[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: update to enterprise





De: "Brenton Leanhardt" <bleanhar redhat com>
À: "Julien Garet" <julien garet inria fr>
Cc: dev lists openshift redhat com
Envoyé: Mercredi 28 Novembre 2012 14:49:28
Objet: Re: update to enterprise

+++ Julien Garet [28/11/12 14:42 +0100]:
>----- Mail original -----
>
>> De: "Brenton Leanhardt" <bleanhar redhat com>
>> À: "Julien Garet" <julien garet inria fr>
>> Cc: dev lists openshift redhat com
>> Envoyé: Mercredi 28 Novembre 2012 14:21:02
>> Objet: Re: update to enterprise
>
>> +++ Julien Garet [28/11/12 11:34 +0100]:
>> >Hello,
>> >
>> >
>> >I've updated my openshift origin installation to the version refered
>> >in the Build Your Own PaaS on RHEL 6 (packages from here
>> >https://mirror.openshift.com/pub/origin-server/nightly/enterprise/2012-11-15/)
>> >It seems i have problems with communication between my broker and my
>> >node (separate). I have no firewall and selinux is in permissive
>> >mode.
>> >
>> >
>> >Any advice on what could be misconfigured (I must have missed a
>> >point in the docs) ?
>
>> I would try running the following:
>
>> # mco ping
>
>> This should return your node. If it doesn't I would verify that
>> ActiveMQ is setup and working correctly and that the mcollective
>> service is running on your nodes.
>mco ping works
>> # mco inventory your.node.com
>
>> This should return some facts about your node.
>It works well now, I forgot to install the openshift-origin-msg-node-mcollective package, so I did not have the cart_list fact...
>> I would then make sure that /etc/openshift/node.conf looks correct on
>> your nodes. Likewise for /etc/openshift/broker.conf on the broker.
>These files seem correct, I ran checks (discovered those scripts on the wiki and they are very useful) :
>
>[root broker ~]# oo-accept-broker
>FAIL: service iptables not running

You technically don't need this running but unless this is only a
testing environment I would recommend running a firewall and only
opening the needed ports:

22
443
80
53 (if you happen to be running a DNS server)

>
>1 ERRORS
>
>[root node1 policy]# oo-accept-node
>FAIL: selinux origin policy is not loaded
>1 ERRORS
>
>Are these services mandatory ? Do I really need selinux enforced on the node ? I now have another issue... still with the node I think, the client returns : Node execution failure (invalid exit code from node). If the problem persists please contact Red Hat support.
>What I see from the logs on the node is :

You can technically put SELinux into permissive mode but you must at
least have the correct policy loaded.  If you have special needs with
your applications you can always write a custom SELinux module.
audit2allow is a good place to start if you pipe in the output of
/var/log/audit/audit.log.

>
>Initialized empty Git repository in /var/lib/openshift/3ebe7f53e43b418fbafa88deb35ee243/git/trackstest.git/
>/var/lib/openshift/3ebe7f53e43b418fbafa88deb35ee243/git/trackstest.git /tmp
>/tmp
>runcon: invalid context: system_u:system_r:openshift_t:s0:c0,c500: Invalid argument
>Failed to start ruby-1.8
>
>So, it seems selinux is mandatory, but when I try to configure it (https://openshift.redhat.com/community/wiki/build-your-own#Configuring_SELinux_2), i get :
>
>setsebool -P httpd_unified=on httpd_can_network_connect=on httpd_can_network_relay=on httpd_read_user_content=on httpd_enable_homedirs=on httpd_run_stickshift=on allow_polyinstantiation=on
>libsemanage.dbase_llist_set: record not found in the database (No such file or directory).
>libsemanage.dbase_llist_set: could not set record value (No such file or directory).
>Could not change boolean httpd_run_stickshift
>Could not change policy booleans
>
>Is there another package I forgot to install ? I am not used to selinux.

What version of the selinux-policy package do you have installed?

You want to have the following:

https://mirror.openshift.com/pub/origin-server/nightly/enterprise/2012-11-15/Node/x86_64/os/Packages/selinux-policy-3.7.19-155.el6_3.8.noarch.rpm
https://mirror.openshift.com/pub/origin-server/nightly/enterprise/2012-11-15/Node/x86_64/os/Packages/selinux-policy-targeted-3.7.19-155.el6_3.8.noarch.rpm
I have installed these versions. Something I did not tell, and that might be important, is that I am running CentOS 6.3. So I already had this package version from CentOS Update, I replaced the packages with the one from the openshift repo (not sure if they are different or not).

