I have setup two ClearOS servers in master slave synchronisation. (Reason maybe I ditch my unRAID server if I can make this all work on ClearOS)
When installing Windows networking you have a primary domain controller (PDC) on the first server and on the second server backup domain controller (BDC). Everything is working (for example users are synchronised) fine only one thing. The flexshares on the second server (BDC) are not working. I have the following error:
I have no experience with this PDC and BDC some help is appreciated! What do you need to know?
When installing Windows networking you have a primary domain controller (PDC) on the first server and on the second server backup domain controller (BDC). Everything is working (for example users are synchronised) fine only one thing. The flexshares on the second server (BDC) are not working. I have the following error:
Before you can start using this app, you first need to configure Security Certificates.
Before you can start using this app, you first need to configure Security Certificates.
I have no experience with this PDC and BDC some help is appreciated! What do you need to know?
In Flexshare
Share this post:
Responses (39)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Found this document. This command don't work "ldapsetup". Maybe this is outdated documentation???
Account synchronisation is also not working anymore... -
Accepted Answer
Okay, did a re-install. This was the quickest way!
Account synchronisation is working, Windows networking is starting.
The issues: Certificate manager is waiting for connection:
The system is waiting for a connection to the master node.
Flexshares are complaining about certificates but...
Before you can start using this app, you first need to configure Security Certificates.
...if I tick "configure security certificates" I get the message "The system is waiting for a connection to the master node". -
Accepted Answer
-
Accepted Answer
grep clearsyncd /var/log/messages
[root@discovery ~]# grep clearsyncd /var/log/messages
Aug 16 16:32:34 localhost clearsyncd[6134]: Network Proxy Watch: Started
Aug 16 16:32:34 localhost clearsyncd[6134]: ClearSync initialized.
Aug 16 16:32:34 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:32:34 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:35:16 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:35:16 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:35:39 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:35:39 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:35:41 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:35:41 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:40:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:40:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:40:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:40:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:40:08 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:40:08 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:40:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:40:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:41:27 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:41:27 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:41:42 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:41:42 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:41:44 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:41:44 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:42:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:42:04 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:42:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:42:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:42:10 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:42:10 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:42:13 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:42:13 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:44:32 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:44:32 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:44:38 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:44:38 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:44:40 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:44:40 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:45:00 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:45:00 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:45:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:45:02 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:45:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:45:06 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:45:09 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:45:10 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:47:05 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:47:05 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:47:07 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:47:07 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:48:46 localhost clearsyncd[6134]: System Events: Socket hang-up: 27
Aug 16 16:48:46 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:48:48 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:48:48 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:49:09 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:49:09 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 16 16:49:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 16:49:11 localhost clearsyncd[6134]: System Events: Socket hang-up: 28
Aug 16 23:59:17 localhost clearsyncd[6134]: DateWatch: Inotify read: Invalid argument
Aug 17 00:01:59 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
Aug 17 00:01:59 localhost clearsyncd[6134]: System Events: Socket hang-up: 26
One thing I noticed seeing this log that is the time is not correct. This system was installed after 16.32. So logging on 16:32 is not possible. -
Accepted Answer
-
Accepted Answer
What is was trying to say is that the system was not installed on that time but I know what happend. Setting the correct timezone happened some later. You can see it happening in "yum.log".
