client.Client instance at 0x2b8eb6cca2d8 presence None None None None
2010-09-20 18:58:07 jabber_lib.register_callback: bound method Client._message_callback of osad.osad_client.Client instance at 0x2b8eb6cca2d8 message None None None None
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed to {}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed both {'rhn-dispatcher-sat@satellite.sat53.net': {'jid': 'rhn-dispatcher-sat@satellite.sat53.net', 'subscription': u'both'}}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed none {}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed from {}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Already subscribed to the presence of node rhn-dispatcher-sat@satellite.sat53.net
2010-09-20 18:58:07 jabber_lib.send_presence: None None
2010-09-20 18:58:07 jabber_lib.process_forever:
2010-09-20 18:58:07 jabber_lib.process: None
2010-09-20 18:58:07 jabber_lib._presence_callback: osad-557477d4f9@satellite.sat53.net/osad rhn-dispatcher-sat@satellite.sat53.net/superclient None
2010-09-20 18:58:07 jabber_lib._presence_callback: Node is available rhn-dispatcher-sat@satellite.sat53.net/superclient None
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed to {}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed both {'rhn-dispatcher-sat@satellite.sat53.net': {'jid': 'rhn-dispatcher-sat@satellite.sat53.net', 'subscription': u'both'}}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed none {}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Subscribed from {}
2010-09-20 18:58:07 jabber_lib.subscribe_to_presence: Already subscribed to the presence of node rhn-dispatcher-sat@satellite.sat53.net

network trace remote command

[root@ractarget ~]# tcpdump  -n not dst port 22 and not src port 22  and  \( src 10.0.0.5 or dst 10.0.0.5 \) and \( not dst 123 \)
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

19:45:16.683761 IP 10.0.0.5.xmpp-client  10.0.0.10.59138: P 2385337038:2385337160(122) ack 36118194 win 88 nop,nop,timestamp 636868784 364491370
19:45:16.690691 IP 10.0.0.10.59138  10.0.0.5.xmpp-client: P 1:102(101) ack 122 win 843 nop,nop,timestamp 364536676 636868784
19:45:16.691174 IP 10.0.0.5.xmpp-client  10.0.0.10.59138: . ack 102 win 88 nop,nop,timestamp 636868792 364536676
19:45:16.934930 IP 10.0.0.10.60230  10.0.0.5.domain:  49716+ A? satellite.sat53.net. (37)
19:45:16.936229 IP 10.0.0.5.domain  10.0.0.10.60230:  49716* 1/1/0 A 10.0.0.5 (76)
19:45:16.936394 IP 10.0.0.10.52421  10.0.0.5.https: S 1103470881:1103470881(0) win 5840 mss 1460,sackOK,timestamp 364536922 0,nop,wscale 5
19:45:16.937078 IP 10.0.0.5.https  10.0.0.10.52421: S 3435977047:3435977047(0) ack 1103470882 win 5792 mss 1460,sackOK,timestamp 636869038 364536922,nop,wscale 7
19:45:16.937084 IP 10.0.0.10.52421  10.0.0.5.https: . ack 1 win 183 nop,nop,timestamp 364536923 636869038
19:45:16.944389 IP 10.0.0.10.52421  10.0.0.5.https: P 1:122(121) ack 1 win 183 nop,nop,timestamp 364536930 636869038
19:45:16.944875 IP 10.0.0.5.https  10.0.0.10.52421: . ack 122 win 46 nop,nop,timestamp 636869046 364536930
...

Bad SSL Startup

[root@ractarget ~]# osad -N -v -v -v -v
2010-09-20 20:33:21 osad._setup_config: Updating configuration
2010-09-20 20:33:21 osad._setup_config: Time drift 0
2010-09-20 20:33:21 osad._setup_config: Client name c218f387b52801f1
2010-09-20 20:33:21 osad._setup_config: Shared key d1acef0c4a7d02fb8deec7abb48e8ac9785e4ef4
2010-09-20 20:33:21 jabber_lib.setup_connection: Connecting to sat5proxy.sat53.net
2010-09-20 20:33:21 jabber_lib._get_jabber_client:
2010-09-20 20:33:21 jabber_lib._get_jabber_client: Connecting to sat5proxy.sat53.net
2010-09-20 20:33:21 jabber_lib.__init__:
2010-09-20 20:33:21 jabber_lib.__init__:
2010-09-20 20:33:21 jabber_lib.check_cert: Loading cert X509Name object '/C=US/ST=NC/L=Raleigh/O=Red Hat/CN=jtsat.dj.edm'
2010-09-20 20:33:21 jabber_lib.connect:
2010-09-20 20:33:21 jabber_lib.process: 300
2010-09-20 20:33:21 jabber_lib.process: None
2010-09-20 20:33:21 jabber_lib.connect: Preparing for TLS handshake
Traceback caught:
Traceback (most recent call last):
  File /usr/share/rhn/osad/jabber_lib.py, line 618, in connect
    self.verify_peer(ssl)
  File /usr/share/rhn/osad/jabber_lib.py, line 698, in verify_peer
    raise SSLVerifyError(Mismatch: peer name: %s; common name: %s %
SSLVerifyError: Mismatch: peer name: sat5proxy.sat53.net; common name: sat5proxy.dj.edm.