I've passed every setsebool in a single command, all went well but this one :
[root node1 ~]# setsebool -P httpd_run_stickshift=on
libsemanage.dbase_llist_set: record not found in the database
libsemanage.dbase_llist_set: could not set record value
Could not change boolean httpd_run_stickshift
Could not change policy booleans

The versions of selinux I currently have are : 
[root node1 ~]# rpm -qa | grep selinux
libselinux-utils-2.0.94-5.3.el6.x86_64
libselinux-2.0.94-5.3.el6.x86_64
selinux-policy-targeted-3.7.19-155.el6_3.8.noarch
libselinux-python-2.0.94-5.3.el6.x86_64
libselinux-ruby-2.0.94-5.3.el6.x86_64
libselinux-devel-2.0.94-5.3.el6.x86_64
selinux-policy-3.7.19-155.el6_3.8.noarch

Julien
--Brenton

>
>Thanks for your help,
>
>> Let us know if this helps or not.
>
>> --Brenton
>
>> >
>> >
>> >
>> >Here are the logs from the client :
>> >
>> >~$ rhc domain show -d
>> >Password: *************
>> >
>> >
>> >DEBUG: Connecting to
>> >https://broker.openshift.inria.fr/broker/rest/api
>> >DEBUG: Client supports API versions 1.1, 1.2, 1.3
>> >DEBUG: Server supports API versions 1.0, 1.1, 1.2
>> >DEBUG: Getting all domains
>> >DEBUG: Request: #<RestClient::Request:0x00000001bd8ea8
>> >@method="GET", @headers={:accept=>:json, "Authorization"=>"Basic
>> >Z2FyZXQ6aGVmZWthcm9zeUNlIQ==", "User-Agent"=>"rhc/1.1.11 (ruby
>> >1.9.3; x86_64-linux)"},
>> >@url="",
>> >@cookies={}, @payload="", @user=nil, @password=nil, @timeout=nil,
>> >@open_timeout=4, @block_response=nil, @raw_response=false,
>> >@verify_ssl=false, @ssl_client_cert=nil, @ssl_client_key=nil,
>> >@ssl_ca_file=nil, @tf=nil, @max_redirects=10,
>> >@processed_headers={"Accept"=>"application/json",
>> >"Accept-Encoding"=>"gzip, deflate", "Authorization"=>"Basic
>> >Z2FyZXQ6aGVmZWthcm9zeUNlIQ==", "User-Agent"=>"rhc/1.1.11 (ruby
>> >1.9.3; x86_64-linux)", "Content-Length"=>"0",
>> >"Content-Type"=>"application/x-www-form-urlencoded"},
>> >@args={:url="">>> >:method=>"GET", :headers=>{:accept=>:json, "Authorization"=>"Basic
>> >Z2FyZXQ6aGVmZWthcm9zeUNlIQ==", "User-Agent"=>"rhc/1.1.11 (ruby
>> >1.9.3; x86_64-linux)"}, :payload=>{}, :timeout=>nil,
>> >:open_timeout=>4}>
>> >Connection to server timed out. It is possible the operation
>> >finished without being able to report success. Use 'rhc domain
>> >show' or 'rhc app status' to check the status of
>> >your applications.
>> >
>> >
>> >>From the broker :
>> >
>> >
>> >
>> >==> /var/www/openshift/broker/log/production.log <==
>> >
>> >
>> >Started GET "/broker/rest/api" for 193.51.236.13 at Wed Nov 28
>> >11:11:24 +0100 2012
>> >Processing by BaseController#show as JSON
>> >Completed 200 OK in 15ms (Views: 3.5ms)
>> >
>> >
>> >Started GET "/broker/rest/domains" for 193.51.236.13 at Wed Nov 28
>> >11:11:24 +0100 2012
>> >Processing by DomainsController#index as JSON
>> >Completed 500 Internal Server Error in 65154ms
>> >
>> >
>> >
>> >
>> >==> /var/www/openshift/broker/httpd/logs/access_log <==
>> >193.51.236.13 broker.openshift.inria.fr - - [28/Nov/2012:11:11:24
>> >+0100] "GET /broker/rest/api HTTP/1.1" 200 1548 "-" "rhc/1.1.11
>> >(ruby 1.9.3; x86_64-linux)"
>> >193.51.236.13 broker.openshift.inria.fr - garet
>> >[28/Nov/2012:11:11:24 +0100] "GET /broker/rest/domains HTTP/1.1"
>> >500 625 "-" "rhc/1.1.11 (ruby 1.9.3; x86_64-linux)"
>> >
>> >
>> >
>> >
>> >==> /var/www/openshift/broker/httpd/logs/error_log <==
>> >[Wed Nov 28 11:12:30 2012] [error] [client 127.0.0.1] Premature end
