We help IT Professionals succeed at work.

RedHat Cluster (conga) : Unable to establish an SSL connection

Williams225
Williams225 used Ask the Experts™
on
Hello, I am trying to setup a Cluster redhat on my Vmware Workstation for training purpose.

I use the gui interface conga (luci). But I have been having error regarding ssl connection, I don't know how to fix that.

I have an error

luci interface (conga)
error message
/etc/hosts file on both nodes
[root@NodeB ~]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               localhost.localdomain localhost
192.168.1.10            nodea.localdomain.local
192.168.1.11            nodeb.localdomain.loca

Open in new window

l
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This error occurs when the luci server cannot communicate with the ricci agent. Verify that ricci is installed and started on each node. Ensure that the firewall has been configured correctly, and that Security-Enhanced Linux (SELinux) is not the issue. Check /var/log/audit/audit.log for details on SELinux issues.

Make sure your nodes have the latest SELinux policy with the following command:

[root]# yum update selinux-policy
If you continue to encounter errors, it may be necessary to disable SELinux. This is not recommended, and should only be used as a last resort. Disable SELinux with the command:

[root]# setenforce 0


http://linux.dell.com/wiki/index.php/Products/HA/DellRedHatHALinuxCluster/Cluster
Williams225System Administator

Author

Commented:
Thanx a lot @Anuroopsundd for your quick answer.

 How do I the configure correctly the firewall?

Also I have updated the SELinux, i have disabled it after...; But the result is the same in both cases.

I don't know how to understand  var/log/audit/audit log's messages.
[root@NodeB ~]# tail -10 /var/log/audit/audit.log
type=AVC msg=audit(1334505815.781:819): avc:  denied  { execute_no_trans } for  pid=14046 comm="tpvmlp" path="/usr/lib/vmware-tools/bin32/appLoader" dev=sda2 ino=1373068 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1334505815.781:819): arch=40000003 syscall=11 success=no exit=-13 a0=869b018 a1=869b060 a2=bfd041dc a3=869b064 items=0 ppid=14037 pid=14046 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="tpvmlp" exe="/usr/lib/cups/backend/tpvmlp" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1334505832.582:820): avc:  denied  { execute_no_trans } for  pid=14062 comm="tpvmgp" path="/usr/lib/vmware-tools/bin32/appLoader" dev=sda2 ino=1373068 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file

Open in new window

President
Commented:
Hi,

It seems that your SELinux is picking on VMWAre tools but it has nothing to do with your cluster operation.  SELinux should not be the issue because both the OS and Cluster OS comes from the vendor they have appropriate policies in place to allow the operation of the cluster. I've never had an issue about SELinux with RHEL 5 or 6.

Please make sure that you've disabled your firewall at both ends before cluster setup.

If you want to keep it running after you finish setup check the open ports here:

For RHEL 4 and 5:
http://www.open-sharedroot.org/faq/administrators-handbook/cluster-system-administration/ports-being-in-use-by-the-red-hat-cluster-software

For RHEL 6:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Cluster_Administration/index.html#s2-iptables-clnodes-CA

 It is clear that internode communication wants to communucate other node over port 11111 but it can not go through the firewall over the nodeb. Then allow these ports.

 Cheers,
K.
Williams225System Administator

Author

Commented:
you are a genius! I have disabled firewall on both nodes , now the cluster creation works.
Kerem ERSOYPresident

Commented:
Thank you very much. I'm happy to see you've solved your problem.. Firewall generally is  a pain in the neck for the cluster systems.