Aug 16 16:48:28 Updated: 1:app-base-core-2.7.4-1.v7.noarch
Aug 16 16:48:29 Updated: 1:app-base-2.7.4-1.v7.noarch
Aug 16 16:48:29 Updated: openldap-2.4.44-21.v7.x86_64
Aug 16 16:48:29 Installed: openldap-clients-2.4.44-21.v7.x86_64
Aug 16 16:48:29 Installed: 1:app-performance-tuning-core-2.3.0-1.v7.noarch
Aug 16 16:48:29 Installed: 1:app-performance-tuning-2.3.0-1.v7.noarch
Aug 16 16:48:29 Installed: 1:app-master-slave-core-2.3.0-1.v7.noarch
Aug 16 16:48:29 Updated: 1:app-configuration-backup-core-2.5.4-1.v7.noarch
Aug 16 16:48:29 Updated: 1:app-dhcp-core-2.5.23-2.v7.noarch
Aug 16 16:48:29 Installed: libtool-ltdl-2.4.2-22.el7_3.x86_64
Aug 16 16:48:30 Installed: openldap-servers-2.4.44-21.v7.x86_64
Aug 16 16:48:30 Installed: 1:app-ldap-core-2.3.23-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-openldap-core-2.5.7-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-central-management-2.2.2-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-master-slave-2.3.0-1.v7.noarch
Aug 16 16:48:31 Installed: 1:app-central-management-core-2.2.2-1.v7.noarch
Aug 16 16:48:31 Updated: 1:app-dhcp-2.5.23-2.v7.noarch
Aug 16 16:48:31 Updated: 1:app-configuration-backup-2.5.4-1.v7.noarch
Aug 16 16:48:32 Updated: 1:app-storage-core-2.6.15-1.v7.noarch
Aug 16 16:48:32 Erased: 1:app-simple-mode-core-2.3.22-1.v7.noarch
Aug 16 22:51:34 Installed: libtalloc-2.1.13-1.el7.x86_64
Aug 16 22:51:34 Installed: libtevent-0.9.36-1.el7.x86_64
Aug 16 22:51:34 Installed: samba-common-4.8.3-4.4.v7.noarch
Aug 16 22:51:34 Installed: libtdb-1.3.15-1.el7.x86_64
Aug 16 22:51:34 Installed: libldb-1.3.4-1.el7.x86_64
Aug 16 22:51:34 Installed: samba-common-libs-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: samba-client-libs-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: libwbclient-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: 1:app-certificate-manager-2.5.1-1.v7.noarch
Aug 16 22:51:35 Installed: libsmbclient-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: tdb-tools-1.3.15-1.el7.x86_64
Aug 16 22:51:35 Installed: pytalloc-2.1.13-1.el7.x86_64
Aug 16 22:51:35 Installed: samba-libs-4.8.3-4.4.v7.x86_64
Aug 16 22:51:35 Installed: samba-common-tools-4.8.3-4.4.v7.x86_64
Aug 16 22:51:37 Installed: samba-4.8.3-4.4.v7.x86_64
Aug 16 22:51:37 Installed: samba-winbind-modules-4.8.3-4.4.v7.x86_64
Aug 16 22:51:39 Installed: samba-winbind-4.8.3-4.4.v7.x86_64
Aug 16 22:51:39 Installed: samba-winbind-clients-4.8.3-4.4.v7.x86_64
Aug 16 22:51:40 Installed: 1:app-flexshare-core-2.4.14-1.v7.noarch
Aug 16 22:51:40 Installed: nss-pam-ldapd-0.8.13-16.el7_6.1.x86_64
Aug 16 22:51:40 Installed: 1:app-samba-common-core-2.5.1-1.v7.noarch
Aug 16 22:51:40 Installed: 1:app-user-certificates-plugin-core-2.1.6-1.v7.noarch
Aug 16 22:51:40 Installed: 1:app-user-certificates-core-2.2.0-1.v7.noarch
Aug 16 22:51:40 Installed: libarchive-3.1.2-10.el7_2.x86_64
Aug 16 22:51:40 Installed: samba-client-4.8.3-4.4.v7.x86_64
Aug 16 22:51:40 Installed: 1:app-openldap-directory-core-2.5.1-1.v7.noarch
Aug 16 22:51:40 Installed: 1:app-samba-extension-core-2.5.0-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-samba-core-3.5.3-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-samba-3.5.3-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-user-certificates-2.2.0-1.v7.noarch
Aug 16 22:51:56 Installed: 1:app-flexshare-2.4.14-1.v7.noarch
