Pandora FMS community forums

Full Version: Tentacle Server and SSL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
PandoraFMS ver 5.1SP2 installed from the appliance CD image.

I've been tearing my hair out trying to get this working.  I followed the instructions in the Documentation for Tentacle configuration.  But as soon as an agent tries to connect the Tentacle Server dies.  So I ran it directly (no -d) with -v for verbose.

No message is logged the process just exits.  So I figured its probably getting a signal of some sort.  So I added sigtrap qw(any) to the server script.  Sure enough I was getting a SIGSEGV at line 1406 of IO::Socket::SSL.  The code at that location deals with the the key password callback.  Since I haven't protected my key with a password I commented out the SSL_passwd_cb argument in start_ssl.  That made the line 1406 SIGSEGV go away to be replaced with another at line 1467 which deals with the verify callback.  Since there is no SSL_verify_cb argument specified I'm out of ideas.

HELP!
Hi Rbnelson,

Which version of perl are you using? There are a problem with the 5.10.1 and 5.11.0 versions, to solved it you only need to upgrade the version like on the follow link:  http://wiki.pandorafms.com/index.php?tit...r_with_SSL.

If is not a problem with the version of perl it could be because tentacle uses "pandora" user to spawn the server, check if it exists and it's valid. Usually "pandora" user is created on server install, but could be the case of a problem. Check also startup script and run manually to see if something is wrong.
Execute manually chkconfig tentacle_serverd on to force tentacle service startup and tell if is something is reporting any fail or weird  message.

You can also try to disable the internal firewall.

You should edit as well in /usr/share/pandora_agent/tentacle_server the SSL section, there you have all the information that you need to edit to throw it with SSL.

Regards,
All the software was the latest versions from the repositories.  I was running it manually as I said in my posting that is the only way to get -v to work.

The internal firewall is not going to make the perl app SIGSEGV.
Okay I figured it out.  The problem is that Net::SSLeay that is available with CentOS 6.6 is version 1.35.  But that version is not thread-safe, the first version to be thread-safe is 1.44.  I upgraded to the latest on CPAN and now it works fine.
I'm having this problem. You can specify details on how to solve it. I spent a lot of time but were deadlocked.
Thanks in advance.
At a command prompt type:

sudo cpan IO::Socket::SSL Net::SSLeay