>> >of script headers: rest
>> >[ pid=1661 thr=139856507570144 file=ext/apache2/Hooks.cpp:834
>> >time=2012-11-28 11:12:30.15 ]: No data received from the backend
>> >application (process 4634) within 5000 msec. Either the backend
>> >application is frozen, or your TimeOut value of 5 seconds is too
>> >low. Please check whether your application is frozen, or increase
>> >the value of the TimeOut configuration directive.
>> >[ pid=4634 thr=69924097128880 file=utils.rb:176 time=2012-11-28
>> >11:12:30.016 ]: *** Exception OpenShift::NodeException in
>> >application (Node execution failure (error getting result from
>> >node). If the problem persists please contact Red Hat support.)
>> >(process 4634, thread #<Thread:0x7f30f1f0f360>):
>> >from
>> >/usr/lib/ruby/gems/1.8/gems/openshift-origin-msg-broker-mcollective-1.0.2/lib/openshift-origin-msg-broker-mcollective/lib/openshift/mcollective_application_container_proxy.rb:1173:in
>> >`parse_result'
>> >from
>> >/usr/lib/ruby/gems/1.8/gems/openshift-origin-msg-broker-mcollective-1.0.2/lib/openshift-origin-msg-broker-mcollective/lib/openshift/mcollective_application_container_proxy.rb:74:in
>> >`get_available_cartridges'
>> >from
>> >/usr/lib/ruby/gems/1.8/gems/openshift-origin-controller-1.0.7/lib/openshift-origin-controller/app/models/cartridge_cache.rb:23:in
>> >`cartridges'
>> >from
>> >/usr/lib/ruby/gems/1.8/gems/openshift-origin-controller-1.0.7/lib/openshift-origin-controller/app/models/cartridge_cache.rb:12:in
>> >`get_cached'
>> >[...]
>> >
>> >
>> >On the node :
>> >==> /var/log/mcollective/mcollective.log <==
>> >
>> >D, [2012-11-28T11:11:24.933868 #4163] DEBUG -- :
>> >runnerstats.rb:49:in `received' Incrementing total stat
>> >D, [2012-11-28T11:11:24.934309 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:24.934443 #4163] DEBUG -- :
>> >runnerstats.rb:38:in `validated' Incrementing validated stat
>> >D, [2012-11-28T11:11:24.934526 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:24.934630 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:24.934759 #4163] DEBUG -- : base.rb:110:in
>> >`validate_filter?' Passing based on agent rpcutil
>> >D, [2012-11-28T11:11:24.934852 #4163] DEBUG -- : base.rb:146:in
>> >`validate_filter?' Message passed the filter checks
>> >D, [2012-11-28T11:11:24.934925 #4163] DEBUG -- :
>> >runnerstats.rb:26:in `passed' Incrementing passed stat
>> >D, [2012-11-28T11:11:24.934999 #4163] DEBUG -- : runner.rb:77:in
>> >`agentmsg' Handling message for agent 'discovery' on collective
>> >'mcollective'
>> >D, [2012-11-28T11:11:24.935067 #4163] DEBUG -- : agents.rb:130:in
>> >`dispatch' Dispatching a message to agent discovery
>> >D, [2012-11-28T11:11:24.935282 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin discovery_agent
>> >with class MCollective::Agent::Discovery
>> >D, [2012-11-28T11:11:24.935370 #4163] DEBUG -- : stomp.rb:191:in
>> >`receive' Waiting for a message from Stomp
>> >D, [2012-11-28T11:11:24.935627 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:24.935867 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:24.935996 #4163] DEBUG -- : base.rb:161:in
>> >`create_reply' Encoded a message for request
>> >e39b2a383aba27f63ee5db5d34e3fd54
>> >D, [2012-11-28T11:11:24.936181 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin
>> >connector_plugin with class MCollective::Connector::Stomp
>> >D, [2012-11-28T11:11:24.936572 #4163] DEBUG -- : stomp.rb:224:in