Aug 17 05:59:17 Updated: 32:bind-license-9.9.4-74.el7_6.2.noarch
Aug 17 05:59:17 Updated: tzdata-2019b-1.el7.noarch
Aug 17 05:59:20 Updated: glibc-common-2.17-260.el7_6.6.x86_64
Aug 17 05:59:21 Updated: glibc-2.17-260.el7_6.6.x86_64
Aug 17 05:59:21 Updated: systemd-libs-219-62.el7_6.9.x86_64
Aug 17 05:59:21 Updated: libteam-1.27-6.el7_6.1.x86_64
Aug 17 05:59:21 Updated: kernel-tools-libs-3.10.0-957.21.3.v7.x86_64
Aug 17 05:59:21 Updated: 32:bind-libs-9.9.4-74.el7_6.2.x86_64
Aug 17 05:59:21 Updated: python-perf-3.10.0-957.21.3.v7.x86_64
Aug 17 05:59:21 Updated: libssh2-1.4.3-12.el7_6.3.x86_64
Aug 17 05:59:21 Updated: libcurl-7.29.0-51.el7_6.3.x86_64
Aug 17 05:59:22 Updated: systemd-219-62.el7_6.9.x86_64
Aug 17 05:59:22 Updated: 7:device-mapper-1.02.149-10.el7_6.8.x86_64 -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
On a other server you can see the time shift in /var/log/messages:
Aug 16 09:51:41 voyager yum[14949]: Installed: 1:app-network-visualiser-2.1.7-1.v7.noarch
Aug 16 09:51:41 voyager yum[14949]: Installed: 1:app-disk-usage-2.1.15-1.v7.noarch
Aug 16 09:58:09 voyager clearsyncd[5472]: System Events: Socket hang-up: 27
Aug 16 09:58:09 voyager clearsyncd[5472]: System Events: Socket hang-up: 27
Aug 16 11:59:23 voyager clearsyncd[5472]: System Events: Socket hang-up: 26
Aug 16 11:59:23 voyager clearsyncd[5472]: System Events: Socket hang-up: 26
Aug 16 12:01:39 voyager yum[6011]: Installed: python2-pyasn1-0.1.9-7.el7.noarch
Aug 16 12:01:39 voyager yum[6011]: Installed: python-ipaddress-1.0.16-2.el7.noarch
Aug 16 12:01:39 voyager yum[6011]: Installed: pyOpenSSL-0.13.1-4.el7.x86_64
You can see the jump of 2 hours. That happened 6 hours after installing the server. -
Accepted Answer
Installed a app on the server with the issue. You can see the time it is 6 hours off. Time according to log 5:26AM local time 11:26AM.
Aug 17 05:26:01 localhost yum[25927]: Installed: 1:app-services-core-2.5.0-1.v7.noarch
Aug 17 05:26:02 localhost yum[25927]: Installed: 1:app-services-2.5.0-1.v7.noarch -
Accepted Answer
-
Accepted Answer
What you suggested I already tried that.
The strange part the time on both systems is correct. To be sure I entered the "timesync" command on the system with the issue. After that I removed a package and then checked /var/log/messages. Time stil off!
[root@discovery log]# date
Sat Aug 17 11:40:18 CEST 2019
[root@discovery log]# timesync
[root@discovery log]# date
Sat Aug 17 11:41:05 CEST 2019
ug 17 05:40:41 localhost nmbd[4377]: This response was from IP 192.168.100.1, reporting an IP address of 192.168.100.1.
Aug 17 05:42:10 localhost yum[10711]: Erased: 1:app-services-2.5.0-1.v7.noarch
Aug 17 05:42:11 localhost yum[10711]: Erased: 1:app-services-core-2.5.0-1.v7.noarch -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Can you try the:
on bith the PDC and BDC. The BDC should get its ca-cert.pem from the PDC, but I don't know about the other certificates and the BDC is not allowed to create its own certificates. I am pretty sure there is a clearcync job which should sync the certificates, otherwise I done see how you can get certificates to the BDC. Do you have a sys-0-cert.pem and /etc/pki/CA/private/sys-0-key.pem on the BDC?grep clearsyncd.*Sync /var/log/messages
-
Accepted Answer
-
Accepted Answer
Okay first were you asked for.
