hi
we have a central opsi configuration server and two depot servers. one of them started flooding the logs with the following lines:
==================================================================
= opsi configuration service starting =
==================================================================
(Logger.py|828)
[5] [Jul 25 19:04:54] Starting opsiconfd main thread (opsiconfd.py|433)
[5] [Jul 25 19:04:54] Opening socket /var/run/opsiconfd/opsiconfd.socket for interprocess communication. (opsiconfd.py|427)
opsidepot.ringcsoport.hu:~# tail 30 /var/log/opsi/opsiconfd/opsiconfd.log
tail: "30" nem nyitható meg olvasásra: Nincs ilyen fájl vagy könyvtár
==> /var/log/opsi/opsiconfd/opsiconfd.log <==
[2] [Jul 25 19:05:55] line 269 in '_createBackendInstance' in file '/var/lib/python-support/python2.5/opsiconfd/opsiconfd.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 139 in '__init__' in file '/var/lib/python-support/python2.5/OPSI/Backend/BackendManager.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 222 in '__init__' in file '/var/lib/python-support/python2.5/OPSI/Backend/BackendManager.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 273 in '__loadBackends' in file '/var/lib/python-support/python2.5/OPSI/Backend/BackendManager.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 317 in '__init__' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 382 in 'connect' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 591 in '_jsonRPC' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 123 in 'execute' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [Jul 25 19:05:55] line 133 in 'waitForResult' in file '/var/lib/python-support/python2.5/OPSI/Backend/Backend.py' (Logger.py|742)
[2] [Jul 25 19:05:55] ==>>> Opsi authentication error: Forbidden: Backend authentication error: Backend authentication error: OpsiHostKey authentication failed for host 'opsidepot.ringcsoport.hu': wrong key (error on server) (opsiconfd.py|448)
what doeas it mean 'wrong key'? there is a problem with the pckeys file? how can I regenerate the content of this file?
regards, np
"wrong key"
Re: "wrong key"
Hi,
yes - the depot server communicates with the config server via web service and use the host key for authentication.
I would try to register the the depot at the config server again. After this procedure the keys should be correct.
Hint: be sure that config and depot servers have the same opsi server packages installed.
regards
d.oertel
yes - the depot server communicates with the config server via web service and use the host key for authentication.
I would try to register the the depot at the config server again. After this procedure the keys should be correct.
Hint: be sure that config and depot servers have the same opsi server packages installed.
regards
d.oertel
Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.
Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.
uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de
Re: "wrong key"
servers have the same packages (version 4.0.1.1). the results:
opsidepot.***********.hu:~# opsi-setup --register-depot
[5] [júl 26 12:43:04] Getting current system config (opsi-setup|66)
[5] [júl 26 12:43:04] System information: (opsi-setup|113)
[5] [júl 26 12:43:04] distributor : Debian (opsi-setup|114)
[5] [júl 26 12:43:04] distribution : Debian GNU/Linux 5.0.8 (lenny) (opsi-setup|115)
[5] [júl 26 12:43:04] ip address : 192.168.2.3 (opsi-setup|116)
[5] [júl 26 12:43:04] netmask : 255.255.255.0 (opsi-setup|117)
[5] [júl 26 12:43:04] subnet : 192.168.2.0 (opsi-setup|118)
[5] [júl 26 12:43:04] broadcast : 192.168.2.255 (opsi-setup|119)
[5] [júl 26 12:43:04] fqdn : opsidepot.***********.hu (opsi-setup|120)
[5] [júl 26 12:43:04] hostname : opsidepot (opsi-setup|121)
[5] [júl 26 12:43:04] domain : ***********.hu (opsi-setup|122)
