Can't register Landscape client with on-prem server
I have the Landscape Server 18.03 installed on an Ubuntu 18.04 VM, and merrily monitoring itself. So that side seems to work.
I'm trying to register another 18.04 VM with
sudo landscape-config --computer-title "landscape client" --account-name standalone --url --ping-url and getting
We were unable to contact the server.
Your internet connection may be down. The landscape client will continue to try and contact the server periodically.broker.log contains
sudo tail -n 19 /var/log/landscape/broker.log
2018-08-11 20:45:00,394 INFO [MainThread] Starting urgent message exchange with
2018-08-11 20:45:00,400 ERROR [PoolThread-twisted.internet.reactor-0] Error contacting the server at
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/landscape/lib/fetch.py", line 116, in fetch curl.perform()
pycurl.error: (77, '')
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/landscape/client/broker/transport.py", line 82, in exchange message_api) File "/usr/lib/python3/dist-packages/landscape/client/broker/transport.py", line 56, in _curl headers=headers, cainfo=self._pubkey, curl=curl)) File "/usr/lib/python3/dist-packages/landscape/lib/fetch.py", line 118, in fetch raise PyCurlError(e.args[0], e.args[1])
landscape.lib.fetch.PyCurlError: Error 77:
2018-08-11 20:45:00,401 INFO [MainThread] Message exchange failed.
2018-08-11 20:45:00,402 INFO [MainThread] Message exchange completed in 0.01s.Both of
curl -k work but
curl does not, but if I copy across the ca certificate from the Landscape server then
sudo curl --cacert /etc/ssl/certs/landscape.localhost_ca.pemworks
From How do I install Landscape for personal use?
I've tried pointing the ssl_public_key in client.conf at both the ca certificate and the server certificate but neither seems to work.
2 Answers
Curl's error 77 is CURLE_SSL_CACERT_BADFILE, indicating that it's an issue with the provided cacert file. Your curl --cacert command confirms that the file isn't corrupt or in a wrong format.
Therefore, it's most likely a file permissions issue; maybe it can be read/write by owner/group but not by others, so it can be read when you sudo curl as root, but not when read by the landscape user.
chmod o+r /etc/ssl/certs/landscape.localhost_ca.pem should fix it.
Try restarting the client service after you installed the cert, using this command:
sudo /etc/init.d/landscape-client restartThe exact same situation you described happened to me. Curl worked with the cert, perms on the copied cert were correct, but still didn't work... Remembered to restart (I had changed the config file, after all!), and voila!