PDC:
[root@voyager ~]# grep clearsyncd.*Sync /var/log/messages
Aug 17 12:41:05 localhost clearsyncd[5243]: ClearSync initialized.
Aug 17 19:58:04 voyager clearsyncd[5304]: ClearSync initialized.
Aug 17 20:00:42 voyager clearsyncd[5304]: CertificateManagerFileSync: Error reading packet header: recv: #033#022
BDC:
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Time-out
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: [#021
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021
Aug 17 20:53:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: +#021
The last copy and past is a snippet.
There is certainly a sync error!
Nick Howitt wrote:
The BDC should get its ca-cert.pem from the PDC, but I don't know about the other certificates and the BDC is not allowed to create its own certificates. I am pretty sure there is a clearcync job which should sync the certificates, otherwise I done see how you can get certificates to the BDC. Do you have a sys-0-cert.pem and /etc/pki/CA/private/sys-0-key.pem on the BDC?
Yes the BDC indeed did get it's certificates from the PBC. I did not install any certificate on the BDC.
I have the "ca-cert.pem" on the BDC. I do not have the certificates on the BDC you mention. -
Accepted Answer
-
Accepted Answer
Dave knows the fix for the filesync error. To my knowledge he has not yet investigated the CertificateManagerFileSync error. I'll have to try to get him. I think the FileSync is fixed by switching ports for something in the PDC. Ir would not surprise me if the certificate error were something similar. -
Accepted Answer
I'm in the middle of setting up a PDC/BDC setup for a client. Basically, I've reached she same point as Marcel, with the BDC certificate manager stuck with the message "The system is waiting for a connection to the master node". I've got a handful of other clients with remote BDC servers, and have never previously had any issues setting them up. The only difference is all the PDC's in these configurations are COS6 servers; the BDC's are a mix of COS6 and COS7.
Sorry I'm not contributing anything to fix this, but just wanted to confirm that this issue is not unique to Marcel's setup.
Cheers...... Andy -
Accepted Answer
On your BDC, are you by any chance missing a file /etc/clearsync.d/filesync-certificate-manager.conf? If you are, taking a bit of a flyer, perhaps try creating one with the following in it:
But replace $file_sync_key with the value in /var/clearos/mode/mode.conf, and $master_hostname from the same file.<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>
<!-- ClearSync Certificate Manager FileSync Plugin Configuration -->
<plugin name=\"CertificateManagerFileSync\" library=\"libcsplugin-filesync.so\" stack-size=\"65536\">
<authkey>$file_sync_key</authkey>
<slave host=\"$master_hostname\" port=\"8154\" interval=\"60\">
<file name=\"certificate-authority\" presync=\"\" postsync=\"\">/etc/pki/CA/ca-cert.pem</file>
<file name=\"default-certificate\" presync=\"\" postsync=\"\">/etc/pki/CA/sys-0-cert.pem</file>
<file name=\"default-key\" presync=\"\" postsync=\"\">/etc/pki/CA/private/sys-0-key.pem</file>
</slave>
</plugin>
<!--
vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2
-->
I am not sure how to trigger the synchronisation or if it will just happen. Perhaps try adding a carriage return or space at the end of one or all of the certificate files on the PDC. Real hacking here, but I've tried to look at the code in /usr/clearos/apps/certificate_manager/libraries/SSL.php which mentions CertificateManagerFileSync. -
Accepted Answer
I have that file on my BDC.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- ClearSync Certificate Manager FileSync Plugin Configuration -->
<plugin name="CertificateManagerFileSync" library="libcsplugin-filesync.so" stack-size="65536">
<authkey>ebde100afecb8dae2153061f1e5c779ec4cf67f5430fb44bb1fed319665257a8</authkey>
<slave host="voyager.xxxxxxx.lan" port="8154" interval="60">
<file name="certificate-authority" presync="" postsync="">/etc/pki/CA/ca-cert.pem</file>
<file name="default-certificate" presync="" postsync="">/etc/pki/CA/sys-0-cert.pem</file>
<file name="default-key" presync="" postsync="">/etc/pki/CA/private/sys-0-key.pem</file>
</slave>
</plugin>
<!--
vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2
-->
I'm correct saying that sys-0-cert.pem and sys-0-key.pem are not imported?