[5] [júl 26 12:43:04] win domain : AIZZE (opsi-setup|123)
[5] [júl 26 12:43:19] Creating depot 'opsidepot.***********.hu' (opsi-setup|2351)
[5] [júl 26 12:43:19] Getting depot 'opsidepot.***********.hu' (opsi-setup|2354)
[5] [júl 26 12:43:20] Testing connection to config server as user 'opsidepot.***********.hu' (opsi-setup|2363)
[5] [júl 26 12:43:22] Successfully connected to config server as user 'opsidepot.***********.hu' (opsi-setup|2368)
[5] [júl 26 12:43:22] Updating backend config '/etc/opsi/backends/jsonrpc.conf' (opsi-setup|2370)
[5] [júl 26 12:43:22] Backend config '/etc/opsi/backends/jsonrpc.conf' updated (opsi-setup|2382)
[5] [júl 26 12:43:22] Updating dispatch config '/etc/opsi/backendManager/dispatch.conf' (opsi-setup|2384)
[5] [júl 26 12:43:22] Dispatch config '/etc/opsi/backendManager/dispatch.conf' updated (opsi-setup|2397)
[5] [júl 26 12:43:22] Setting rights (opsi-setup|406)
[5] [júl 26 12:43:25] Setting rights on directory '/tftpboot/linux' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/home/opsiproducts' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/var/log/opsi' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/etc/opsi' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/var/lib/opsi' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/opt/pcbin/install' (opsi-setup|487)
[5] [júl 26 12:43:32] Restarting services (opsi-setup|2401)
[5] [júl 26 12:43:47] Configuring client user pcpatch (opsi-setup|343)
[5] [júl 26 12:43:47] Creating RSA private key for user pcpatch in '/var/lib/opsi/.ssh/id_rsa' (opsi-setup|357)
[5] [júl 26 12:43:48] Setting rights (opsi-setup|406)
[5] [júl 26 12:43:52] Setting rights on directory '/var/lib/opsi/.ssh' (opsi-setup|487)
[2] [júl 26 12:43:58] Traceback: (Logger.py|742)
[2] [júl 26 12:43:58] line 94 in 'processResult' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [júl 26 12:43:58] ==>>> Host key for depot 'configserver.*****.hu' not found (error on server) (JSONRPC.py|98)
[2] [júl 26 12:43:59] Traceback: (Logger.py|742)
[2] [júl 26 12:43:59] line 94 in 'processResult' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [júl 26 12:43:59] ==>>> Host key for depot 'configserver.*****.hu' not found (error on server) (JSONRPC.py|98)
[2] [júl 26 12:44:05] Traceback: (Logger.py|742)
[2] [júl 26 12:44:05] line 3018 in '<module>' in file '/usr/bin/opsi-setup' (Logger.py|742)
[2] [júl 26 12:44:05] line 2997 in 'main' in file '/usr/bin/opsi-setup' (Logger.py|742)
[2] [júl 26 12:44:05] line 403 in 'configureClientUser' in file '/usr/bin/opsi-setup' (Logger.py|742)
[2] [júl 26 12:44:05] line 755 in 'execute' in file '/var/lib/python-support/python2.5/OPSI/System/Posix.py' (Logger.py|742)
[2] [júl 26 12:44:05] ==>>> Command 'opsi-admin -d task setPcpatchPassword "*** confidential ***"' failed (1):
[2] Traceback: (Logger.py|742)
[2] line 1516 in '<module>' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 301 in 'main' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 669 in 'execute' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] ==>>> Failed to execute 'task setPcpatchPassword *** confidential ***': Failed to hex decode key 'None' (error on server) (opsi-admin|1526) (opsi-setup|3026)
ERROR: Command 'opsi-admin -d task setPcpatchPassword "JPOMKYxq2SMT"' failed (1):
[2] Traceback: (Logger.py|742)
[2] line 1516 in '<module>' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 301 in 'main' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 669 in 'execute' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] ==>>> Failed to execute 'task setPcpatchPassword JPOMKYxq2SMT': Failed to hex decode key 'None' (error on server) (opsi-admin|1526)
as far as i know, the pcpatch password is exactly the same on our servers. should i try to refresh it?