>> >`publish' Sending a broadcast message to STOMP target
>> >'/topic/mcollective.discovery.reply'
>> >D, [2012-11-28T11:11:24.936797 #4163] DEBUG -- :
>> >runnerstats.rb:56:in `sent' Incrementing replies stat
>> >D, [2012-11-28T11:11:29.941117 #4163] DEBUG -- :
>> >runnerstats.rb:49:in `received' Incrementing total stat
>> >D, [2012-11-28T11:11:29.941260 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:29.941378 #4163] DEBUG -- :
>> >runnerstats.rb:38:in `validated' Incrementing validated stat
>> >D, [2012-11-28T11:11:29.941460 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:29.941559 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:29.941659 #4163] DEBUG -- : base.rb:135:in
>> >`validate_filter?' Passing based on identity
>> >D, [2012-11-28T11:11:29.941764 #4163] DEBUG -- : base.rb:110:in
>> >`validate_filter?' Passing based on agent rpcutil
>> >D, [2012-11-28T11:11:29.941830 #4163] DEBUG -- : base.rb:146:in
>> >`validate_filter?' Message passed the filter checks
>> >D, [2012-11-28T11:11:29.941891 #4163] DEBUG -- :
>> >runnerstats.rb:26:in `passed' Incrementing passed stat
>> >D, [2012-11-28T11:11:29.941957 #4163] DEBUG -- : runner.rb:77:in
>> >`agentmsg' Handling message for agent 'rpcutil' on collective
>> >'mcollective'
>> >D, [2012-11-28T11:11:29.942024 #4163] DEBUG -- : agents.rb:130:in
>> >`dispatch' Dispatching a message to agent rpcutil
>> >D, [2012-11-28T11:11:29.942270 #4163] DEBUG -- :
>> >pluginmanager.rb:88:in `[]' Returning new plugin rpcutil_agent with
>> >class MCollective::Agent::Rpcutil
>> >D, [2012-11-28T11:11:29.942350 #4163] DEBUG -- : stomp.rb:191:in
>> >`receive' Waiting for a message from Stomp
>> >D, [2012-11-28T11:11:29.943153 #4163] DEBUG -- : ddl.rb:59:in
>> >`findddlfile' Found rpcutil ddl at
>> >/usr/libexec/mcollective/mcollective/agent/rpcutil.ddl
>> >D, [2012-11-28T11:11:29.944047 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin facts_plugin
>> >with class MCollective::Facts::Yaml_facts
>> >D, [2012-11-28T11:11:29.944158 #4163] DEBUG -- : base.rb:30:in
>> >`get_fact' Resetting facter cache, now: 1354097489 last-known-good:
>> >1354096351
>> >D, [2012-11-28T11:11:29.944468 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:29.944573 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin security_plugin
>> >with class MCollective::Security::Psk
>> >D, [2012-11-28T11:11:29.944686 #4163] DEBUG -- : base.rb:161:in
>> >`create_reply' Encoded a message for request
>> >814b95d5904181f362254e794b0b7014
>> >D, [2012-11-28T11:11:29.944861 #4163] DEBUG -- :
>> >pluginmanager.rb:83:in `[]' Returning cached plugin
>> >connector_plugin with class MCollective::Connector::Stomp
>> >D, [2012-11-28T11:11:29.944972 #4163] DEBUG -- : stomp.rb:224:in
>> >`publish' Sending a broadcast message to STOMP target
>> >'/topic/mcollective.rpcutil.reply'
>> >D, [2012-11-28T11:11:29.945171 #4163] DEBUG -- :
>> >runnerstats.rb:56:in `sent' Incrementing replies stat
>> >
>> >
>> >
>> >
>> >
>> >
>> >------
>> >Attention, changement d'adresse et de numéro de téléphone !
>> >Julien GARET
>> >DSI / SESI
>> >Bureau B201
>> >Inria Lille-Nord Europe
>> >Bâtiment B, 6 rue Heloise
>> >59650 Villeneuve d'Ascq
>> >téléphone: 03.59.35.86.86
>> >portable: 06.79.88.10.47
>
>> >_______________________________________________
>> >dev mailing list
>> >dev lists openshift redhat com
>> >http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]