Checked the log again and found the following:
grep clearsyncd.*Sync /var/log/messages
[root@enterprise clearsync.d]# grep clearsyncd.*Sync /var/log/messages
Aug 17 13:37:35 localhost clearsyncd[6080]: ClearSync initialized.
Aug 17 20:00:38 enterprise clearsyncd[6008]: ClearSync initialized.
Aug 17 20:00:42 enterprise clearsyncd[6008]: AccountsFileSync: File synchronized: accounts-state
Aug 17 20:00:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: File synchronized: certificate-authority
Aug 17 20:00:42 enterprise clearsyncd[6008]: AccountsFileSync: Post-sync command failed for: accounts-state
Aug 17 20:00:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: write: Broken pipe
Aug 17 20:01:42 enterprise clearsyncd[6008]: AccountsFileSync: Remote file exception: accounts-state
Aug 17 20:01:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: recv: ?
Aug 17 20:01:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00
Aug 17 20:01:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe
Aug 17 20:02:42 enterprise clearsyncd[6008]: AccountsFileSync: Remote file exception: accounts-state
Aug 17 20:02:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: recv: #033#016
Aug 17 20:02:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00
Aug 17 20:02:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe
Aug 17 20:03:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Remote file exception: certificate-authority
Aug 17 20:03:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe
Aug 17 20:04:42 enterprise clearsyncd[6008]: AccountsFileSync: Remote file exception: accounts-state
Aug 17 20:04:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: recv: k#017
Aug 17 20:04:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00
Aug 17 20:04:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Session exception: send: Broken pipe
Aug 17 20:05:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Error reading packet header: Hang-up
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up
Aug 17 20:05:42 enterprise clearsyncd[6008]: CertificateManagerFileSync: Unexpected packet id: 0x00
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: Hang-up
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: ?#023
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021
Aug 17 20:05:42 enterprise clearsyncd[6008]: AccountsFileSync: Error reading packet header: recv: {#021 -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
PBD:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- ClearSync Filesync: accounts -->
<plugin name="AccountsFileSync" library="libcsplugin-filesync.so" stack-size="65536">
<authkey>ebde100afecb8dae2153061f1e5c779ec4cf67f5430fb44bb1fed319665257a8</authkey>
<master bind="0.0.0.0" port="8155">
<file name="accounts-state">/var/clearos/accounts/transaction.state</file>
</master>
</plugin>
<!--
vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2
-->
BDC:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- ClearSync Filesync: accounts -->
<plugin name="AccountsFileSync" library="libcsplugin-filesync.so" stack-size="65536">
<authkey>ebde100afecb8dae2153061f1e5c779ec4cf67f5430fb44bb1fed319665257a8</authkey>
<slave host="voyager.xxxxxx.lan" port="8155" interval="60">
<file name="accounts-state" presync="" postsync="sudo /usr/sbin/trigger accounts">/var/clearos/accounts/transaction.state</file>
</slave>
</plugin>
<!--
vi: syntax=xml expandtab shiftwidth=2 softtabstop=2 tabstop=2
-->
Port on both is 8155. Only the ip address on the PBD is 0.0.0.0. Is that normal? -
Accepted Answer
Hmm. I am not sure at this point. I have just fixed it on another system which was missing the /etc/clearsync.d/filesync-certificate-manager.conf. I copied it across and gave it 0644 permissions and restarted the clearsync service. I am not sure if the permissions thing is correct as it may be that I should have set the owner to root:clearsync instead. -
Accepted Answer
This are the permission on PDB and BDC:
[root@enterprise clearsync.d]# ls -al
total 116
drwxr-xr-x. 2 root root 4096 Aug 17 19:53 .
drwxr-xr-x. 88 root root 8192 Aug 18 03:03 ..
