[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: update to enterprise



+++ Julien Garet [28/11/12 14:42 +0100]:
----- Mail original -----

De: "Brenton Leanhardt" <bleanhar redhat com>
À: "Julien Garet" <julien garet inria fr>
Cc: dev lists openshift redhat com
Envoyé: Mercredi 28 Novembre 2012 14:21:02
Objet: Re: update to enterprise

+++ Julien Garet [28/11/12 11:34 +0100]:
>Hello,
>
>
>I've updated my openshift origin installation to the version refered
>in the Build Your Own PaaS on RHEL 6 (packages from here
>https://mirror.openshift.com/pub/origin-server/nightly/enterprise/2012-11-15/)
>It seems i have problems with communication between my broker and my
>node (separate). I have no firewall and selinux is in permissive
>mode.
>
>
>Any advice on what could be misconfigured (I must have missed a
>point in the docs) ?

I would try running the following:

# mco ping

This should return your node. If it doesn't I would verify that
ActiveMQ is setup and working correctly and that the mcollective
service is running on your nodes.
mco ping works
# mco inventory your.node.com

This should return some facts about your node.
It works well now, I forgot to install the openshift-origin-msg-node-mcollective package, so I did not have the cart_list fact...
I would then make sure that /etc/openshift/node.conf looks correct on
your nodes. Likewise for /etc/openshift/broker.conf on the broker.
These files seem correct, I ran checks (discovered those scripts on the wiki and they are very useful) :

[root broker ~]# oo-accept-broker
FAIL: service iptables not running

You technically don't need this running but unless this is only a
testing environment I would recommend running a firewall and only
opening the needed ports:

22
443
80
53 (if you happen to be running a DNS server)


1 ERRORS

[root node1 policy]# oo-accept-node
FAIL: selinux origin policy is not loaded
1 ERRORS

Are these services mandatory ? Do I really need selinux enforced on the node ? I now have another issue... still with the node I think, the client returns : Node execution failure (invalid exit code from node). If the problem persists please contact Red Hat support.
What I see from the logs on the node is :

You can technically put SELinux into permissive mode but you must at
least have the correct policy loaded.  If you have special needs with
your applications you can always write a custom SELinux module.
audit2allow is a good place to start if you pipe in the output of
/var/log/audit/audit.log.


Initialized empty Git repository in /var/lib/openshift/3ebe7f53e43b418fbafa88deb35ee243/git/trackstest.git/
/var/lib/openshift/3ebe7f53e43b418fbafa88deb35ee243/git/trackstest.git /tmp
/tmp
runcon: invalid context: system_u:system_r:openshift_t:s0:c0,c500: Invalid argument
Failed to start ruby-1.8

So, it seems selinux is mandatory, but when I try to configure it (https://openshift.redhat.com/community/wiki/build-your-own#Configuring_SELinux_2), i get :

setsebool -P httpd_unified=on httpd_can_network_connect=on httpd_can_network_relay=on httpd_read_user_content=on httpd_enable_homedirs=on httpd_run_stickshift=on allow_polyinstantiation=on
libsemanage.dbase_llist_set: record not found in the database (No such file or directory).
libsemanage.dbase_llist_set: could not set record value (No such file or directory).
Could not change boolean httpd_run_stickshift
Could not change policy booleans

Is there another package I forgot to install ? I am not used to selinux.

What version of the selinux-policy package do you have installed?

You want to have the following:

https://mirror.openshift.com/pub/origin-server/nightly/enterprise/2012-11-15/Node/x86_64/os/Packages/selinux-policy-3.7.19-155.el6_3.8.noarch.rpm
https://mirror.openshift.com/pub/origin-server/nightly/enterprise/2012-11-15/Node/x86_64/os/Packages/selinux-policy-targeted-3.7.19-155.el6_3.8.noarch.rpm

--Brenton


Thanks for your help,

Let us know if this helps or not.

--Brenton

>
>
>
>Here are the logs from the client :
>
>~$ rhc domain show -d
>Password: *************
>
>
>DEBUG: Connecting to
>https://broker.openshift.inria.fr/broker/rest/api
>DEBUG: Client supports API versions 1.1, 1.2, 1.3
>DEBUG: Server supports API versions 1.0, 1.1, 1.2
>DEBUG: Getting all domains
>DEBUG: Request: #<RestClient::Request:0x00000001bd8ea8
>@method="GET", @headers={:accept=>:json, "Authorization"=>"Basic
>Z2FyZXQ6aGVmZWthcm9zeUNlIQ==", "User-Agent"=>"rhc/1.1.11 (ruby
>1.9.3; x86_64-linux)"},
>@url="https://broker.openshift.inria.fr/broker/rest/domains";,
>@cookies={}, @payload="", @user=nil, @password=nil, @timeout=nil,
>@open_timeout=4, @block_response=nil, @raw_response=false,
>@verify_ssl=false, @ssl_client_cert=nil, @ssl_client_key=nil,
>@ssl_ca_file=nil, @tf=nil, @max_redirects=10,
>@processed_headers={"Accept"=>"application/json",
>"Accept-Encoding"=>"gzip, deflate", "Authorization"=>"Basic
>Z2FyZXQ6aGVmZWthcm9zeUNlIQ==", "User-Agent"=>"rhc/1.1.11 (ruby
>1.9.3; x86_64-linux)", "Content-Length"=>"0",
>"Content-Type"=>"application/x-www-form-urlencoded"},
>@args={:url=>"https://broker.openshift.inria.fr/broker/rest/domains";,
>:method=>"GET", :headers=>{:accept=>:json, "Authorization"=>"Basic
>Z2FyZXQ6aGVmZWthcm9zeUNlIQ==", "User-Agent"=>"rhc/1.1.11 (ruby
>1.9.3; x86_64-linux)"}, :payload=>{}, :timeout=>nil,
>:open_timeout=>4}>
>Connection to server timed out. It is possible the operation
>finished without being able to report success. Use 'rhc domain
>show' or 'rhc app status' to check the status of
>your applications.
>
>
>>From the broker :
>
>
>
>==> /var/www/openshift/broker/log/production.log <==
>
>
>Started GET "/broker/rest/api" for 193.51.236.13 at Wed Nov 28
>11:11:24 +0100 2012
>Processing by BaseController#show as JSON
>Completed 200 OK in 15ms (Views: 3.5ms)
>
>
>Started GET "/broker/rest/domains" for 193.51.236.13 at Wed Nov 28
>11:11:24 +0100 2012
>Processing by DomainsController#index as JSON
>Completed 500 Internal Server Error in 65154ms
>
>
>
>
>==> /var/www/openshift/broker/httpd/logs/access_log <==
>193.51.236.13 broker.openshift.inria.fr - - [28/Nov/2012:11:11:24
>+0100] "GET /broker/rest/api HTTP/1.1" 200 1548 "-" "rhc/1.1.11
>(ruby 1.9.3; x86_64-linux)"
>193.51.236.13 broker.openshift.inria.fr - garet
>[28/Nov/2012:11:11:24 +0100] "GET /broker/rest/domains HTTP/1.1"
>500 625 "-" "rhc/1.1.11 (ruby 1.9.3; x86_64-linux)"
>
>
>
>
>==> /var/www/openshift/broker/httpd/logs/error_log <==
>[Wed Nov 28 11:12:30 2012] [error] [client 127.0.0.1] Premature end
>of script headers: rest
>[ pid=1661 thr=139856507570144 file=ext/apache2/Hooks.cpp:834
>time=2012-11-28 11:12:30.15 ]: No data received from the backend
>application (process 4634) within 5000 msec. Either the backend
>application is frozen, or your TimeOut value of 5 seconds is too
>low. Please check whether your application is frozen, or increase
>the value of the TimeOut configuration directive.
>[ pid=4634 thr=69924097128880 file=utils.rb:176 time=2012-11-28
>11:12:30.016 ]: *** Exception OpenShift::NodeException in
>application (Node execution failure (error getting result from
>node). If the problem persists please contact Red Hat support.)
>(process 4634, thread #<Thread:0x7f30f1f0f360>):
>from
>/usr/lib/ruby/gems/1.8/gems/openshift-origin-msg-broker-mcollective-1.0.2/lib/openshift-origin-msg-broker-mcollective/lib/openshift/mcollective_application_container_proxy.rb:1173:in
>`parse_result'
>from
>/usr/lib/ruby/gems/1.8/gems/openshift-origin-msg-broker-mcollective-1.0.2/lib/openshift-origin-msg-broker-mcollective/lib/openshift/mcollective_application_container_proxy.rb:74:in
>`get_available_cartridges'
>from
>/usr/lib/ruby/gems/1.8/gems/openshift-origin-controller-1.0.7/lib/openshift-origin-controller/app/models/cartridge_cache.rb:23:in
>`cartridges'
>from
>/usr/lib/ruby/gems/1.8/gems/openshift-origin-controller-1.0.7/lib/openshift-origin-controller/app/models/cartridge_cache.rb:12:in
>`get_cached'
>[...]
>
>
>On the node :
>==> /var/log/mcollective/mcollective.log <==
>
>D, [2012-11-28T11:11:24.933868 #4163] DEBUG -- :
>runnerstats.rb:49:in `received' Incrementing total stat
>D, [2012-11-28T11:11:24.934309 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:24.934443 #4163] DEBUG -- :
>runnerstats.rb:38:in `validated' Incrementing validated stat
>D, [2012-11-28T11:11:24.934526 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:24.934630 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:24.934759 #4163] DEBUG -- : base.rb:110:in
>`validate_filter?' Passing based on agent rpcutil
>D, [2012-11-28T11:11:24.934852 #4163] DEBUG -- : base.rb:146:in
>`validate_filter?' Message passed the filter checks
>D, [2012-11-28T11:11:24.934925 #4163] DEBUG -- :
>runnerstats.rb:26:in `passed' Incrementing passed stat
>D, [2012-11-28T11:11:24.934999 #4163] DEBUG -- : runner.rb:77:in
>`agentmsg' Handling message for agent 'discovery' on collective
>'mcollective'
>D, [2012-11-28T11:11:24.935067 #4163] DEBUG -- : agents.rb:130:in
>`dispatch' Dispatching a message to agent discovery
>D, [2012-11-28T11:11:24.935282 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin discovery_agent
>with class MCollective::Agent::Discovery
>D, [2012-11-28T11:11:24.935370 #4163] DEBUG -- : stomp.rb:191:in
>`receive' Waiting for a message from Stomp
>D, [2012-11-28T11:11:24.935627 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:24.935867 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:24.935996 #4163] DEBUG -- : base.rb:161:in
>`create_reply' Encoded a message for request
>e39b2a383aba27f63ee5db5d34e3fd54
>D, [2012-11-28T11:11:24.936181 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin
>connector_plugin with class MCollective::Connector::Stomp
>D, [2012-11-28T11:11:24.936572 #4163] DEBUG -- : stomp.rb:224:in
>`publish' Sending a broadcast message to STOMP target
>'/topic/mcollective.discovery.reply'
>D, [2012-11-28T11:11:24.936797 #4163] DEBUG -- :
>runnerstats.rb:56:in `sent' Incrementing replies stat
>D, [2012-11-28T11:11:29.941117 #4163] DEBUG -- :
>runnerstats.rb:49:in `received' Incrementing total stat
>D, [2012-11-28T11:11:29.941260 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:29.941378 #4163] DEBUG -- :
>runnerstats.rb:38:in `validated' Incrementing validated stat
>D, [2012-11-28T11:11:29.941460 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:29.941559 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:29.941659 #4163] DEBUG -- : base.rb:135:in
>`validate_filter?' Passing based on identity
>D, [2012-11-28T11:11:29.941764 #4163] DEBUG -- : base.rb:110:in
>`validate_filter?' Passing based on agent rpcutil
>D, [2012-11-28T11:11:29.941830 #4163] DEBUG -- : base.rb:146:in
>`validate_filter?' Message passed the filter checks
>D, [2012-11-28T11:11:29.941891 #4163] DEBUG -- :
>runnerstats.rb:26:in `passed' Incrementing passed stat
>D, [2012-11-28T11:11:29.941957 #4163] DEBUG -- : runner.rb:77:in
>`agentmsg' Handling message for agent 'rpcutil' on collective
>'mcollective'
>D, [2012-11-28T11:11:29.942024 #4163] DEBUG -- : agents.rb:130:in
>`dispatch' Dispatching a message to agent rpcutil
>D, [2012-11-28T11:11:29.942270 #4163] DEBUG -- :
>pluginmanager.rb:88:in `[]' Returning new plugin rpcutil_agent with
>class MCollective::Agent::Rpcutil
>D, [2012-11-28T11:11:29.942350 #4163] DEBUG -- : stomp.rb:191:in
>`receive' Waiting for a message from Stomp
>D, [2012-11-28T11:11:29.943153 #4163] DEBUG -- : ddl.rb:59:in
>`findddlfile' Found rpcutil ddl at
>/usr/libexec/mcollective/mcollective/agent/rpcutil.ddl
>D, [2012-11-28T11:11:29.944047 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin facts_plugin
>with class MCollective::Facts::Yaml_facts
>D, [2012-11-28T11:11:29.944158 #4163] DEBUG -- : base.rb:30:in
>`get_fact' Resetting facter cache, now: 1354097489 last-known-good:
>1354096351
>D, [2012-11-28T11:11:29.944468 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:29.944573 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>with class MCollective::Security::Psk
>D, [2012-11-28T11:11:29.944686 #4163] DEBUG -- : base.rb:161:in
>`create_reply' Encoded a message for request
>814b95d5904181f362254e794b0b7014
>D, [2012-11-28T11:11:29.944861 #4163] DEBUG -- :
>pluginmanager.rb:83:in `[]' Returning cached plugin
>connector_plugin with class MCollective::Connector::Stomp
>D, [2012-11-28T11:11:29.944972 #4163] DEBUG -- : stomp.rb:224:in
>`publish' Sending a broadcast message to STOMP target
>'/topic/mcollective.rpcutil.reply'
>D, [2012-11-28T11:11:29.945171 #4163] DEBUG -- :
>runnerstats.rb:56:in `sent' Incrementing replies stat
>
>
>
>
>
>
>------
>Attention, changement d'adresse et de numéro de téléphone !
>Julien GARET
>DSI / SESI
>Bureau B201
>Inria Lille-Nord Europe
>Bâtiment B, 6 rue Heloise
>59650 Villeneuve d'Ascq
>téléphone: 03.59.35.86.86
>portable: 06.79.88.10.47

>_______________________________________________
>dev mailing list
>dev lists openshift redhat com
>http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]