Goferd SSL errors

katello

#1

Hi all,

After setting up a Katello installation and deploying to clients, I’m seeing the following errors in the /var/log/messages of the attached clients:

    Jan 11 01:09:24 srv01 goferd: [ERROR][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.proton.reliability:47 - receiver 8bb1ee2b-a020-4b84-b35e-79ba23c78dc3 from pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9 closed due to: Condition('qd:no-route-to-dest', 'No route to the destination node')
    Jan 11 01:13:15 srv01 goferd: [INFO][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.proton.connection:131 - closed: proton+amqps://katello.server:5647
    Jan 11 01:13:15 srv01 goferd: [INFO][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.connect:28 - connecting: proton+amqps://katello.server:5647
    Jan 11 01:13:15 srv01 goferd: [INFO][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.proton.connection:87 - open: URL: amqps://katello.server:5647|SSL: ca: /etc/rhsm/ca/katello-default-ca.pem|key: None|certificate: /etc/pki/consumer/bundle.pem|host-validation: None
    Jan 11 01:13:15 srv01 goferd: [INFO][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.proton.connection:92 - opened: proton+amqps://katello.server:5647
    Jan 11 01:13:15 srv01 goferd: [INFO][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.connect:30 - connected: proton+amqps://katello.server:5647
    Jan 11 01:13:27 srv01 goferd: [ERROR][pulp.agent.de70d903-18fb-482a-9e8f-897f7fabada9] gofer.messaging.adapter.proton.reliability:53 - Connection amqps://katello.server:5647 disconnected: Condition('amqp:connection:framing-error', 'SSL Failure: Unknown error.')

Nothing shows in the qdrouterd.log on the server, and I’m at a loss since subscriptons join without an issue. Any suggestions on where to start? I’ve installed Katello with the following options:

foreman-installer --scenario katello --enable-foreman-compute-ec2 --enable-foreman-compute-libvirt --enable-foreman-plugin-ansible --enable-foreman-plugin-hooks --enable-foreman-plugin-openscap --enable-foreman-plugin-remote-execution --enable-foreman-plugin-setup --enable-foreman-plugin-tasks --enable-foreman-plugin-templates --enable-foreman-proxy-plugin-ansible --enable-foreman-proxy-plugin-openscap --enable-foreman-proxy-plugin-remote-execution-ssh --foreman-initial-organization=Internal --foreman-locations-enabled=true --foreman-organizations-enabled=true --foreman-initial-location=Internal

The Katello server is SL7.4 with the clients being SL6x and 7x.
Foreman 1.16.0 / Katello 3.5.0.1

Thanks!


#2

Hi,
could it be that port 5647 is not open on your server?
Martin


#3

The port is opened, that’s the first thing I’ve checked. From a client machine:

[admin@client01 ~]$ nc -vv katello.server 5647
Connection to katello.server 5647 port [tcp/*] succeeded!


.
AMQPSСlSÐ\SÐP£amqp:connection:framing-error¡*Unknown protocol detected: '\x0a\x0a.\x0a'@

[admin@client01 ~]$

#4

Unable to edit, but some additional detail:

[root@katello ~]# rpm -qa|egrep ‘qdrouter|qpid’ |sort
katello.server-qpid-broker-1.0-1.noarch
katello.server-qpid-client-cert-1.0-1.noarch
katello.server-qpid-router-client-1.0-1.noarch
katello.server-qpid-router-server-1.0-1.noarch
python-gofer-qpid-2.7.6-1.el7.noarch
python-qpid-1.37.0-1.el7.noarch
python-qpid-proton-0.17.0-1.el7.x86_64
python-qpid-qmf-1.36.0-1.el7.x86_64
qpid-cpp-client-1.36.0-1.el7.x86_64
qpid-cpp-client-devel-1.36.0-1.el7.x86_64
qpid-cpp-server-1.36.0-1.el7.x86_64
qpid-cpp-server-linearstore-1.36.0-1.el7.x86_64
qpid-dispatch-router-0.8.0-1.el7.x86_64
qpid-proton-c-0.17.0-1.el7.x86_64
qpid-qmf-1.36.0-1.el7.x86_64
qpid-tools-1.36.0-1.el7.noarch
tfm-rubygem-qpid_messaging-0.34.1-1.el7.x86_64