-rw-r--r--. 1 root root 468 May 10 2016 csplugin-audit.conf
-rw-r--r--. 1 root root 2596 Apr 9 18:41 csplugin-events.conf
-rw-r----- 1 root clearsync 538 Aug 17 19:50 filesync-accounts.conf
-rw-r----- 1 root clearsync 722 Aug 17 19:53 filesync-certificate-manager.conf
-rw-r--r--. 1 root root 708 May 24 2018 filewatch-accounts-event.conf
-rw-r--r--. 1 root root 535 May 24 2018 filewatch-accounts-initialized-event.conf
-rw-r--r--. 1 root root 497 May 24 2018 filewatch-accounts-ready-event.conf
-rw-r--r-- 1 root root 722 Jul 2 18:38 filewatch-base-clearsync.conf
-rw-r--r-- 1 root root 1106 Jul 2 18:38 filewatch-base-webconfig.conf
-rw-r--r--. 1 root root 645 Aug 30 2018 filewatch-certificate-manager-event.conf
-rw-r--r--. 1 root root 592 Jun 8 14:25 filewatch-date-event.conf
-rw-r--r--. 1 root root 594 Jun 18 10:38 filewatch-events-configuration.conf
-rw-r--r--. 1 root root 1936 May 30 10:08 filewatch-firewall.conf
-rw-r--r--. 1 root root 451 Mar 2 2017 filewatch-mode-event.conf
-rw-r--r--. 1 root root 1142 Mar 15 20:11 filewatch-network-configuration-event.conf
-rw-r--r--. 1 root root 611 Mar 15 20:11 filewatch-network-connected-event.conf
-rw-r--r--. 1 root root 652 Mar 15 20:11 filewatch-network-peerdns-event.conf
-rw-r--r-- 1 root root 669 Jul 29 19:19 filewatch-openldap-configuration-event.conf
-rw-r--r-- 1 root root 503 Jul 29 19:19 filewatch-openldap-online-event.conf
-rw-r--r-- 1 root root 627 Jun 18 10:52 filewatch-samba-configuration-event.conf
-rw-r--r--. 1 root root 539 Aug 15 2018 filewatch-smtp-event.conf
-rw-r--r--. 1 root root 595 May 16 2018 filewatch-software-updates-event.conf
-rw-r--r-- 1 root root 555 Jun 20 17:29 filewatch-storage-event.conf
-rw-r--r-- 1 root root 601 Jul 2 18:38 filewatch-system-database-event.conf
-rw-r--r--. 1 root root 851 Mar 15 20:11 procwatch-network-proxy-event.conf -
Accepted Answer
I don't think so. I used 0644 and root:root as I did not know what the default was. At lease that way it gave access to anyone. 0640 and root:clearsync is fine is the clearsync user is running the app as the clearsync user belongs to the clearsync group.
"ps aux" shows the clearsync user running clearsync:[root@server ~]# ps aux | grep clearsync
clearsy+ 2337 0.1 0.0 1260284 8476 ? Ssl Jul29 49:15 /usr/sbin/clearsyncd -c /etc/clearsync.conf
root 9320 0.0 0.0 112712 980 pts/3 S+ 15:19 0:00 grep --color=auto clearsync
Is this what you meant by probably a bug? -
Accepted Answer
I am just doing things with Dave. Can you do:
Then see if this gets your clearsync of certificates going?usermod -a -G ssl-cert clearsync
chgrp ssl-cert /etc/pki/CA/private
chmod g+rx /etc/pki/CA/private
systemctl restart clearsync
Please also check the port being used in both the PDC and BDC in /etc/clearsync.d/filesync-accounts.conf, and please let us know if they are different. They should both be using 8155. -
Accepted Answer
Ports are okay I checked yesterday but just double checked.
I executed the permission commands and tried to restarted the service then I found out the service was not running a bit strange because we saw the messages in the logs. Maybe it stopped. I'm restarting the server to see if everything is fixed. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Here is the bug report on Gitlab: https://gitlab.com/clearos/clearfoundation/app-certificate-manager/issues/18
Here is the latest build: http://koji.clearos.com/koji/taskinfo?taskID=24878
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »