Hi,
since some weeks we receive (usually after a reboot of the Uyuni server) "TASCOMATIC NOTICATIONS":
Subtask kickstartfile-sync failed.
Subtask cobbler-sync failed.
At the log file /var/log/rhn/rhn_taskomatic_daemon.log we see messages like these one:
2023-01-30 18:15:00,201 [DefaultQuartzScheduler_Worker-12] ERROR com.redhat.rhn.manager.kickstart.cobbler.CobblerLoginCommand - XmlRpcFault while logging in. most likely user doesn't have permissions.
redstone.xmlrpc.XmlRpcFault: :[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
2023-01-30 18:16:00,116 [DefaultQuartzScheduler_Worker-17] ERROR com.redhat.rhn.taskomatic.task.CobblerSyncTask - Message: We had an error trying to login.
2023-01-30 18:16:00,116 [DefaultQuartzScheduler_Worker-17] ERROR com.redhat.rhn.taskomatic.task.CobblerSyncTask - Cause: {}
redstone.xmlrpc.XmlRpcFault: :[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
+
2023-01-30 18:37:00,057 [DefaultQuartzScheduler_Worker-9] ERROR com.redhat.rhn.taskomatic.task.CobblerSyncTask - Stack trace:com.redhat.rhn.manager.kickstart.cobbler.NoCobblerTokenException: We had an error trying to login.
[..]
Caused by: redstone.xmlrpc.XmlRpcFault: :[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
Actually we renewed our internal Root-CA certificate last month, added a new certificate chain to /etc/apache2/ssl.crt/ and included it in /etc/apache2/vhosts.d/vhost-ssl.conf . Webbrowsers show the updated certificate chain.
Initially we forgot to add the new Root-CA-certificate to /etc/ssl/certs/ (+ run "update-ca-certificates") but this has been fixed meanwhile.
I wonder if /etc/ssl/ca-bundle.pem is used by Apache Tomcat for validation of SSL-server certificates?
Any other idea?
Regards,
Tobias Crefeld.