thx helping me
opsidepot.***********.hu:~# opsi-setup --register-depot
[5] [júl 26 12:43:04] Getting current system config (opsi-setup|66)
[5] [júl 26 12:43:04] System information: (opsi-setup|113)
[5] [júl 26 12:43:04] distributor : Debian (opsi-setup|114)
[5] [júl 26 12:43:04] distribution : Debian GNU/Linux 5.0.8 (lenny) (opsi-setup|115)
[5] [júl 26 12:43:04] ip address : 192.168.2.3 (opsi-setup|116)
[5] [júl 26 12:43:04] netmask : 255.255.255.0 (opsi-setup|117)
[5] [júl 26 12:43:04] subnet : 192.168.2.0 (opsi-setup|118)
[5] [júl 26 12:43:04] broadcast : 192.168.2.255 (opsi-setup|119)
[5] [júl 26 12:43:04] fqdn : opsidepot.***********.hu (opsi-setup|120)
[5] [júl 26 12:43:04] hostname : opsidepot (opsi-setup|121)
[5] [júl 26 12:43:04] domain : ***********.hu (opsi-setup|122)
[5] [júl 26 12:43:04] win domain : AIZZE (opsi-setup|123)
[5] [júl 26 12:43:19] Creating depot 'opsidepot.***********.hu' (opsi-setup|2351)
[5] [júl 26 12:43:19] Getting depot 'opsidepot.***********.hu' (opsi-setup|2354)
[5] [júl 26 12:43:20] Testing connection to config server as user 'opsidepot.***********.hu' (opsi-setup|2363)
[5] [júl 26 12:43:22] Successfully connected to config server as user 'opsidepot.***********.hu' (opsi-setup|2368)
[5] [júl 26 12:43:22] Updating backend config '/etc/opsi/backends/jsonrpc.conf' (opsi-setup|2370)
[5] [júl 26 12:43:22] Backend config '/etc/opsi/backends/jsonrpc.conf' updated (opsi-setup|2382)
[5] [júl 26 12:43:22] Updating dispatch config '/etc/opsi/backendManager/dispatch.conf' (opsi-setup|2384)
[5] [júl 26 12:43:22] Dispatch config '/etc/opsi/backendManager/dispatch.conf' updated (opsi-setup|2397)
[5] [júl 26 12:43:22] Setting rights (opsi-setup|406)
[5] [júl 26 12:43:25] Setting rights on directory '/tftpboot/linux' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/home/opsiproducts' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/var/log/opsi' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/etc/opsi' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/var/lib/opsi' (opsi-setup|487)
[5] [júl 26 12:43:25] Setting rights on directory '/opt/pcbin/install' (opsi-setup|487)
[5] [júl 26 12:43:32] Restarting services (opsi-setup|2401)
[5] [júl 26 12:43:47] Configuring client user pcpatch (opsi-setup|343)
[5] [júl 26 12:43:47] Creating RSA private key for user pcpatch in '/var/lib/opsi/.ssh/id_rsa' (opsi-setup|357)
[5] [júl 26 12:43:48] Setting rights (opsi-setup|406)
[5] [júl 26 12:43:52] Setting rights on directory '/var/lib/opsi/.ssh' (opsi-setup|487)
[2] [júl 26 12:43:58] Traceback: (Logger.py|742)
[2] [júl 26 12:43:58] line 94 in 'processResult' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [júl 26 12:43:58] ==>>> Host key for depot 'configserver.*****.hu' not found (error on server) (JSONRPC.py|98)
[2] [júl 26 12:43:59] Traceback: (Logger.py|742)
[2] [júl 26 12:43:59] line 94 in 'processResult' in file '/var/lib/python-support/python2.5/OPSI/Backend/JSONRPC.py' (Logger.py|742)
[2] [júl 26 12:43:59] ==>>> Host key for depot 'configserver.*****.hu' not found (error on server) (JSONRPC.py|98)
[2] [júl 26 12:44:05] Traceback: (Logger.py|742)
[2] [júl 26 12:44:05] line 3018 in '<module>' in file '/usr/bin/opsi-setup' (Logger.py|742)
[2] [júl 26 12:44:05] line 2997 in 'main' in file '/usr/bin/opsi-setup' (Logger.py|742)
[2] [júl 26 12:44:05] line 403 in 'configureClientUser' in file '/usr/bin/opsi-setup' (Logger.py|742)
[2] [júl 26 12:44:05] line 755 in 'execute' in file '/var/lib/python-support/python2.5/OPSI/System/Posix.py' (Logger.py|742)
[2] [júl 26 12:44:05] ==>>> Command 'opsi-admin -d task setPcpatchPassword "*** confidential ***"' failed (1):
[2] Traceback: (Logger.py|742)
[2] line 1516 in '<module>' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 301 in 'main' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 669 in 'execute' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] ==>>> Failed to execute 'task setPcpatchPassword *** confidential ***': Failed to hex decode key 'None' (error on server) (opsi-admin|1526) (opsi-setup|3026)
ERROR: Command 'opsi-admin -d task setPcpatchPassword "JPOMKYxq2SMT"' failed (1):
[2] Traceback: (Logger.py|742)
[2] line 1516 in '<module>' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 301 in 'main' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] line 669 in 'execute' in file '/usr/bin/opsi-admin' (Logger.py|742)
[2] ==>>> Failed to execute 'task setPcpatchPassword JPOMKYxq2SMT': Failed to hex decode key 'None' (error on server) (opsi-admin|1526)
as far as i know, the pcpatch password is exactly the same on our servers. should i try to refresh it?
thx helping me
Re: "wrong key"
Hi,
do you using the file backend as default backend ?
If yes - the pckeys are strored in the /etc/opsi/pckeys.
You should find there keys for the clients, the opsi-config-server and the opsi-depot-servers.
Are there keys for all servers ?
Does the file look somehow broken ?
regards
d.oertel
do you using the file backend as default backend ?
If yes - the pckeys are strored in the /etc/opsi/pckeys.
You should find there keys for the clients, the opsi-config-server and the opsi-depot-servers.
Are there keys for all servers ?
Does the file look somehow broken ?
regards
d.oertel
Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.
Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.
uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de
Re: "wrong key"
I think we solved the problem, but I don't know, which step helped - we had some problem with the available disk space on the central server, I think this was the root cause.
I mentioned recent opsiconfd version : 4.0.1.1 - during the update we got a new boot image, it has a 20110720 date. if I try to install windows xp from lan, I getting the next message (see attachment). I found it in the logs:
[5] [Aug 01 18:09:41] -----> Executing: host_getObjects([], {'type': u'OpsiClient', 'id': u'alma.ringcsoport.hu'}) (JsonRpc.py|123)
[5] [Aug 01 18:09:41] Application 'opsi linux bootimage 20110720' on client '192.168.2.89' did not send cookie (workers.py|161)
[2] [Aug 01 18:09:41] Traceback: (Logger.py|742)
[2] [Aug 01 18:09:41] line 282 in '_errback' in file '/var/lib/python-support/python2.5/OPSI/Service/Worker.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 328 in '_runCallbacks' in file '/usr/lib/python2.5/site-packages/twisted/internet/defer.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 168 in '_getSession' in file '/var/lib/python-support/python2.5/opsiconfd/workers.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 386 in '_getSession' in file '/var/lib/python-support/python2.5/OPSI/Service/Worker.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 409 in '_getSessionId' in file '/var/lib/python-support/python2.5/opsiconfd/workers.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 164 in '_getSessionId' in file '/var/lib/python-support/python2.5/opsiconfd/workers.py' (Logger.py|742)
[2] [Aug 01 18:09:41] ==>>> Opsi authentication error: Application 'opsi linux bootimage 20110720' on client '192.168.2.89' did neither supply session id nor password (Worker.py|289)
can you see the error message in the last line.
regards, np
I mentioned recent opsiconfd version : 4.0.1.1 - during the update we got a new boot image, it has a 20110720 date. if I try to install windows xp from lan, I getting the next message (see attachment). I found it in the logs:
[5] [Aug 01 18:09:41] -----> Executing: host_getObjects([], {'type': u'OpsiClient', 'id': u'alma.ringcsoport.hu'}) (JsonRpc.py|123)
[5] [Aug 01 18:09:41] Application 'opsi linux bootimage 20110720' on client '192.168.2.89' did not send cookie (workers.py|161)
[2] [Aug 01 18:09:41] Traceback: (Logger.py|742)
[2] [Aug 01 18:09:41] line 282 in '_errback' in file '/var/lib/python-support/python2.5/OPSI/Service/Worker.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 328 in '_runCallbacks' in file '/usr/lib/python2.5/site-packages/twisted/internet/defer.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 168 in '_getSession' in file '/var/lib/python-support/python2.5/opsiconfd/workers.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 386 in '_getSession' in file '/var/lib/python-support/python2.5/OPSI/Service/Worker.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 409 in '_getSessionId' in file '/var/lib/python-support/python2.5/opsiconfd/workers.py' (Logger.py|742)
[2] [Aug 01 18:09:41] line 164 in '_getSessionId' in file '/var/lib/python-support/python2.5/opsiconfd/workers.py' (Logger.py|742)
[2] [Aug 01 18:09:41] ==>>> Opsi authentication error: Application 'opsi linux bootimage 20110720' on client '192.168.2.89' did neither supply session id nor password (Worker.py|289)
can you see the error message in the last line.
regards, np
Re: "wrong key"
Hi,
if you switch a netboot product to setup a named pipe ic created at /tftpboot/linux/pxelinux.cfg.
The name of the named pipe contain the MAC of the client. Please read this pipe (eg. with cat) and check if the pipe contain the pckey of the client.
regards
d.oertel
if you switch a netboot product to setup a named pipe ic created at /tftpboot/linux/pxelinux.cfg.
The name of the named pipe contain the MAC of the client. Please read this pipe (eg. with cat) and check if the pipe contain the pckey of the client.
regards
d.oertel
Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.
Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.
uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de
Re: "wrong key"
here is the output of the cat command:
# cat 01-08-00-27-6c-43-98
default opsi-install
label opsi-install
kernel install
append dn=XXXXXXXXXXX.hu product=winxppro pckey service=https://192.168.254.3:4447/rpc vga=791 quiet initrd=miniroot.bz2 splash video=vesa:ywrap,mtrr hn=alma
i see the pckey word, but not the value of
# cat 01-08-00-27-6c-43-98
default opsi-install
label opsi-install
kernel install
append dn=XXXXXXXXXXX.hu product=winxppro pckey service=https://192.168.254.3:4447/rpc vga=791 quiet initrd=miniroot.bz2 splash video=vesa:ywrap,mtrr hn=alma
i see the pckey word, but not the value of
Re: "wrong key"
Hi,
ok - the pckey is missing.
Is there a pckey entry at the /etc/opsi/pckeys for
alma.XXXXXXXXXXX.hu
?
regards
d.oertel
ok - the pckey is missing.
Is there a pckey entry at the /etc/opsi/pckeys for
alma.XXXXXXXXXXX.hu
?
regards
d.oertel
Vielen Dank für die Nutzung von opsi. Im Forum ist unser Support begrenzt.
Für den professionellen Einsatz und individuelle Beratung empfehlen wir einen Support-Vertrag und eine Schulung.
Gerne informieren wir Sie zu unserem Angebot.
uib GmbH
Telefon: +49 6131 27561 0
E-Mail: sales@uib.de
Re: "wrong key"
there is a pckey in the file for the client.
i recreated the client in the database and the installation started!
thanks for your help and patience
regards, np
i recreated the client in the database and the installation started!
thanks for your help and patience
regards, np