We help IT Professionals succeed at work.

RedHat Cluster (conga) : Unable to establish an SSL connection

Williams225 used Ask the Experts™
Hello, I am trying to setup a Cluster redhat on my Vmware Workstation for training purpose.

I use the gui interface conga (luci). But I have been having error regarding ssl connection, I don't know how to fix that.

I have an error

luci interface (conga)
error message
/etc/hosts file on both nodes
[root@NodeB ~]# more /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.               localhost.localdomain localhost            nodea.localdomain.local            nodeb.localdomain.loca

Open in new window

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This error occurs when the luci server cannot communicate with the ricci agent. Verify that ricci is installed and started on each node. Ensure that the firewall has been configured correctly, and that Security-Enhanced Linux (SELinux) is not the issue. Check /var/log/audit/audit.log for details on SELinux issues.

Make sure your nodes have the latest SELinux policy with the following command:

[root]# yum update selinux-policy
If you continue to encounter errors, it may be necessary to disable SELinux. This is not recommended, and should only be used as a last resort. Disable SELinux with the command:

[root]# setenforce 0

Williams225System Administator


Thanx a lot @Anuroopsundd for your quick answer.

 How do I the configure correctly the firewall?

Also I have updated the SELinux, i have disabled it after...; But the result is the same in both cases.

I don't know how to understand  var/log/audit/audit log's messages.
[root@NodeB ~]# tail -10 /var/log/audit/audit.log
type=AVC msg=audit(1334505815.781:819): avc:  denied  { execute_no_trans } for  pid=14046 comm="tpvmlp" path="/usr/lib/vmware-tools/bin32/appLoader" dev=sda2 ino=1373068 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
type=SYSCALL msg=audit(1334505815.781:819): arch=40000003 syscall=11 success=no exit=-13 a0=869b018 a1=869b060 a2=bfd041dc a3=869b064 items=0 ppid=14037 pid=14046 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="tpvmlp" exe="/usr/lib/cups/backend/tpvmlp" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1334505832.582:820): avc:  denied  { execute_no_trans } for  pid=14062 comm="tpvmgp" path="/usr/lib/vmware-tools/bin32/appLoader" dev=sda2 ino=1373068 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file

Open in new window


It seems that your SELinux is picking on VMWAre tools but it has nothing to do with your cluster operation.  SELinux should not be the issue because both the OS and Cluster OS comes from the vendor they have appropriate policies in place to allow the operation of the cluster. I've never had an issue about SELinux with RHEL 5 or 6.

Please make sure that you've disabled your firewall at both ends before cluster setup.

If you want to keep it running after you finish setup check the open ports here:

For RHEL 4 and 5:

For RHEL 6:

 It is clear that internode communication wants to communucate other node over port 11111 but it can not go through the firewall over the nodeb. Then allow these ports.

Williams225System Administator


you are a genius! I have disabled firewall on both nodes , now the cluster creation works.
Kerem ERSOYPresident

Thank you very much. I'm happy to see you've solved your problem.. Firewall generally is  a pain in the neck for the cluster systems.