[osiris] Re: HELP! Hours of session key negotiation failure

David Vasil dmvasil at ornl.gov
Fri Nov 10 12:26:26 EST 2006 

John A. Sullivan III wrote:
> network.  In fact, we just did an interview with ComputerWorld; I hope
> something comes of it.  In any event, back to Osiris, I'll respond in
> the text below.

So I just installed a set of VM's on VMWare Server, one with FC3 and the 
other with FC5.  I did not run any updates on either of the systems so 
they are installed with the base RPM's and package versions (openssl 
0.9.8a-5.2 on FC5, 0.9.7a-40 on FC3).  I compiled the 4.2.2 version of 
Osiris; installed the MD, agent, and CLI on the FC3 host, and a client 
on the FC5 host.

I was able to scan the FC5 host without any issues (after I killed the 
default iptables that came with the FC5 install).  Here are the logs 
from the client:

Nov 10 10:54:57 localhost osirisd[21534]: [info] using root directory: 
/usr/local/osiris
Nov 10 10:54:57 localhost osirisd[21534]: [err] loading root cert: 
/usr/local/osiris/osiris_root.pem.
Nov 10 10:54:57 localhost osirisd[21534]: [info] SSL server running.
Nov 10 10:54:57 localhost osirisd[21534]: [info] server started on port: 
2265.
Nov 10 11:24:27 localhost osirisd[21534]: [info] connection from: 
192.168.178.130
Nov 10 11:24:27 localhost osirisd[21534]: [info] no loaded root cert, 
trusing cert with fingerprint: 
9A:B3:F8:58:12:BC:B2:B7:F4:E0:E1:99:2F:90:90:9F.
Nov 10 11:24:27 localhost osirisd[21534]: [info] saved root cert: 
/usr/local/osiris/osiris_root.pem.
Nov 10 11:24:27 localhost osirisd[21534]: [info] sending session-key to 
management host.
Nov 10 11:24:27 localhost osirisd[21534]: [info] waiting for session key.
Nov 10 11:24:27 localhost osirisd[21534]: [info] received new session key.
Nov 10 11:24:28 localhost osirisd[21534]: [info] incoming: status

I then compiled the 4.1.9 release of Osiris and installed that on the MD 
only; that too worked.  I then installed 4.1.9 on the client and was 
also able to scan the FC5 client from the FC3 MD.

Is there anything different about your FC5 host from the default install 
besides ISCS?  It's a long shot, but try connecting to the FC5 client's 
osirisd processes with strace/ltrace and see if you can spot any odd 
behavior.

-- 
-dave

More information about the osiris mailing list